Posts

Trade group pushes voluntary cybersecurity standard for defense contractors

The Washington Post | December 13, 2018

With Kimberly Baker, RedSeal Senior Vice President and GM Public Sector

As the U.S. military tries to ensure its military assets are as secure as possible against cyberattack, the U.S. defense industry is gathering behind a new set of standards to spot cybersecurity laggards within its own supply chain.

The Aerospace Industries Association (AIA), an Arlington-based trade association that lobbies on behalf of defense contractors, on Tuesday released a set of voluntary standards designed to help U.S. aerospace companies ensure the weapons systems they make for the U.S. military are secure from hackers.

Does Improving Cybersecurity Begin with Improving the Acquisitions Process?

Government Technology Insider | December 11, 2018

With Kimberly Baker, RedSeal Senior Vice President and GM Public Sector

The ability to secure federal data, networks, and assets is impacted by the ability of agency cyber leaders to access required technology. They need to continually respond to well-resourced adversaries that are constantly evolving the mechanisms of attack.

Because of the acquisitions process, requests to upgrade existing cyber defenses or acquire the tools that can keep pace with this constantly evolving threat environment can take months if not years. During that time – from request to approval and deployment – critical systems and data are vulnerable to a breach.

Using RedSeal to Fix Cracks in the Foundation          

Written By Nate L. Cash, RedSeal Senior Network Security Engineer

A house is only as strong as its foundation. You want to ensure that water can’t enter your foundation, or it will compromise the strength of the house. In technology that foundation is your network and hackers are the water. Like water, hackers will slowly and methodically test your foundation. As they carefully look at the perimeter of your foundation to find a place to get in, they’ll find your cracks and nooks. And, once hackers are in, they will cause damage.

RedSeal’s platform provides a good way to test and check the foundation of your network technology stack automatically. It compares your device configurations with industry best practice guidelines to ensure that your foundation is solid. Whenever you import devices, RedSeal will compare their configurations with these guidelines and flag those that need to be remediated.

When they first start this process, most of our customers feel overwhelmed by the number of devices that need remediation. This points to an easily fixable process problem. Begin by updating any centralized configuration templates for your devices. You are using one, right? If not, a centralized configuration template is a baseline. It’s a checklist to ensure that all network devices are configured with the same basic security configurations. You start here because you don’t want to keep adding devices to your network that don’t comply with industry best practices.

“The man who moves a mountain begins by carrying away small stones.”- Confucius

Next, pick out some easy wins. For example, enabling Secure Shell and disabling telnet. These have low network impact, but high security value for your organization. Knock out these configurations first. Our customers choose to run reports between analysis, so they can follow along as the number of failed devices go down and passed devices go up. Note – this is a fantastic reporting metric to use because it shows a quantifiable decrease in risk. You’re patching and fixing cracks in your foundation.

I’ve saved the best part for last — RedSeal custom checks. If you’re passionate about securing your organization, ensuring your foundation is free of cracks, then you know the manufacturer settings are a baseline. You want to move past that bar to your own hardening standards, without adding additional overhead. This is where the RedSeal custom checks excel.

A RedSeal administrator can take your hardening standards and create custom rules that align. Every time RedSeal imports a device, it will run your custom checks alongside standard guidelines. Once the definitions are in place, it’s an automatic process. It’s a low overhead and a high value add to your organization’s security posture.

When you align RedSeal with your workflow, it’s easy to see how RedSeal will automate tasks that improve your foundational security. Comparing your devices with industry secure configurations and your own hardening standards is an automated way to ensure that your foundation is free from any cracks. Without adding a lot of overhead, it gives you the tools you and your team need to make a hacker’s job much harder.

RedSeal Named Bronze Award Winner for Best Network Security Solution at the 2018 ‘ASTORS’ Homeland Security Awards

American Security Today | November 29, 2018

American Security Today (AST) has named RedSeal the Bronze Award Winner in the category of Best Network Security Solution at the 2018 ‘ASTORS’ Homeland Security Awards.

The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today.

Building a Cyber Resilience Plan: Insights and Tactics

Government Technology Insider | November 14, 2018

With Dr. Mike Lloyd, RedSeal CTO

In part one of our discussion with Dr. Mike Lloyd of RedSeal, he shared the steps that form the basis of a cyber resilience plan so that agencies can take to limit – and recover from – the impact of a cyberattack. Continuing the discussion, Lloyd drills deeper into steps any organization can take to become more resilient. 

Cyber resilience: not just bouncing back, but a strategy for effective cyber defense

Government Technology Insider | November 8, 2018

With Dr. Mike Lloyd, RedSeal CTO

Most discussions on cybersecurity focus on prevention, but not cyber defense. But, the unfortunate reality is, some attacks will be successful no matter how well you’ve protected your networks. The question then becomes, just how quickly can you get back online and back to business?

For the Government Technology Insider podcast, we asked Dr. Mike Lloyd, Chief Technology Officer for RedSeal about how to achieve “digital resilience” – the ability to prepare for and recover from a cyber attack.

Cyber Hygiene And Digital Resilience To Withstand A Cyber Attack

ITSP Magazine | October 25, 2018

By Wayne Lloyd, RedSeal Federal CTO

After both the first and second Gulf wars, nation states such as North Korea, Iran, China and others came to the same conclusion: under no circumstances get into a shooting war with the United States military. The sole superpower in the world had a military so advanced and superior on the battlefield it left little doubt about the outcome.

CDM Designed to Help Federal Agencies Understand Risk Posture and Become Digitally Resilient

Government Technology Insider | October 24, 2018

The goal of the Continuous Diagnostics and Mitigation (CDM) Program is for all civilian agencies included in the program under the Chief Financial Officers’ (CFO) Act to feed data to the federal government-wide cybersecurity threat dashboard. With each individual agency’s information compiled, the dashboard consolidates threat information from individual agency feeds to give an overall understanding of the cyber risks facing civilian agencies and enables them to prioritize the most critical issues. 

Is AI Resilient Enough for Security?

SIGNAL Magazine | October 22, 2018

By Dr. Mike Lloyd, RedSeal CTO

Machines need to be hard to fool and reliable under pressure.

Artificial intelligence can be surprisingly fragile. This is especially true in cybersecurity, where AI is touted as the solution to our chronic staffing shortage.

It seems logical. Cybersecurity is awash in data, as our sensors pump facts into our data lakes at staggering rates, while wily adversaries have learned how to hide in plain sight. We have to filter the signal from all that noise. Security has the trifecta of too few people, too much data and a need to find things in that vast data lake. This sounds ideal for AI.

If You Protect Everything, Are You Protecting Anything?

Government Technology Insider | October 12, 2018

With Nate Cash, Senior Network Security Engineer

For decades, cybersecurity professionals have been tasked with protecting organizational IT assets, whether hardware, software, systems, or data. But have they been setting priorities for cybersecurity?

This is a monumental task, especially when the technology environment not only continues to change but is accelerating – just look at the spread of the Internet of Things. IT folks may be told to protect “everything,” but they know it’s an impossible task. They don’t have unlimited resources, after all.

In particular, organizations suffer from a skills gap.