Tag Archive for: RedSeal Stratus

How to Navigate the Shifting Healthcare Cybersecurity Landscape

/by

Cyberattacks and data breaches in the healthcare sector are increasing at an alarming rate, especially during the pandemic when patient communications and records moved online.

Between March 2021 and February 2022, over 42,076,805 healthcare records were exposed. Businesses lose an average of $10.10 million per healthcare data breach, while lost or stolen protected health information (PHI) and personally identifiable information (PII) cost the U.S. healthcare industry billions of dollars annually.

Valuable data makes healthcare organizations a prime target for cybercriminals. Meanwhile, the fast-shifting technology landscape makes it more challenging than ever to keep up with the latest cybersecurity best practices.

Let’s look at the many factors causing today’s cybersecurity nightmare and how you can navigate the changing healthcare cybersecurity landscape with the right technology and processes.

The Healthcare Sector Faces Ongoing Cybersecurity Challenges

The healthcare industry is complex. Various factors have come together in recent years to create the perfect storm for bad actors to breach networks and steal data.

High-Value Target Data: PHI and medical records are sought after by criminals because they’re worth 10 to 20 times the value of credit card data on the dark web. Meanwhile, biomedical and pharmaceutical research and development data drive a $160-billion industry. Criminals can often use the stolen credential to breach multiple targeted systems, giving threat actors many ways to cause damage through lateral movements.

Fast Adoption of New Technologies: The healthcare industry has been implementing connected medical devices (medical IoT) at a rapid pace. The equipment often uses unregulated mobile applications for processing and transmitting PHI and PII. Additionally, many facilities don’t have the proper security protocols to support the proliferation of devices connected to their networks — creating a large attack surface cybercriminals can exploit.

Overworked and Undertrained Personnel: Employee training is key to preventing social engineering schemes, phishing scams, and ransomware attacks — after all, it takes only one staff member to open one malicious attachment to infect the entire system. However, many healthcare facilities fail to provide sufficient cybersecurity education to their employees. Even end users with the knowledge and best intention often let their guard down because of environmental factors, such as distraction and excessive workload.

Competing Operational Priorities: Operational needs, often urgent, require personnel to prioritize speed of information sharing over data security. Meanwhile, facilities must comply with large-scale data portability regulations that require them to make health records and other sensitive information available in digital and sharable formats. These processes can increase the risks of data breaches if providers don’t have the proper security measures in place.

Budgetary Constraints: Healthcare organizations have limited IT budgets, and their tech teams are often stretched thin. They spend most resources on acquiring and implementing new technology solutions to stay current and competitive, leaving few to secure and maintain their networks. Many organizations don’t have in-house security teams and often outsource the function without assigning any internal stakeholders to coordinate the activities or monitor the outcomes.

Inconsistent Cyber Hygiene: Many healthcare facilities are stuck with legacy systems that are no longer supported by the vendor and can’t be upgraded with the latest security features. As such, they introduce permanent vulnerabilities into the organizations’ networks. Additionally, integrating new and old technology solutions may create interoperability dependencies, network segmentation risks, and blind spots hackers can exploit.

The Pandemic Caused New Issues in Healthcare Cybersecurity

The healthcare industry played a front-and-center role during the COVID-19 pandemic, which necessitated the rapid adoption of digital technologies. While the accelerated digital transformation brought many benefits, it also created various cybersecurity concerns.

An Abrupt Shift to Remote Working: Many non-frontline functions moved to a remote working environment in response to lockdowns. Healthcare organizations lack the time and resources to provide adequate security training to remote workers, implement endpoint protection capabilities, and develop remote system backup and recovery plans to build business resiliency and protect themselves from the consequences of ransomware attacks and data loss.

Rapid Procurement and Implementation of Security Tools: The rapid transition to cloud-based platforms for the new hybrid work environment increased the likelihood of misconfigured security settings and mismanaged security tool deployments. Many organizations also lack plans to maintain and sustain the new platforms and technologies, leading to oversight and creating opportunities for threat actors to strike.

Duration and Scope of the Global Crisis: The pandemic created long-term uncertainty. It increases the stress on individuals and society, which, in turn, raises the population’s susceptibility to social engineering. Meanwhile, the need for coordinated responses from facilities across the nation and authorities around the world requires unconventional partnerships and data-sharing practices that caused chain reactions, increased risk factors, and exposed vulnerabilities.

