Posts

Zero Trust Is Here to Stay, So How Can I Prepare My Network?

Whether you agree or not with the concept–zero trust architecture is here for the foreseeable future.

Unless your organization is cloud-native, you are going to have to prepare to implement zero trust on your existing enterprise. If you are the one responsible for deploying and maintaining networks for the Federal government, zero trust is most likely at the top of your to-do list.

The President’s latest executive order, dated May 12, 2021, compels Federal agencies to move to zero trust architectures and adoption of cloud services. This is meant to modernize departmental and agency IT infrastructures, and the security technologies that protect them. However, Federal agencies are not cloud-native companies. Most have large on-premise networks that will need to have their networks inventoried, along with all their applications and services identified, prior to implementing zero trust. Like any good implementation strategy, you are going to have to plan.

Zero trust is not a destination, but a continuous journey that is going to require rigorous configuration management and continuous monitoring.  RedSeal is not a magic zero trust platform, but it can help you on your journey to prepare and maintain specific aspects.

One major step of this journey is just understanding what you have (network devices, mobile, desktops, IOT, etc.) and how your data moves through the network, as well as existing segmentation policies to comply with standards and regulations. One of the first steps in this journey will require enumeration of all the possible pathways, from every source to every destination, and you will have the challenge of also having to account for NAT IP address, along with load balancers. That is a daunting task by itself.

This is where the power of RedSeal’s Netmap analysis comes in. RedSeal automatically calculates every possible path through the network accounting for the effect of NATs and load balancing. Then you can ask RedSeal to show you these pathways to determine if they are approved and needed for business and mission success.

A side benefit of this analysis is RedSeal creates an inventory of all your network gear and IP space, as well as your cloud and software defined network (SDN) assets.  You cannot secure it if you do not know about it, and the output of RedSeal gives you a great start on understanding what you have.  Remember, with zero trust you are going to have to identify not only who, but what can, or should have access, so an inventory is an absolute must have.

As you move along this journey, and if your journey takes some, or most of your assets to the cloud, you can test the network segmentation of your cloud configuration in RedSeal before you deploy to the cloud to verify it is configured securely. Finally, RedSeal can continuously monitor your network segmentation and micro segmentation policies to make sure they stay compliant with your zero-trust architecture goals.

If you’d like to learn more about securing both your cloud and on-premise networks, visit our Cloud Security page.

We’ve also partnered with MeriTalk on a new infographic report on “Braving the Cloud Storm” – a look at how agencies are addressing cybersecurity across a multitude of clouds and on-premise environments.

EO Gives Momentum to Federal Cloud Movement

Communications Daily | May 27, 2021

President Joe Biden’s cybersecurity executive order will boost the federal government’s reliance on cloud services and information sharing, experts told us. The EO directs federal civilian agencies to “accelerate movement to secure cloud services,” including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS).

“That’s really the best way for the government” to secure data, said RedSeal Federal Chief Technology Officer Wayne Lloyd. He expects the EO to drag agencies “kicking and screaming” into the cloud: “It’s something that’s long overdue,” from which the commercial sector has long seen the benefits.

What You Need to Know About CMMC Certification

MSSP Alert | April 15, 2021

As the Cybersecurity Maturity Model Certification (CMMC) nears full implementation, affected organizations are scurrying to ensure they’ll pass the certification process.

The goal is simple: organizations must meet minimum cybersecurity standards, and in doing so, they do their part to improve national security. The stakes are extraordinarily high for the estimated 300,000 defense industrial base (DIB) organizations which will soon need to be certified to one of the five CMMC levels to be eligible to be awarded a federal contract. Simply stated: no certification, no contract. From the perspective of the U.S. Government and the Department of Defense, the stakes have always been high since the DIB plays such a critical role in the defense of our nation. The only way to ensure the protection of our data and the integrity of the supply chain is to hold industry to a higher standard.

What You Need to Know About CMMC Certification

Supply Chain Brain | October 7, 2020

As the Cybersecurity Maturity Model Certification (CMMC) nears full implementation, affected organizations are scurrying to ensure they’ll pass the certification process.

The goal is simple: organizations must meet minimum cybersecurity standards, and in doing so, they do their part to improve national security. The stakes are extraordinarily high for the estimated 300,000 defense industrial base (DIB) organizations which will soon need to be certified to one of the five CMMC levels to be eligible to be awarded a federal contract. Simply stated: no certification, no contract. From the perspective of the U.S. Government and the Department of Defense, the stakes have always been high since the DIB plays such a critical role in the defense of our nation. The only way to ensure the protection of our data and the integrity of the supply chain is to hold industry to a higher standard.

