Tag Archive for: Digital Resilience

Perfect Cybersecurity Makes No Business Sense

Forbes | September 21, 2017

By Dr. Mike Lloyd, RedSeal CTO

We’re going through a shift in thinking in cybersecurity. In the old days, we thought one solid line of defense was enough — keep the bad guys out and life would be good. Then we found out that bad guys are wily and would find different ways in. The result was security sprawl: so many technologies, so many ways to defend, but no way to do it all, no way to hire enough experts in all these different techniques.

RedSeal CEO Joins Cheddar TV’s “Closing Bell” to Talk Resilience, WannaCry

Cheddar | May 18, 2017


RedSeal CEO Ray Rothrock joined Cheddar TV’s “Closing Bell” show, where he spoke about resilience, WannaCry and more. Ray’s segment starts at the 1:04:05 mark of the video.

“Prevention has been the strategy of the last 25, 30 years in cybersecurity…You’ve got to have prevention but you need more than that now. Attacks are inside the network – not at the firewall anymore – they are inside. And being inside means you need to know what’s going on inside. You’ve got to know what the network looks like.”

Security vs. Resilience: Know the Difference

TechBeacon | May 5, 2017

By Ray Rothrock, RedSeal Chief Executive Officer

If you really want to know the difference between security and resilience, pour yourself a cup of strong coffee and dig into the all-but-impenetrable PPD-21, Presidential Policy Directive—Critical Infrastructure Security and Resilience. Or just go to the U.S. Department of Homeland Security (DHS) website, which cuts to the chase with a few good examples of each…

Scan these two lists, and you come to an inescapable conclusion: Security and resilience are not synonyms or even second cousins. In fact, security and resilience have remarkably little to do with one another. The measures under the “security” list are about locking up. Those under “resilience” are about standing up. Security is about hunkering down. Resilience is about doing business.

7 Habits of a Resilient Business

Computer Business Review | May 4, 2017

By Ray Rothrock, RedSeal Chief Executive Officer

Here’s the reality: Bad things will happen, and your precautions and defenses will not stop every bad thing. However, this doesn’t mean there’s no hope. It’s quite the opposite, because you have a choice: you can either wish for the best, or decide to be – what the industry is calling: digitally resilient. There is no third alternative. If you choose to face reality and pursue resilience, you need to acquire, cultivate, and hone the seven habits that follow.

RedSeal CEO Ray Rothrock to Lead Cybersecurity Panel at Milken Institute Global Conference

Rothrock and Cybersecurity Experts to Discuss the Value of a Digital Resilience Strategy to Combat Cyber Attacks

WHAT:  The 20th Annual Milken Institute Global Conference convenes more than 4,000 influential leaders from 50 countries, to tackle the world’s most stubborn challenges, including cybercrime. Recent breaches have ranged from corporate theft to hacks allegedly carried out to influence the outcome of elections. A recent study from Cybersecurity Ventures predicts the global cost of cybercrime will grow from $3 trillion in 2015 to $6 trillion by 2021.

In this panel, titled “My Organization Has Been Hacked! Now What?”, cybersecurity experts will explore the value of a digital resilience strategy, and how it plays an important role for companies before and after they encounter a cyber attack. The panelists will address how the private and public sectors can be more effective in combatting hackers across national borders, as well as what companies can do to minimize the damage when a breach does take place.

WHO: The panel will be moderated by Ray Rothrock, Chairman and CEO of RedSeal, who recently discussed the C-Suite’s trouble assessing cyber risk with Jim Cramer on CNBC’s Mad Money. A thought leader in cybersecurity, Rothrock participated in the White House CyberSecurity Summit held at Stanford University in February 2015.


