First, it’s good you have a plan to begin with. But have you tested it?
That is, have you gathered all your stakeholders, from the C-suite to the trenches, and run through your plan? And testing it once is not good enough. Your teams and networks are constantly changing, so your plan should evolve as well with time.
When an incident occurs, that is not the time to find out if your plan works. Testing turns up simple things, like having the ability to use outside communication mechanisms. If your system gets locked down by ransomware there is a good chance your address book in Outlook will be inaccessible.
Part of testing is also getting to know your network by modeling it and examining how it’s all connected. Having a continuously updated model of your network greatly speeds up your response time.
The Pentagon’s abandonment of the Joint Enterprise Defense Infrastructure, or JEDI, contract was an anticlimactic demise for the once visionary single-cloud network.
…the protracted legal battle pushed JEDI past viability. While the cloud titans fought for their slice of the pie, other actors within the federal government, most significantly the intelligence community, transitioned to a multi-cloud network. As a result, the decision to retire JEDI is best seen as an inevitable step toward DOD’s multi-vendor destiny.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-07-21 14:21:132021-07-21 14:23:26DOD’s Forecast Post-JEDI: Multi-Cloud with a Chance of Peril
RedSeal’s Chief Technology Officer Dr. Mike Lloyd was named a Gold Globee winner for Chief Technology Officer of the Year, Security Hybrid in the 16th Annual 2021 IT World Awards honoring achievements and recognitions in the information technology and cyber security industries worldwide.
More than 65 judges from around the world representing a wide spectrum of industry experts participated in the judging process. The IT World Awards are open to all Information Technology and Cyber Security organizations from all over the world and their end-users of products and services.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-06-15 17:15:012021-06-15 21:51:42Dr. Mike Lloyd Named a Gold Globee Chief Technology Officer of the Year
Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?
…This east-west traffic in local areas is the bane of the security professional. It makes the network harder to manage as it sprawls outwards, often in the uncontrolled IT equivalent of a shanty town. This, in turn, created the ecosystem in which security threats evolved, moving from viruses spread by floppy disks to those that spread directly over the network, and their descendants we see to this day, such as ransomware spreaders that can take over oil pipelines.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-06-09 08:49:402021-06-09 08:50:02Security Think Tank: Printer risks go deep into IT history
President Joe Biden’s cybersecurity executive order will boost the federal government’s reliance on cloud services and information sharing, experts told us. The EO directs federal civilian agencies to “accelerate movement to secure cloud services,” including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS).
“That’s really the best way for the government” to secure data, said RedSeal Federal Chief Technology Officer Wayne Lloyd. He expects the EO to drag agencies “kicking and screaming” into the cloud: “It’s something that’s long overdue,” from which the commercial sector has long seen the benefits.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-05-31 10:58:482021-05-31 10:58:48EO Gives Momentum to Federal Cloud Movement
If we have learned anything from the COVID-19 pandemic, it is that very bad things can happen very quickly, especially if we are not sufficiently prepared. It turns out that everything we have been told about the pandemic is also relevant for cybersecurity; as such, the pandemic is an exceptional learning tool for cyber professionals.
Cyberattacks are like biological viruses in several ways: they can spread incredibly fast, their consequences can wreak huge economic damage, and the destruction they cause can be very difficult from which to recover. Viruses spread through human social networks and cyber-attacks exploit our online networks of trust.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-05-25 14:15:392021-05-25 14:15:39Seven Cybersecurity Lessons the Coronavirus Can Teach the Armed Forces (and Us All)
Typical hybrid cloud IT integration strategies have fundamental design flaws that CIOs and CISOs need to address if they’re going to avert another attack on the scale of SolarWinds.
…any network mapping platform needs to excel at visualization and provide insightful analysis at a graphical level to identify potential security anomalies and actual breach activity. Useful in understanding this is the following example of how RedSeal’s cyber risk modeling software for hybrid cloud environments works.