Navigating the Cybersecurity Nightmare in Healthcare: Today’s complex cybersecurity landscape isn’t easy to navigate, especially in the high-stakes healthcare sector. The rise of remote work and telemedicine, plus the proliferation of connected medical devices, has increased the attack surface dramatically. Budget constraints, competing priorities, and lack of employee training leave a lot of opportunities for hackers to exploit. Also, healthcare providers must comply with increasingly stringent data privacy laws to avoid fines and lawsuits.

A Multi-Layer Approach to Cybersecurity: You need a multi-prong approach to address various challenges. The process starts with gaining visibility across all your network environments to understand who has access to what information. Then, prioritize vulnerabilities and resolve gaps in your scan coverage.

Don’t forget to address all your cloud platforms, especially if you have a hybrid environment that combines cloud applications with legacy software where the connections can become weak links and blind spots. Moreover, you must stay current with all relevant data privacy laws, adhere to the latest security configuration standards, and ensure that your vendors and partners are also compliant to protect your data from supply chain attacks.

RedSeal can help you build a solid foundation by creating in-depth visualizations of your security infrastructure. We then use the insights to prioritize your vulnerabilities and automate your compliance process. Get in touch to see how we can help you assess, remediate, and mitigate your security processes and infrastructure.

How Secure Is Your Pharma Research Data?

/by

The use of big data and advanced analytics is now essential for innovation across the pharmaceutical and healthcare industries. However, working with vast amounts of data — experimental data, clinical trial data, patient data — has become a double-edged sword as organizations face immense challenges in protecting data integrity and ensuring data security in today’s digital environment.

Meanwhile, the global pharmaceutical market will grow above $2 billion by 2028 at a compound annual growth rate (CAGR) of 5.7% between 2022 and 2028. With revenue depending on research and innovation and more of the processes going digital, pharma research data has become a prime target for threat actors who use various means to breach companies’ systems and steal their sensitive information.

Let’s review key data security issues that pharma research companies face and how to protect your sensitive information to help you navigate the complex cybersecurity environment.

Is Pharma Research Data Secure?

Unfortunately, no. The pharmaceutical industry has seen many data breaches in recent years.

In an analysis of 20 pharma companies, five had experienced over 200,000 data exposures and breaches. Some had as many as 400,000 exposures. Another study revealed that over 50% of hospitals, biotech firms, and pharmaceutical companies have more than 1,000 sensitive files accessible to all employees. 33% of these organizations have over 10,000 files exposed to every staff member.

IBM’s Cost of Data Breach 2022 report found that data breaches cost the pharma industry an average of $5.01 million between March 2021 and March 2022. Additionally, the high data regulation environment means these companies see costs accrue years following a breach due to regulatory and legal fees, further impacting an organization’s financial health.

Data breaches in the pharma industry can also lead to direr consequences than in many other sectors. For example, leaked intellectual properties and clinical trial data can lead to reputational damage and lost revenue that could take years to remedy.

Top Pharma Research Data Security Issues

Here are the key cybersecurity challenges faced by pharma companies:

Supply Chain Attacks: Pharma research requires collaboration among various parties, such as research institutions, suppliers, contractors, and partners. The complex ecosystem creates a large attack surface threat actors can exploit. For example, they can infiltrate your network via a vendor with a less secure system. Without complete visibility into their environment, many organizations are left in the dark until it’s too late.

Ransomware Attacks: Due to the need to access critical information in their research, pharma companies are prime targets for ransomware attacks. Especially in companies with lax access controls, hackers can infect just one employee’s device with malware to infiltrate the entire network and lock down access to data for the whole company.

Phishing Scams: Threat actors can use social engineering techniques to trick employees, partners, and researchers into giving up their credentials to access the company’s network and exfiltrate data. Again, an organization without proper access control makes it much easier for hackers to move laterally across its systems.

Emerging Technologies: New platforms, cloud technologies, and Internet of Things (IoT) devices are invaluable in accelerating research and development processes. But they also present inherent cybersecurity risks because of the expansive environment and numerous endpoints. If companies spread their data on multiple platforms without mapping their inventory, they could leave sensitive data out in the open.

