In early August, at MeriTalk’s Cyber Security Brainstorm, Paul Beckman, chief information security officer (CISO) at the Department of Homeland Security (DHS), said that his biggest new priorities are:
Increasing use of software-defined networking (SDN) Adopting a zero-trust model Optimizing DHS’ security operations centers (SOC)
He added that the ability to leverage micro segmentation in […]
The drumbeat of media coverage of new breaches continues, but it’s useful sometimes to look back at where we’ve been. Each scary report of so many millions of records lost can be overwhelming. It certainly shows that our network defenses are weak, and that attackers are very effective. This is why digital resilience is key […]
Recently, I was privileged to spend half a day with some of our nation’s finest cyber warriors at a RedSeal workshop. Early in the morning, members of various DoD Cyber Protection Teams (CPTs) gathered around a u-shaped table in Columbia, Maryland.
The workshop showcases how CPTs use RedSeal every day to secure cyber terrain and […]
This year, the big news in government cybersecurity is the DHS CDM DEFEND program and task orders being announced by various federal departments. The DHS CDM DEFEND, which stands for Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense, task orders are awarded under the General Services Administration’s Alliant 1 Unrestricted contract. […]
While the focus on cybersecurity has never been higher, the cybersecurity community – a combined team of solution providers, CISOs, boards and others– haven’t been able to stop most attacks from being successful.
We have focused too much of our efforts on network perimeters, working to detect and prevent cyber attacks. We haven’t […]
In NSA: The Silence of the Zero Days, published in Data Breach Today, Mathew Schwartz discusses hackers’ rapid response to newly discovered flaws and/or exploits.
I was struck by a quote from David Hogue, the head of the NSA’s Cybersecurity Threat Operations Center (NCTOC). “Within 24 hours of a vulnerability or exploit being released, it’s […]
Warren Buffett recently made clear how risk-averse his business is when it comes to cyber insurance. Addressing his annual shareholder meeting, he summarized the state of play like this: “I think anybody that tells you now they think they know in some actuarial way either what [the] general experience is like in the future, or what […]
“Closing the Gaps in Cybersecurity Resilience at U.S. Government Agencies,” a new survey of civilian, defense and intelligence agencies, suggests that the cybersecurity threat landscape is evolving quicker than they can respond.
Two-thirds of federal IT executives say their agency‘s ability to withstand a cyber event, and continue to function, is moderately to highly mature.
Two years ago, a federal government civilian agency had a problem.
Nation state actors were targeting the agency, creating numerous cyber events and breaches every day. The media was all over the story. They faced enormous pressure to change the cybersecurity status quo.
The agency’s cybersecurity team knew that they were in reaction mode. They […]
Cisco has disclosed a critical CVSS 10 vulnerability in ASA that can allow an uncredentialled user to take over the vulnerable device and change access rules. RedSeal has published a custom best practice check for customers to detect vulnerable devices that have the offending service (WebVPN) enabled.
RedSeal Custom Best Practice Check […]