Supporting the DoD’s Defend Forward Initiative

 

What is Defend Forward?

The DoD’s Defend Forward operational concept has been rolling out over the past few years. Policy makers and cyber defenders in government realized that, as the situation in Afghanistan led directly to the rise of Al-Qaeda and the 9-11 attacks, the situation in cyberspace was going to lead to crippling cyber-attack of similar power.

However, unlike Afghanistan, where a power vacuum was created by the withdrawal of the Soviet Union, the Internet was designed from the outset to be open. By design, there are no police; no organization with the authority with the power to punish bad actors. The cavalry are stuck in the fort.

Something had to change.

Cyber Protection Teams (CPTs) working at the Department of Defense (DOD) were restricted to preparing for and responding to attacks on their own network. Hacktivists, cyber criminals, and nation state adversaries were not restricted in the same way. This unequal playing field was addressed by removing the restriction on CPTs and allowing them to operate, if asked, in the networks of foreign countries. This new operational concept is called Defend Forward.

The goal of Defend Forward is to move out into cyberspace and inflict costs on bad actors, especially other nation states. As most adversary cyber teams tend to use and reuse the same tactics, techniques, and procedures (TTPs), finding malware on foreign networks and publicizing it forces those cyber attackers to create new methods. This takes time, effort and money. By shining a light on these playbooks, friendly nations, other parts of government and civilians will know what to look for, further disrupting cyber attacked operations. Lastly, this serves as a signal to enemies that we know about their procedures and puts them on the defensive.

 

How Do We Protect the Base?

While Defending Forward is off to a promising start, it is only a part of the ongoing cyber war. A “whole – nation” effort is needed –involving both government and industry. Only 10% of the critical infrastructure networks in the U.S. are controlled by our government. Industry needs to do its part and protect the home base.

We need to know our networks better than the attackers do. We need to make sure our networks are set up securely as we intended. We need to find and mitigate the highest risk issues first. Our complex networks make this very hard to do without technical support.

RedSeal’s cyber terrain analytics platform and professional services help all organizations improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. RedSeal continually checks to see if a network’s segmentation is working as designed, ranks end point vulnerabilities in order of risk, and adds knowledge of your network to determine how accessible the vulnerability is to untrusted networks and what it will expose if compromised.

Click here to view the webinar titled, “Defend Forward, But Protect Your Base” with Wayne Lloyd, RedSeal Federal CTO and Mike Lloyd, RedSeal CTO.

Contact us for more information about how RedSeal can help you support our cyber protection teams.

RedSeal Named Govies Government Security Award Winner for Two Categories in 2020

Security Today | March 18, 2020

RedSeal has been named a Platinum winner of Security Today’s Govies Government Security Award in both “Network Security” and “Security & Risk Intelligence” categories. Security Today magazine is the only integrated product and technology magazine reaching the entire security market and the awards honor outstanding government security products in a variety of categories.

How network modeling and cyber hygiene improve security odds for federal agencies

FedScoop | March 16, 2020

Agencies that have built network infrastructure over decades may not be doing enough to manage basic cyber-hygiene practices and stay ahead of modern threats, cautions a new report.

When out-of-date configuration rules lurk on networks, attackers essentially have a back door to walk into government systems. However, modern network modeling platforms, capable of integrating into existing infrastructure, can help agency IT departments identify and manage cyber risks and accelerate essential hygiene practices.

A Resilient Infrastructure for US Customs and Border Protection

The Customs and Border Protection agency recently announced an official 2020-2025 strategy to accomplish their mission to “protect the American people and facilitate trade and travel.”

The strategy comprises only three goals, one of which is to invest in technology and partnerships to confront emerging threats. This includes an IT Infrastructure that provides fast and reliable access to resilient, secure infrastructure to streamline CBP work.

So, of everything CBP wants to accomplish in the next five years, delivering a resilient, secure infrastructure is right near the top.

Both Verizon’s Data Breach Investigations Report and Crowdstrike’s Global Threat Report agree that more than 90 percent of intrusions are due to failures in basic, continuous cyber fundamentals. These include patching, ensuring network devices are deployed securely, and firewall rules and access control lists enforce the network segmentation you intended.

These cybersecurity fundamentals can be tedious and repetitive, but they are the foundation of security and beyond that, cyber resilience.

