CyberScoop Radio | June 17, 2019
Government Security News | April 4, 2019
By RedSeal Federal CTO Wayne Lloyd
Have you seen CrowdStrike’s “Global Threat Report: Adversary Tradecraft and The Importance of Speed”?
Just released at RSA Conference 2019 this year, the key takeaway is that nation states and criminal organizations are increasing both the speed and sophistication of their cyber tactics. This isn’t a surprise, but the report presents more detail on just how little time we have.
CrowdStrike defines “breakout time” as “the window of time from when an adversary first compromises an endpoint machine, to when they begin moving laterally across your network.”
The report shows a more granular examination of breakout time by clocking the increasing average speed of major nation state actors, including the breakout speeds of Russia, China, North Korea, Iran, and others.
So what can you do?
According to the report, basic hygiene is still the most important first step in defending against these adversaries — including user awareness, vulnerability and patch management and multi-factor authentication.
The CrowdStrike report continues:
With breakout time measured in hours, CrowdStrike recommends that organizations pursue the ‘1-10-60 rule’ in order to effectively combat sophisticated cyberthreats:
- Detect intrusions in under one minute
- Perform a full investigation in under 10 minutes
- Eradicate the adversary from the environment in under 60 minutes
Organizations that meet this 1-10-60 benchmark are much more likely to eradicate the adversary before the attack spreads out from its initial entry point, minimizing impact and further escalation. Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action.
RedSeal and the 1-10-60 Benchmark
A RedSeal model of your network – across on-premise, cloud and virtual environments — gives you the detail you need to quickly accelerate network incident investigation. You’ll be able to quickly locate a compromised device, determine which assets bad actors can reach from there – and get information to stop them. Since RedSeal’s model includes all possible access paths, you’ll see specific paths the network attacker could take to valuable assets. And, you’ll get specific containment options so you can decide what action to take — from increasing monitoring, to placing honey pots, to changing firewall rules, to simply unplugging the device — decreasing your network incident response time.
Network security incident response that used to take hours, if not days, to determine becomes available immediately.
Click here to learn more about RedSeal’s support of incident response teams and how it will improve your agency’s digital resilience.
Nexgov | March 8, 2019
By RedSeal Federal CTO Wayne Lloyd
During the recent State of the Union address, President Trump spoke of many threats that face our nation, however, he missed a big one. Cyberattacks from China, Russia, Iran, other nation-state actors and cyber criminals alike are on the rise and have the potential to impact industry, our economy and the government functions many rely on. Cybersecurity is a growing part of our national security and the federal government must take steps to improve our preparedness and response times.
Cyber Defense Magazine | March 4, 2019
Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine, has named RedSeal as the winner in both Cutting Edge, Compliance and Leading Edge, Network Security and Management at their Infosec Awards for 2019.
The publication made their selections from over 3,000 companies who create and offer the most respected InfoSec products and services.
By Aaron Gosney, RedSeal Senior Sales Engineer and Dave Lundgren, RedSeal DOD Technical Account Manager
To help Cyber Protection Teams (CPTs) understand how RedSeal helps them secure cyber terrain, we’ve developed a hands-on scenario-based workshop. We’ve held this workshop for different parts of the DOD, and, more recently for federal civilian cyber operators at CyberScoop’s DC Cyber Week.
While lots of people talk about incident response and investigation, it’s always more effective to show how important RedSeal and digital resilience can be. We use a scenario to teach CPTs that there is a faster way, even if they don’t know that it’s possible. In fact, many attendees don’t know much about RedSeal. Even those who are aware of RedSeal typically have a limited idea of what the platform can do.
Before the workshop starts, we put a laptop in front of every participant and tell them what they’re going to experience. Attendees are excited to “drive” RedSeal in a real-world environment and avoid a dry lecture. This hands-on, non-formal format is popular and effective. It creates lots of interactive moments and good conversations among the attendees.
RedSeal in the Real World
The workshop’s mission concept is to assess, correct, and maintain the overall cybersecurity of a location that will be used by leaders of many countries gathered for sensitive discussions and negotiations.
Attendees are asked to imagine that they’re part of a team has been sent to this remote location. They’ll have to evaluate cloud, traditional, IOT, and IIOT networks. We guide each person through the process of analyzing network access and vulnerability exposure across the network, prioritizing remediation efforts, and verifying that the network is secure.
RedSeal for Network Mapping and Automation
We show attendees how, in a matter of hours, RedSeal can collect and analyze all the network and vulnerability information to create actionable intelligence. They see that attempting this process manually would be impossible given the time constraints. It would take years to manually review the millions of lines of text in the combined config files of an entire enterprise network. RedSeal automates this process and generates accurate, up-to-date network context that is essential to an effective cybersecurity program.
We also show them that RedSeal’s network topology map is not static but can be moved around and adjusted. Attendees organize all the network information into an easy and clear graphic representation of the devices and how they connect with each other. Then they can query for potential network access or vulnerability exposure.
The workshop generates a lot of discussion. We are asked for deeper information about deploying RedSeal at scale in an enterprise and for more information on our integrations with products from vendors such as Cisco, Tenable, Splunk, and ForeScout.
We get great feedback from workshop attendees. One said, “this is one of the most realistic scenarios I’ve seen in a cybersecurity workshop.” Another said, “I wish more vendors would do events like this.” And, a cyber analyst said, “Wow. This helped me to understand how powerful RedSeal is.”
We will continue to refine the workshop so that it continues to engage people and demonstrate what is possible with RedSeal.
Government Technology Insider | January 19, 2019
The cybersecurity industry is not generally known for the quality of its metrics. In a field where the absence of something happening is the best possible result, it’s been hard to find a meaningful way to communicate how prepared an organization is to withstand a cyber attack, or even to tell if a cyber team is getting better at what it does.
Government Technology Insider | January 16, 2019
Cybersecurity experts often like to tell the federal government what it needs to be doing better to deliver on the mission. But how often do they listen to federal government cyber teams to find out what their principal challenges are? And, moreover, how often is that insight collated, analyzed, and shared across civilian and military agencies?
Government Technology Insider | January 2, 2019
With Wayne Lloyd, RedSeal Federal CTO
As anyone who works in any government IT field can tell you one of the greatest frustrations they face is integrating their many products. Regardless of whether an agency has begun its migration to the cloud or is just operating data centers, silos undermine the potential of technology and can even compromise an agency’s ability to meet its mission.
The Washington Post | December 13, 2018
With Kimberly Baker, RedSeal Senior Vice President and GM Public Sector
As the U.S. military tries to ensure its military assets are as secure as possible against cyberattack, the U.S. defense industry is gathering behind a new set of standards to spot cybersecurity laggards within its own supply chain.
The Aerospace Industries Association (AIA), an Arlington-based trade association that lobbies on behalf of defense contractors, on Tuesday released a set of voluntary standards designed to help U.S. aerospace companies ensure the weapons systems they make for the U.S. military are secure from hackers.