  • Heather Adkins, Director, Information Security and Policy at Google
  • Dmitri Alperovitch, Co-Founder and CTO, CrowdStrike Inc.
  • Daniel Ennis, CEO, DRE Consulting; Exec. Director, Global Cyber Security Initiative, Univ. of Maryland, Former NSA Director, Cyber Threat Operations Center
  • Siobhan MacDermott, SVP Executive, Global Cyber Public Policy, Bank of America; Global Fellow, Geneva Center for Security Policy

WHEN: Monday, May 1, 2017, 10:45 AM-11:45 AM

WHERE: The Beverly Hilton, 9876 Wilshire Boulevard, Beverly Hills, CA 90210

Security Automation: Game Changer to Boost IT Productivity and Network Resilience

INFORMATION AGE | April 19, 2017

By Dr. Mike Lloyd, RedSeal CTO

Pick up a newspaper on any given day in 2017 and you’re likely to read the latest chapter in a long-running story: security professionals versus the hackers. Recent revelations around Russian state-sponsored involvement in the 2013 Yahoo hack, and the WikiLeaks-managed exposure of a trove of CIA-developed exploits, means those hackers could even be government employees.

This is a story without an end – a battle which is just getting started. That’s bad news for IT leaders already stretched to the limit by a lack of human resources in their security departments.

RedSeal Extends Digital Resilience Platform Across Network Environments, Improves Security and Network Teams’ Productivity with New Integrations

Expedites Analysis with Seamless Integration into Network Security Products from Splunk, Rapid7 and ForeScout

 SUNNYVALE, Calif. –  Today RedSeal (www.redseal.net) announced enhancements and new integrations for its market leading network modeling and risk scoring platform. The enhancements will give RedSeal users a single, comprehensive understanding of network security across their datacenter, cloud and software-defined networks.

The enhancements also help security teams be more productive despite ever-increasing demands by delivering actionable intelligence from RedSeal’s network modeling platform directly into Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose vulnerability management software, and ForeScout’s CounterACT.

“Enterprises today have complex network infrastructures with many point product security solutions,” said Ray Rothrock, chairman and CEO of RedSeal. “To improve their resilience in the face of inevitable attacks, they need a holistic view of their network that’s deeply integrated with their current security solutions.”

Platform Enhancements

The digital infrastructures for nearly all Global 2000 companies include on-premise, cloud and virtualized networks. The resulting networks are large, complex, and constantly changing, making a complete and detailed understanding of the current state of a network very difficult. To address this, RedSeal can now model complete networks – including software-defined networks (SDNs) in VMWare NSX and enhanced modeling of Amazon Web Services Virtual Private Clouds (VPCs).

RedSeal provides critical visibility into access controls for these SDN environments, and alerts users to violations of customized policies they’ve established for their organizations.

Expanded Integrations with Splunk, Rapid7 and ForeScout

To streamline security teams’ efforts, and further improve network security, RedSeal now integrates into the user interfaces of Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose vulnerability management software, and ForeScout’s CounterACT.

This improves the efficacy of each of these products, giving their users unprecedented network context within the tools, and in the format, they’re already using. Specifically:

  • Integration with Splunk’s Enterprise Security SIEM accelerates incident response efforts. RedSeal provides the SIEM with critical network context and identifies access paths to and from Indicators of Compromise (IOC) leading to other critical assets.
  • Integration with Rapid7’s Nexpose vulnerability management software identifies gaps in vulnerability scan coverage.
  • Integration with ForeScout’s CounterACT prioritizes hosts in terms of actual risk so appropriate action can be taken.

“Customers tell us that RedSeal’s unique information adds value to a number of their security functions,” said Rothrock. “Now they can get this information without having to open and learn another product. These apps give our customers even more productivity and efficiency, accelerating their ability to identify and respond to problems.”

To learn more, visit RedSeal Integration Apps.

About RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

The Bleed Goes On

Some people are surprised that Heartbleed is still out there, 3 years on, as you can read here. What this illustrates is two important truths of security, depending on whether you see the glass half full or half empty.

