Tag Archive for: Digital Resilience

Digital Resilience: A Better Way to Cybersecurity

CIOReview | September 12, 2016

By Ray Rothrock, CEO, RedSeal

Who says prevention is better than cure? Since the advent of networks and hacking, prevention, coupled with detection, has been the primary cyber strategy to counter cyberattack. But, with the exponential increase in the pace and complexity of digital connections, and sophistication of the attackers, this approach is falling short as the breaches at JP Morgan, IRS, Target and UCLA Health so clearly demonstrated.

RedSeal CEO Ray Rothrock Talks Cybersecurity on Mad Money w/ Jim Cramer

Our CEO Ray Rothrock shared the latest on cybersecurity as a guest on Mad Money with Jim Cramer (CNBC) today, covering a variety of topics – from why perfect firewall management doesn’t provide perfect protection, to the risk of a hacking attack on electrical grids and nuclear power plants.

Credit: CNBC

Some highlights:

Jim: What goes into my digital resilience score?

Ray: There are three things that really matter. First is configuration checks. You’ve got all this equipment—network equipment—it’s probably configured by really good people, but it may not be perfect. We can assign that.

Vulnerabilities—that’s what everyone talks about. Vulnerabilities are interesting but you need to know where it is in the network. Is it reachable for the bad guys on the outside? We can tell you that. So why spend all your time scanning and fixing a computer that’s not reachable? That’d be a waste of your time and money.

And the third thing – and this is what gets the CISOs quite nervous – it’s called the incomplete model.

Learn more about how you can make measure your organization’s digital resilience score by contacting us here.

RedSeal and ForeScout Federal CTOs Explain how They Jointly Map, Identify and Increase the Resilience of Public Sector Networks

Last month, Wallace Sann, the Public Sector CTO for ForeScout, and I sat down to chat about the current state of cybersecurity in the federal government. With ForeScout, government security teams can see devices as they join the network, control them, and orchestrate system-wide responses.

Many of our customers deploy both RedSeal and ForeScout side by side. I wanted to take a look at how government security teams were dealing with ongoing threats and the need to integrate difference cybersecurity tools into the “cyber stack.”

Our conversation is lightly edited for better clarity.

Wayne:  Describe the challenges that ForeScout solves for customers.

Wallace:  We help IT organizations identify IT resources and ensure their security posture. There’s always an “ah-ha moment” that occurs during a proof of concept. We see customers who swear by STIG, and will say they only have two versions of Adobe. We’ll show them that there are 6-7 versions running.  We tell you what’s on the network and classify it.

Wayne:  We often say that RedSeal is analogous to a battlefield map where you have various pieces of data coming in to update the topography map with the current situation. By placing the data into the context of the topography, you can understand where reinforcements are needed, where your critical assets are and more.

RedSeal’s map gives you this contextual information for your entire enterprise network. ForeScout makes the map more accurate, adapting to change in real time. It lets you identify assets in real time and can provide some context around device status at a more granular or tactical level.

Wallace:  Many companies I speak to can create policies on the fly, but ensuring that networks and endpoints are deployed properly and that policies can be enforced is a challenge.

Wayne:  Without a doubt. We were teaching a class for a bunch of IT professionals, telling them that RedSeal can identify routes around firewalls. If the networking team put a route around it, the most effective firewall won’t work. The class laughed. They intentionally routed around firewalls, because performance was too slow.

Endpoint compliance typically poses a huge challenge too. RedSeal can tell you what access a device has, but not necessarily when it comes online. Obviously, that’s one of the reasons we’re partnering with ForeScout.

Wallace:  ForeScout can provide visibility that the device is online and also provide some context around the endpoint. Perhaps RedSeal has a condition that DLP is running on the endpoint. ForeScout could tell you that DLP is not loaded, and therefore no access allowed.

Wayne: Inventory what’s there. Make sure it’s managed. If not managed, you may not know you were attacked and where they came in or went. If you have that inventory, you can prevent or at least respond quicker.

Another important component is assessing risk and knowing what is important to protect. Let’s say we have two hosts of equal value. If Host 1 is compromised, you can’t leapfrog any further. No other systems will be impacted. If Host 2 is compromised, 500 devices can be compromised including two that may have command and control over payroll or some critical systems. Where do you want to put added security and visibility? On the hot spots that open you up to the most risk!  We put things into network context and enable companies to be digitally resilient.

Wallace:  With so many security concerns to address, prioritization is critical.

Wayne:  IoT is obviously a trend that everyone is talking about and is becoming an increasing concern for agency IT Security orgs. How is ForeScout addressing IoT?