Mergers and Acquisitions (M&A): The pharmaceutical industry saw 182 M&A deals in Q2 2022. When two companies merge, their IT infrastructures must work seamlessly with each other, including their cybersecurity protocols and monitoring systems. Mapping all the data to maintain visibility and assessing vulnerabilities can be challenging, leaving the new entity at a higher risk of compromise.

How to Protect Pharma Research Data:

Here are some steps pharma companies can take to protect their research data:

  1. Visualize Access Across Your Network Environment: You can’t protect what you can’t see. You must map your environment and all digital assets to connect the dots, identify blind spots, reveal inconsistencies, and interpret access control. You can then prioritize vulnerabilities based on access and eliminate gaps in your scanner coverage.
  2. Deploy End-to-End Encryption for Data Sharing: Use a robust encryption solution to support data sharing within the organization and with third parties. This way, authorized personnel can use sensitive information without risking exposure. Choose a scalable, database-agnostic encryption technology that can be deployed in the cloud or on-premises to help protect data at rest, in transit, and in use.
  3. Enforce a Zero-Trust Policy and Least-Privilege Access: Least-privilege access is a vital component of a zero-trust framework that continuously authenticates a user’s identity to allow access to protected information. Access control is granted based on the principle that end users should see no more than the data they need to do their job. This approach can help minimize damage even if an employee’s account is compromised and limit a hacker’s lateral movement within your network.
  4. Implement a Comprehensive Incident Response Plan: It’s not a matter of if but when your infrastructure will come under attack, and a well-designed incident response plan is key to containing the damage and minimizing loss. Having an up-to-date model of your network can help accelerate incident response by locating the compromised device and determining which digital assets hackers can reach from the entry point.

Protect Pharma Research Data with a Bird’s-Eye View of Your Network

The first step in strengthening your defense is to know where all your data is and who can access the information. The insights can help you identify vulnerabilities, take remediation actions, and implement continuous compliance monitoring. But mapping all the moving parts, including every connection to the internet, is easier said than done.

RedSeal Stratus gives you an in-depth visualization of the topography and hierarchy of your security infrastructure. It helps you identify critical assets inadvertently exposed to the internet and shows your multi-cloud inventory and connectivity, so you can quickly detect changes in the environment.

Get in touch to see how we can help you proactively improve your security posture and protect your pharma research data.

InfoSeCon Roundup: OT Top of Mind with Many

/by

The RedSeal team recently attended the sold-out ISSA Triangle InfoSeCon in Raleigh. It was energizing to see and talk to so many people in person. People were excited to be at in-person events again (as were we!) and we had some great discussions at our booth on how RedSeal can help customers understand their environment and stay one step ahead of threat actors looking to exploit existing vulnerabilities. 

Visibility was a top topic at the booth, but I want to focus this blog on our panel discussion, titled ”OT: Still a Security Blindspot”, which, of course, has visibility as a core need. While I was expecting that this topic would be of interest to quite a few attendees, I was not expecting the great reception we received, nor the number of people that stayed behind to talk to us. We had so many great questions, that we have decided to host a webinar with the same title, where we will share some of the same information, and expand it to address some additional topics based on attendee interest. 

I want to highlight some key points we shared during the session:

We started the session talking about OT networks – what they are, and how they exist across all verticals in some way, shape or form (it is not just manufacturers!).  We did share a life sciences customer example to close the session (think about all of the devices in a hospital connected to the Internet – and what could happen if they were hacked!).

Then we got into the “risk” part of the discussion. We shared how OT networks are targeted via vulnerable devices and highlighted actual consequences from some real-life examples. We focused on the Mirai botnet and potential motives from threat actors:  

  • Botnets can simply to be annoying or attention getting, interrupting business 
  • Ransomware has traditionally been for cash or equivalent, but now can also be for deliberate intentional damage
  • Nation State – with espionage as a goal – to disrupt or compromise organizations or governments

Our panelists from Medigate by Claroty provided their perspective based on discussions with their customers. They explained that for many organizations OT was an afterthought when accessing security risks. The audience appeared to agree with this assessment. Unfortunately, this meant that OT has often been the quickest way to cause serious damage at an organization. They have seen this within the 1500+ hospitals they work with. They shared a couple of examples, which clearly demonstrated what can happen if you have vulnerable OT devices:

  • Turning off the air conditioning at a hospital in Phoenix AZ during the summer shut EVERYTHING down
  • Operating rooms must be kept at very specific temps and humidity levels. A customer in CA whose dedicated O.R. HVAC was impacted ended up losing $1M in revenue PER DAY while it was down

One of the reasons that the security risks for OT devices has not been addressed as well as they should is that OT devices have typically been managed by the Facilities organizations, who do not have the training and expertise needed for this task. We did spend some time talking about who “owns” managing and securing these OT devices. Luckily, there is growing awareness of the need for visibility into both OT and IT devices as part of an overall security strategy, and there are emerging solutions to address this need. 