One perspective is that, once again, we know what to do, but failed to do it.  Heartbleed is well understood, and directly patchable.  Why haven’t we eradicated this by now? The problem is that the Internet is big. Calling the Internet an “organization” would be a stretch – it’s larger, more diverse, and harder to control than any one organization.  But if you’ve tried to manage vulnerabilities at any normal organization – even a global scale one – you have a pretty good idea how hard it gets to eliminate any one thing. It’s like Zeno’s Paradox – when you try to eradicate any one problem you choose, you can fix half the instances in a short period of time. The trouble is that it takes about that long again to fix the next half of what remains, and that amount again for the half after that. Once you’ve dealt with the easy stuff – well known machines, with well documented purpose, and a friendly owner in IT – it starts to get hard fast, for an array of reasons from the political to the technical.  You can reduce the prevalence of a problem really quickly, but to eradicate it takes near-infinite time.  And the problem, of course, is that attackers will find whatever you miss – they can use automation to track down every defect.  (That’s how researchers found there is still a lot of Heartbleed out there.)  Any one time you miss might open up access to far more important parts of your organization.  It’s a chilling prospect, and it’s fundamental to the unfair fight in security – attackers only need one way in, defenders need to cover all possible paths.

To flip to the positive perspective, perhaps the remaining Heartbleed instances are not important – that is, it’s possible that we prioritized well as a community, and only left the unimportant instances dangling for all this time.  I know first-hand that major banks and critical infrastructure companies scrambled to stamp out Heartbleed from their critical servers as fast as they could – it was impressive.  So perhaps we fixed the most important gaps first, and left until later any assets that are too hard to reach, or better yet, have no useful access to anything else after they are compromised.  This would be great if it were true.  The question is, how would we know?

The answer is obvious – we’d need to assess each instance, in context, to understand which instances must get fixed, and which can be deferred until later, or perhaps until after we move on to the next fire drill, and the fire drill after that. The security game is a never-ending arms race, and so we always have to be responsive and dynamic as the rules of the game change.  So how would we ever know if the stuff we deferred from last quarter’s crises is more important or less important than this quarter’s?  Only automated prioritization of all your defensive gaps can tell you.

What Did Yahoo Know? And When Did They Know It?

SC MAGAZINE | December 16, 2016

Yahoo’s billion-user breach calls the company’s security practices into question.

A second massive and “distinct” Yahoo breach – affecting more than one billion users – that was disclosed Wednesday has raised a number of questions, primarily why the internet company didn’t suss out the intrusion earlier, how to mitigate a troubling pattern of attacks, and what this second disclosure might mean for Verizon’s impending acquisition of Yahoo….

…Those companies with greater visibility into their networks better position themselves “to address the concerns of consumers, business partners and shareholders” after an attack, RedSeal CEO and Chairman Ray Rothrock told SC Media. “Digital resilience – the ability to battle the bad guys when they are inside your network, continue your operations staying in business and protect high value assets like customer data – is the new gold standard,” said Rothrock, adding that “digital resilience scores – similar to credit worthiness scores – [could] provide a benchmark and support a cyberstrategy for improvement.”

RedSeal CEO Survey

CEOs Reveal Cyber Naiveté as Incidents Rise and Losses Mount

Study Commissioned by RedSeal Exposes Significant Disconnect Between CEOs’ Confidence in Defense Strategies and Actual Results, Points to Requirement for Real-Time Measures of Network Security

Download our Executive Summary.

SUNNYVALE, Calif.  –
RedSeal (www.redseal.net), a leader in the cybersecurity analytics market, today released the results of a CEO study, which surveyed perceptions of – and confidence in –  their cybersecurity posture.

The study found that more than 80 percent of CEOs are very confident in their firm’s cybersecurity strategies, despite the fact that security incidents have surged 66 percent year-over-year since 2009 according to PricewaterhouseCoopers’ 2017 Global State of Information Security Survey.