Wallace:  ForeScout provides visibility, classification and assessment. If it has an IP address, we can detect it. Classification is where we are getting better. We want to be able to tell you what that device is. Is it a security camera? A printer? A thermostat? We can classify most common devices, but we want to be 75-90% accurate in device classification. The problem is that many new devices are coming out every day. Many you can’t probe traditionally; it could take the device down.  And, you can’t put an agent on it.  So, we’re using other techniques to passively fingerprint a device (via power over Ethernet, deep packet inspection, and more), so we can get to 95% accuracy.

Wayne:  Do you see a lot IoT at customer sites, and are they concerned?

Wallace:  Some don’t realize they have an issue. Many don’t know that IoT devices are on their networks. We are seeing more cases where we are asked to assess IoT environments and address it. Before, we weren’t asked to take action. We used to be asked how many Windows and Mac devices there were. Now, there is a movement by government agencies to put anything with an IP address (the OT side) under the purview of the CISO.

Wayne:  We see a lot of devices – enterprise and consumer – that aren’t coded securely. IoT devices should be isolated, not connected to your mission critical operating environment.

Wallace:  I was curious how RedSeal handles IoT?

Wayne:  If there is vulnerability scan data, it tells us what OS, applications running, active ports, host name, MAC address, etc.  Without that data, we can grab some device data, but with ForeScout, can get more context/additional data about the device. ForeScout can tell you the devices are there. RedSeal can ensure that it’s segmented the way it should be. We can tell you it’s there and how you can get to it, people need to make decisions and act. We show IoT devices as a risk.

Wayne:  What are some of the trends that you are seeing that need to be addressed at customer sites?

Wallace:  From a native cloud perspective, we are working on extending the customer on-premise environment and bringing visibility and control to the cloud.   We are also working on making it easier to get security products to work together.  People don’t have the resources for integration and ongoing management.  We’re working to orchestrate bi-directionally with various toolsets to provide actionable intelligence – advanced threat detection, vulnerability assessment, etc.

We can take intel from other vendors, and ForeScout gives us the who, what, when, where from an endpoint to determine if that device should be on a network.

For example, an ATD vendor can detect malware (find it in their sandbox).  They will hand us an incident of compromise (hash, code, etc.).  We’ll look for those IoCs on devices on the network and then quarantine those devices.

Wayne: Security vendors need to work together.  Customers don’t want to be tied to a single vendor.  Thanks for your time today.


For more information, visit our websites at RedSeal and ForeScout.

Cyber Resilience Protects Medical Data


Health care organizations are becoming resilient in the face of cyber attacks as hackers attempt to access sensitive patient information.

Experts from Zurich North America and RedSeal Inc., a Sunnyvale, California-based cyber security firm, discussed how health care providers, insurers and affiliated companies can bounce back when data breaches are discovered.

RedSeal CEO Ray Rothrock Joins Industry-Leading Panel on Cyber Resilience at Milken Institute Global Conference

WHAT:  The Milken Institute Global Conference convenes 3500 participants who will hear more than 700 speakers in more than 170 sessions over four days — to explore solutions to today’s most pressing challenges in financial markets, industry sectors, health, government and education.

WHY: As the Internet of Things expands and our world becomes more and more connected, the most critical issue facing global businesses is cybersecurity. Breaches are inevitable. An estimated 50 percent of U.S. adults have had their personal information hacked. Over the past year, there has been an increase in attacks against major banking, health care, utility and consumer retail companies. And hackers are finding new opportunities as more consumers use mobile payment platforms. The governments of the U.S. and other nations have been targets.

In this panel entitled “Cyber Resilience: New Line of Defense for Business”, cybersecurity experts will explore ways of safeguarding consumers and better protecting businesses and national security, including the increasingly popular idea of “cyber resilience” — the ability to recover from attacks more quickly and keep losses, both reputational and financial, to a minimum.

WHO:  Moderator: James Kaplan, Partner, McKinsey & Co.


  • Ray Rothrock, CEO, RedSeal
  • Catherine Allen, Chairman and CEO, Santa Fe Group
  • Jonathan Kaltwasser, Deputy Director, Defensive Cyber Operations, Fleet Cyber Command, U.S. Navy
  • Tim Rains, Director, Security, Microsoft Corp.
  • Andrew Rubin, CEO and Co-Founder, Illumio

WHEN: Monday, May 2, 2016, 9:30 a.m. – 10:30 a.m. PT

WHERE: Beverly Hilton, Los Angeles


About RedSeal
RedSeal puts power in decision makers’ hands with the essential cybersecurity analytics platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can understand the state of their networks, measure resilience, verify compliance, and accelerate incident response. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct sales and channel partner network.

Continuous Monitoring + Policy Management Leads to Network Resilience and Successful Command Cyber Readiness Inspections

Over the past few years, DISA has been moving network infrastructure into Joint Regional Security Stacks.