10. Be especially careful with your money accounts.
Take extra trouble over your money accounts. Treat them as different from all your others. Don’t reuse passwords for financial accounts—ever. Ask anyone who has your money about “two-factor authentication,” and if they don’t offer it, move your account. If possible, push for two-factor that doesn’t depend on text messages (SMS)—it’s too easy to hack. – Mike Lloyd, RedSeal CTO
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-05-18 19:30:342021-05-18 19:30:3411 Tech Experts Share Smart Steps For Protecting Your Personal Information Online
“The President’s new infrastructure plan must incorporate cybersecurity or the new ports, electrical grids and rail systems it proposes will become a bonanza for hackers looking to exploit supply chains along with critical infrastructure,” said Wayne Lloyd, CTO of Federal at RedSeal.
“We live in a digitized world, and the facilities that would be constructed will add to the complexity of the critical infrastructure networks and further expose unintended access points,” Lloyd said. “These networks are increasingly exceeding the ability of humans to fully account for, making it essential that the White House secures the infrastructure by mandating compliance with existing NIST frameworks for the IT & OT systems and funding for technologies that can help automate and monitor the state of compliance for things such as network segmentation, or we’re going to experience another breach on the scale of SolarWinds.”
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-05-11 14:44:512021-05-11 14:45:27After pipeline attack, former DHS cyber leader says ‘stop with the half measures’; security pros urge action in infrastructure bill
Let’s analyze security and defense over the ages through a Covid lens.
From ancient Jericho through to medieval Constantinople, people built walls around cities as a main method of defense for around 10,000 years. But we don’t live in walled cities any more – why not? That’s a really big change, and it deserves an explanation.
Our companies aren’t walled cities, but they certainly had a strong tradition of being centralized and walled off. A year ago, we suddenly found that we couldn’t do that any longer. I’ve spoken to many managers who were frankly surprised at how well it has worked to abruptly change the paradigm, and let people work out in the community, away from the supervisor’s beady eye, and outside the protective walls of the building or the network.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2021-04-27 18:02:152021-04-27 18:02:15Why don’t we live in walled cities anymore?
Test Drive RedSeal Stratus—the worlds's most accurate and actionable access and exposure CSPM tool -Sign Up
Behind the Firewall: 5 security leaders share incident response plans
/by Keith DoCybersecurity Dive | July 30, 2021
First, it’s good you have a plan to begin with. But have you tested it?
That is, have you gathered all your stakeholders, from the C-suite to the trenches, and run through your plan? And testing it once is not good enough. Your teams and networks are constantly changing, so your plan should evolve as well with time.
When an incident occurs, that is not the time to find out if your plan works. Testing turns up simple things, like having the ability to use outside communication mechanisms. If your system gets locked down by ransomware there is a good chance your address book in Outlook will be inaccessible.
Part of testing is also getting to know your network by modeling it and examining how it’s all connected. Having a continuously updated model of your network greatly speeds up your response time.
DOD’s Forecast Post-JEDI: Multi-Cloud with a Chance of Peril
/by Keith DoNexGov | July 20, 2021
The Pentagon’s abandonment of the Joint Enterprise Defense Infrastructure, or JEDI, contract was an anticlimactic demise for the once visionary single-cloud network.
…the protracted legal battle pushed JEDI past viability. While the cloud titans fought for their slice of the pie, other actors within the federal government, most significantly the intelligence community, transitioned to a multi-cloud network. As a result, the decision to retire JEDI is best seen as an inevitable step toward DOD’s multi-vendor destiny.
Dr. Mike Lloyd Named a Gold Globee Chief Technology Officer of the Year
/by Keith DoIT World Awards | June 15, 2021
RedSeal’s Chief Technology Officer Dr. Mike Lloyd was named a Gold Globee winner for Chief Technology Officer of the Year, Security Hybrid in the 16th Annual 2021 IT World Awards honoring achievements and recognitions in the information technology and cyber security industries worldwide.
More than 65 judges from around the world representing a wide spectrum of industry experts participated in the judging process. The IT World Awards are open to all Information Technology and Cyber Security organizations from all over the world and their end-users of products and services.
Security Think Tank: Printer risks go deep into IT history
/by Keith DoComputer Weekly | June 9, 2021
Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?