“CEOs are underestimating their companies’ cyber vulnerabilities,” said Ray Rothrock, chairman and CEO of RedSeal. “Their confidence does not square with what we observe. Cyber-attacks are up and financial losses associated with these attacks are increasing dramatically.” Specifically, PricewaterhouseCoopers’ 2015 Global State of Information Security Survey projected that financial losses from cyber-attacks will jump from $500 billion in 2014 to more than $2 trillion in 2018.

Cyber Confidence Based on Out-of-Date Strategies

While CEOs remain confident that their cyber strategies are well equipped to handle the risks facing their company networks, there is a disconnect between their perception and reality. In Oct. 2014, FBI director James B. Comey said that no company is immune from attack. “There are two kinds of big companies in the United States,” he told 60 Minutes. “There are those who’ve been hacked…and those who don’t know they’ve been hacked.”

Yet two years later, the RedSeal study found that half of the CEOs still prioritize keeping hackers out of the network, versus just 24 percent who were concerned with building capabilities to deal with hackers who have successfully breached their network’s perimeter defenses.

“The new cyber battleground is inside the network, not at the perimeter,” said Rothrock. “Firewalls, virus detectors, and malware scans are required to keep out 99 percent of the bad guys, but the one percent who get in can cripple a firm, critical infrastructure or a government agency.”

CEOs Struggle to Assess Their Massive – and Growing – Cybersecurity Investments

The study found that, while 87 percent of CEOs agree that they need a better way to measure the effectiveness of their cybersecurity investments, 84 percent still plan to increase their spending in the next year. A trend reiterated by IDC’s Oct. 2016 prediction that organizations will spend $101.6 billion on cybersecurity software, services, and hardware in 2020, a 38 percent increase from its 2016 spend projections.

“We’ve reached an inflection point where cyber security strategies and investments have underperformed for an extended period of time. Analysts estimate that cyber losses are now growing more than twice as fast as the spend on security,” continued Rothrock. “To stem this tide, CEOs and boards need more effective metrics to understand the real-time health and function of their network, and to more clearly manage and measure their cyber strategies and investments.”

Even though security budgets are at an unprecedented high, nearly three out of four CEOs report the metrics they receive lack meaning or context. Most (79 percent) agree their reports are too difficult to understand, and 87 percent need a better way to measure whether cybersecurity investments are effective. In addition, they cite a lack of timeliness (51 percent) as well as only receiving reports in times of crisis (50 percent) as significant challenges.

Nearly 90 percent of CEOs say they want information – on a daily basis – about their cybersecurity posture and network’s overall health, external threat level, and the resilience of the network.

And while 79 percent of CEOs surveyed strongly agree that cybersecurity is a strategic function that starts with executive leadership versus being a responsibility passed on to the IT team, 89 percent of these same CEOs report reliance on their IT team to make the budget decisions on cybersecurity.

“CEOs project a great level of confidence when asked about their cybersecurity strategies, however their perceptions aren’t in line with reality,” said James Kaplan, partner at McKinsey & Company and co-author of Beyond Cybersecurity: Protecting Your Digital Business. “For years, the IT security industry has operated with the understanding that every organization will suffer a security incident. Given this inevitability, CEOs should be much more focused on building resilience into their businesses so they can maintain operations when the breach occurs.”


This RedSeal study was conducted online via independent data collection firm, 72 Point, in September 2016. 200 chief executive officers in the U.S. were randomly sampled, at organizations with 250 or more employees. 42% of respondents were CEOs of companies with greater than 1,000 employees. The survey reached CEOs across a host of major industries, including technology, finance, manufacturing, government and retail. Respondents were invited to the survey from an invitation-only panel of CEOs. The survey and methodology is MRS compliant. To review an executive summary of the results, visit our website.


About RedSeal

RedSeal puts power in decision makers’ hands with the essential cybersecurity analytics platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can understand the state of their networks, measure resilience, verify compliance, and accelerate incident response. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, Calif. and serves customers globally through a direct sales and channel partner network.

Perfect Cybersecurity Makes No Business Sense