DISA’s website says, “A joint regional security stack is a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management, virtual routing and forwarding (VRF), and provides a host of network security capabilities…security of the network is centralized into regional architectures instead of locally distributed …JRSS allows information traversing DoD networks to be continuously monitored to ensure response time as well as throughput and performance standards. JRSS includes failover, diversity, and elimination of critical failure points as a means to assure timely delivery of critical information.”

RedSeal is the official continuous monitoring solution for the JRSS. We are actively working with our clients to deploy this feature to help them achieve network resilience.

However, many clients don’t realize that combining continuous monitoring with policy management solves another actual problem: preparing for and passing Command Cyber Readiness Inspections (CCRIs).  Teams have to nearly shut down operations for weeks at a time to prepare for these important events. Failure can affect careers.

CCRIs take place on annual cycles and information networks get wildly out of compliance.  To keep networks operationally compliant, RedSeal monitors configurations daily and send alerts when actions have been taken that violate policy.  Plus, RedSeal is the only platform that allows its customers to verify STIG compliance on all of their Layer 2 & 3 devices as part of their continuous monitoring practice. This, in turn, allows for less prep time needed for CCRIs.

At a recent Centcom briefing by RedSeal, a DISA representative noticed that “it would make more sense if you import PPSMs [ports, protocols and services management] into RedSeal.” This would reduce the time to identify new, daily activity that created non-compliant configurations.  A number of RedSeal customers have successfully deployed the combination of PPSM policies with RedSeal’s continuous monitoring capability.  RedSeal automatically conducts scheduled analysis of the platform to check compliance with PPSMs and alerts on any failures, no matter how small.

Customers have found that automated continuous monitoring plus policy management equals network resilience.   CCRIs can now become a byproduct of daily network and security operations.  Successful real time policy management means more successful, less taxing CCRIs and higher network overall resilience.

RedSeal Measure Security

RedSeal Brings Unparalleled Digital Resilience Measures to the Enterprise

RedSeal platform improves risk mitigation and preparedness through faster analysis of cybersecurity incidents

SUNNYVALE, Calif.— February 2, 2016—RedSeal (redseal.net), the cybersecurity analytics company, today announced that it has introduced new incident response, metrics, and increased automation capabilities for its cybersecurity analytics platform. The new features will speed time to finding and solving cybersecurity issues, allowing organizations to better visualize, measure and improve their digital resilience.

As an essential step in building a digitally resilient organization, RedSeal’s cybersecurity analytics platform gives users the most up-to-date model of their entire, as-built network, so that they can visualize access paths and quickly target cybersecurity resources where they will have the biggest impact on their most valuable assets.

RedSeal’s security analytics platform now adds critical network context to incident response efforts. It allows users to analyze the path between the suspicious host and reachable asset, and then drill down to highlight the change required to prevent that access–typically a firewall configuration rule change.

In addition, only RedSeal provides an organization with a critical benchmark to manage cybersecurity through its Digital Resilience Score. An easy to access web dashboard or the new iPhone and Android smartphone application provides a current digital resilience score, based on RedSeal analytics. The smartphone application provides executives with their network’s current score and daily trending information. The RedSeal dashboard provides network managers and CISOs detailed information to understand and remediate security exposures. RedSeal’s Digital Resilience Score has garnered attention from finance firms working to incorporate cybersecurity into M&A valuations, as well as from cybersecurity insurance underwriters seeking actuarial data.

Improved automation, with features including assisted modeling and auto-grouping, will increase user productivity. To extend the benefits of the RedSeal security analytics platform within an organization, RedSeal’s platform now also includes Splunk and FireEye integration. All key functionality is available through industry standard browsers, making analysis simple and quickly understandable.

“Organizations invest huge amounts of time and money trying to stave off the inevitable cyberattack,” said Ray Rothrock, chairman and CEO of RedSeal. “As long as people are involved, either by criminal intent or plain human error, there will be network intrusions and weaknesses. Digital resilience is important because attacks are inevitable and organizations must be prepared to thrive in their wake. Being able to measure your digital resilience and respond quickly to incidents can mean the difference between a minor setback versus a total meltdown.”

About RedSeal (redseal.net)

RedSeal is an essential step in building digitally resilient organizations people can trust. RedSeal’s security analytics platform builds an accurate, up-to-date model of an organization’s entire, as-built network to visualize access paths, prioritize what to fix, and target existing cybersecurity resources on the most valuable assets. With RedSeal’s Digital Resilience Score, decision makers can see the security status and benchmark progress toward digital resilience in the inevitable attack. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers in North America, Europe and Asia.

RedSeal and the RedSeal logo are trademarks of RedSeal, Inc. All other names and trademarks are the property of their respective owners.