Cyber resilience has three parts:

  1. Being hard to hit
  2. Having the ability to detect immediately
  3. Responding rapidly.

RedSeal is a solution purpose built to improve and track resilience.

We give you a way to measure resilience and improve the security of your infrastructure.

RedSeal’s cyber terrain analytics platform identifies cyber defensive gaps, runs continuous virtual penetration tests to measure readiness, and helps an organization capture a map of its entire network infrastructure. The RedSeal platform delivers continuous monitoring through the collection and correlation of change, configuration assessment and vulnerability exposure information. Turning these capabilities into cyber resilience measurements gives managers, boards of directors and executive management the understandable and actionable security metrics they need to drive towards digital resilience.

Cyberattack surfaces and complexity are only expanding as all commercial, US government and DOD networks modernize and move to cloud and software defined networks (SDN). Automating the basics so organizations and departments can be digitally resilient continuously in the face of an attack has never been more necessary.

To ensure its IT infrastructure is resilient and secure as it is rolled out, the CBP needs to focus on mastering the cyber fundamentals and measuring that progress by deploying RedSeal’s cyber terrain analytics platform. Click here to learn more.

Ten Cybersecurity Fundamentals to Reduce Your Risk of Attack

Due to escalating tensions with Iran and recent cyber activity against a U.S. Government website, DHS’s Cybersecurity and Infrastructure Security Agency team has issued a bulletin warning organizations to be prepared for “cyber disruptions, suspicious emails, and network delays.” DHS recommends preparing by focusing on “cyber hygiene practices” to defend against the known tactics, techniques and procedures (TTPs) of Iran-associated threat actors.  This warning serves as another reminder that adversaries often compromise organizations through failures in assessing and implementing basic security practices.

Based on recent international activities announced by DHS, expectations of retaliation from a known adversarial nation state are more than likely to occur. This is an immediate risk to all public and private organizations in the United States. Organizations need to be able to assess their current security posture and accurately evaluate their cyber hygiene. They need to know what is on their networks, how it is all connected and the risk associated with each asset.

Whether you are hands-on-keyboard technician or an executive responsible for securing your organization, here are ten cybersecurity fundamentals you can implement.

  1. Identify critical data and where it is housed
  2. Know what assets – physical and virtual – are on your network
  3. Harden your network devices, making sure they are securely configured
  4. Review your endpoint data sources to make sure you have full coverage of all endpoints on your network
  5. Ensure that your vulnerability scanner is scanning every subnet
  6. Factor in accessibility to prioritize your highest-risk vulnerabilities and hosts
  7. Make sure only approved or authorized access is allowed, including any third-party access.
  8. Validate that all network traffic goes through your security stack(s)
  9. Identify unnecessary ports and protocols
  10. Identify rules on your network gear to determine if they are valid and applied appropriately

By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With our cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks and how it’s all connected.

RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

We are proud to be trusted as the central cybersecurity platform in our customers’ defense-in-depth strategy.

CDM Experts: Data Collection, Classification, Analysis Are Keys

Recently, RedSeal Federal CTO Wayne Lloyd was asked to participate in a panel organized by Meritalk on the federal government’s Continuous Diagnostics and Mitigation (CDM) program.

Wayne was joined by CDM experts from Veritas and Splunk. All offered candid assessments of the importance of data classification and collection as the CDM program moves to incorporate a more robust integrated system of dashboards.

Wayne said it was important for organizations to thoroughly understand what their data environments look like. Once they do, data classification becomes easier.

“At RedSeal we help customers model their networks so they can understand what IP space they have and where the data may be residing,” he said. But all of these deployments reveal that the organization “doesn’t know their entire network,” he added.

On the subject of data classification and protection, David Bailey, senior director of U.S. public sector technical sales at Veritas said, “Mission critical data containing patient information for a hospital or the VA should be in tiered storage with the best, maybe multiple, forms of protection, with lots of role-based access controls.” He added that sometimes understanding what data needs to be protected the most is the most important priority.

Adilson Jardim, area vice president for public sector sales engineering at Splunk, said there should be an emphasis on the “continuous” part of CDM, and that it shouldn’t “be a program that ends in five years.”

Click here to read more: https://www.meritalk.com/articles/cdm-experts-data-collection-classification-analysis-are-keys/

To learn more about how RedSeal supports the DHS CDM program, visit “RedSeal and DHS CDM DEFEND

 — Lauren Stauffer, Sr. Director, Market Development