What is Defend Forward?
The DoD’s Defend Forward operational concept has been rolling out over the past few years. Policy makers and cyber defenders in government realized that, as the situation in Afghanistan led directly to the rise of Al-Qaeda and the 9-11 attacks, the situation in cyberspace was going to lead to crippling […]
I’ve been in cybersecurity for 19 years and love the field. It’s technically a very challenging problem to solve and the stakes are extremely high. Those of us in this field are defending the foundation of the information age. We are protecting the money in people’s bank accounts, their personal privacy and dignity, and even […]
RedSeal Cyber Threat Series
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) have a known vulnerability – CVE-2020-3452. This security vulnerability can allow an unauthenticated attacker to remotely conduct a directory traversal attack as well as read sensitive files on a targeted system.
Exploiting this vulnerability, the attacker can view files […]
Cybersecurity Maturity Model Certification (CMMC) is a tiered system in which defense contractors—or any organization holding Controlled Unclassified Information (CUI) must be vetted by a third-party assessor on a five-level scale to determine the maturity of their enterprise security. This requires companies that do business with the Department of Defense to protect their data since […]
Working on a Red Team is frustrating. I know, I was on one.
Red Teams work hard penetrating systems, gathering data and presenting findings to senior management only to get strongly dismissive responses- “So what?” This is frequently followed by an order to not to share detailed information with the Defensive Cyber Operations (DCO) teams […]
American democracy is resilient. From its rebuilding after our civil war to recovering from the Great Depression, America has been able to overcome the largest of obstacles. However, 2020 gives us unprecedented challenges that will test this resilience. Central to our country’s recovery from this pandemic will be ensuring the foundation of our democracy remains […]
How often have you made a network change that didn’t work the way you expected or even created a new issue? The list of configuration changes needed to build, maintain, and secure a network is daunting. It’s all too easy to act without thoroughly thinking through and considering the impact on the whole network. Initially […]
As I write this, our society is amid an economic collapse and social closure the likes of which no one in our lifetime has ever seen. People everywhere are trying to create some kind of certainty so that they can plan their future, get back to their “day job” and feel safe while resuming a […]
In my last article, I discussed the importance of walking the terrain, or knowing your network. I suggested beginning at the at high level: identify your sites, then group your assets by site or facility. This is a great place to start understanding your network because network controls tend to be fairly static. However, discovering […]
You’ve been asked to defend your organization from a myriad of threats: state sponsored attacks, cyber criminals, insiders. But where do you start?
Many years ago, as a young Marine lieutenant I learned that the first step to establishing a defense is to understand what you’re defending. You must know the terrain. Walk the terrain. Understand the key parts […]