…This east-west traffic in local areas is the bane of the security professional. It makes the network harder to manage as it sprawls outwards, often in the uncontrolled IT equivalent of a shanty town. This, in turn, created the ecosystem in which security threats evolved, moving from viruses spread by floppy disks to those that spread directly over the network, and their descendants we see to this day, such as ransomware spreaders that can take over oil pipelines.
EO Gives Momentum to Federal Cloud Movement
/by Keith DoCommunications Daily | May 27, 2021
President Joe Biden’s cybersecurity executive order will boost the federal government’s reliance on cloud services and information sharing, experts told us. The EO directs federal civilian agencies to “accelerate movement to secure cloud services,” including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS).
“That’s really the best way for the government” to secure data, said RedSeal Federal Chief Technology Officer Wayne Lloyd. He expects the EO to drag agencies “kicking and screaming” into the cloud: “It’s something that’s long overdue,” from which the commercial sector has long seen the benefits.
Seven Cybersecurity Lessons the Coronavirus Can Teach the Armed Forces (and Us All)
/by Keith DoCyber Defense Review | May 21, 2021
If we have learned anything from the COVID-19 pandemic, it is that very bad things can happen very quickly, especially if we are not sufficiently prepared. It turns out that everything we have been told about the pandemic is also relevant for cybersecurity; as such, the pandemic is an exceptional learning tool for cyber professionals.
Cyberattacks are like biological viruses in several ways: they can spread incredibly fast, their consequences can wreak huge economic damage, and the destruction they cause can be very difficult from which to recover. Viruses spread through human social networks and cyber-attacks exploit our online networks of trust.
AI, cyber terrain analytics improve hybrid multicloud security
/by Keith DoVenturebBeat | May 21, 2021
…any network mapping platform needs to excel at visualization and provide insightful analysis at a graphical level to identify potential security anomalies and actual breach activity. Useful in understanding this is the following example of how RedSeal’s cyber risk modeling software for hybrid cloud environments works.
11 Tech Experts Share Smart Steps For Protecting Your Personal Information Online
/by Keith DoForbes | May 18, 2021
10. Be especially careful with your money accounts.
Take extra trouble over your money accounts. Treat them as different from all your others. Don’t reuse passwords for financial accounts—ever. Ask anyone who has your money about “two-factor authentication,” and if they don’t offer it, move your account. If possible, push for two-factor that doesn’t depend on text messages (SMS)—it’s too easy to hack. – Mike Lloyd, RedSeal CTO
After pipeline attack, former DHS cyber leader says ‘stop with the half measures’; security pros urge action in infrastructure bill
/by Keith DoInside Cybersecurity | May 11, 2021
“The President’s new infrastructure plan must incorporate cybersecurity or the new ports, electrical grids and rail systems it proposes will become a bonanza for hackers looking to exploit supply chains along with critical infrastructure,” said Wayne Lloyd, CTO of Federal at RedSeal.
“We live in a digitized world, and the facilities that would be constructed will add to the complexity of the critical infrastructure networks and further expose unintended access points,” Lloyd said. “These networks are increasingly exceeding the ability of humans to fully account for, making it essential that the White House secures the infrastructure by mandating compliance with existing NIST frameworks for the IT & OT systems and funding for technologies that can help automate and monitor the state of compliance for things such as network segmentation, or we’re going to experience another breach on the scale of SolarWinds.”
Why don’t we live in walled cities anymore?
/by Keith DoIT Pro Portal | April 27, 2021
Let’s analyze security and defense over the ages through a Covid lens.
From ancient Jericho through to medieval Constantinople, people built walls around cities as a main method of defense for around 10,000 years. But we don’t live in walled cities any more – why not? That’s a really big change, and it deserves an explanation.
Our companies aren’t walled cities, but they certainly had a strong tradition of being centralized and walled off. A year ago, we suddenly found that we couldn’t do that any longer. I’ve spoken to many managers who were frankly surprised at how well it has worked to abruptly change the paradigm, and let people work out in the community, away from the supervisor’s beady eye, and outside the protective walls of the building or the network.