Warren Buffett recently made clear how risk-averse his business is when it comes to cyber insurance. Addressing his annual shareholder meeting, he summarized the state of play like this: “I think anybody that tells you now they think they know in some actuarial way either what [the] general experience is like in the future, or what […]
“Closing the Gaps in Cybersecurity Resilience at U.S. Government Agencies,” a new survey of civilian, defense and intelligence agencies, suggests that the cybersecurity threat landscape is evolving quicker than they can respond.
Two-thirds of federal IT executives say their agency‘s ability to withstand a cyber event, and continue to function, is moderately to highly mature.
Two years ago, a federal government civilian agency had a problem.
Nation state actors were targeting the agency, creating numerous cyber events and breaches every day. The media was all over the story. They faced enormous pressure to change the cybersecurity status quo.
The agency’s cybersecurity team knew that they were in reaction mode. They […]
Cisco has disclosed a critical CVSS 10 vulnerability in ASA that can allow an uncredentialled user to take over the vulnerable device and change access rules. RedSeal has published a custom best practice check for customers to detect vulnerable devices that have the offending service (WebVPN) enabled.
RedSeal Custom Best Practice Check […]
Over the last few decades, many network security architecture products have come to market, all with useful features to help secure networks. If we assume that all of these security products are deployed in operational networks, why do we still see so many leaks and breaches?
Some say the users are not leveraging the full capabilities […]
Recently RedSeal hosted its annual Federal Customer Forum. One of the panels featured a discussion with several luminaries in the federal government cybersecurity ecosystem. The topic: the importance of the integration and automation of cybersecurity operations.
Those present were:
Wayne Lloyd, RedSeal (Moderator) Kevin Phan, Splunk Tim Jones, ForeScout Wade Woolwine, Rapid7 John America, Mystek […]
Watch Video: RedSeal and Hidden Cobra Overview, Use Cases and Demo
On November 17th, the United States Computer Emergency Ready Team (US-CERT), in conjunction with the FBI, released a pair of advisories about the North Korean hacking and espionage campaign code named HIDDEN COBRA. The latest advisories describe two pieces of […]
The Uber hack is a public lesson that a breach may be bad, but a cover-up is worse. (See Nixon, Richard.) It was a foolish mistake to try to hide an attack of this scale, but then, the history of security is a process where we all slowly learn from foolish mistakes. We live in […]
By Richard A. Clarke
This month it is Equifax. Previously it was Yahoo and before that Target. Each new breach seems to set a new record of how many pieces of personal identifiable information have been compromised. It is easy to get inured to these news stories, especially since the media generally does not deduce […]
What is data worth? On the surface, it is just a bunch of 1s and 0s on a hard drive. Most users don’t think about or even fully understand data. Their cell phones work, email is at their fingertips, and a friend is just a video chat away. But, enormous companies are built using […]