We also spent time discussing how complex managing OT/IT becomes when companies have distributed sites or complex supply chains. The Medigate panelists shared how some of their Life Sciences customers have sites with different OT network topologies, and some even have a mismatch between the topology of the individual site and its production logic. This means there are usually multiple redundant, unmonitored connections at each site, which provides threat actors with numerous opportunities to penetrate the OT network and, once inside, to move laterally within it. 

This led to a conversation among the panelist on how to address the IT/OT visibility needs:

  1. First step: gain visibility into where OT is and then integrate it with existing IT security infrastructure 
  2. Ongoing: alignment and collaboration between and across IT and OT security, as well as with a range of third-party vendors, technicians, and contractors
  3. End goal: enable all teams (facilities, IT, security, networking, etc.) speak the same language from the same source of truth

The above is just a brief review of some of the topics covered during the panel discussion. If you are interested in hearing more about how to address IT/OT visibility needs and hear about how customers are addressing these needs or find out more about RedSeal, please visit our website or contact us today!

IT/OT Convergence

/by

Operational Technology (OT) systems have decades of planning and experience to combat threats like natural disasters – forces of nature that can overwhelm the under-prepared, but which can be countered in advance using well thought out contingency plans. Converging IT with OT brings great efficiencies, but it also sets up a collision between the OT world and the ever-changing threats that are commonplace in the world of Information Technology. 

A Changing Threat Landscape 

The security, reliability, and integrity of the OT systems face a very different kind of threat now – not necessarily more devastating than, say, a flood along the Mississippi, or a hurricane along the coast – but more intelligent and malicious. Bad actors connected over IT infrastructure can start with moves like disabling your backup systems – something a natural disaster wouldn’t set out to do. Bad actors are not more powerful than Mother Nature, but they certainly are more cunning, and constantly create new attack techniques to get around all carefully planned defenses. This is why the traditional strategies have to change; the threat model is different, and the definition of what makes a system “reliable” has changed. 

In the OT world, you used to get the highest reliability using the oldest, most mature equipment that could stay the same, year after year, decade after decade. In the IT world, this is the worst possible situation – out of date electronics are the easiest targets to attack, with the most known vulnerabilities accumulated over time. In the IT world of the device where you are reading this, we have built up an impressive and agile security stack in response to these rapidly evolving threats, but it all depends on being able to install and patch whatever software changes we need as new Tactics, Techniques and Procedures (TTP’s) are invented. That is, in the IT world, rapid change and flexible software is essential to the security paradigm. 

Does this security paradigm translate well to the OT world?

Not really. It creates a perfect storm for those concerned with defending manufacturing, energy, chemical and related OT infrastructure. On the one hand, the OT machinery is built for stability and cannot deliver the “five nines” reliability it was designed for if components are constantly being changed. On the other hand, we have IT threats which can now reach into OT fabric as all the networks blend, but our defense mechanisms against such threats require exactly this rapid pace of updating to block the latest TTP’s! It’s a Catch-22 situation. 

The old answer to this was the air gap – keep OT networks away from IT, and you can evade much of the problem. (Stuxnet showed even this isn’t perfect protection – humans can still propagate a threat across an air gap if you trick them, and it turns out that this isn’t all that hard to do.) Today, the air gap is gone, due to the great economic efficiencies that come from adding modern digital communication pathways to everything we might need to manage remotely – the Internet of Things (IoT).

How do we solve this Catch-22 situation?

So, what can replace the old air gap? In a word, segmentation – it’s possible, even in complex, blended, IT/OT networks to keep data pathways separate, just as it’s essential for the same reason that we keep water pipes and sewer pipes separate when we build houses. The goal is to separate vulnerable and critical OT systems so that they can talk to each other and be managed remotely, but to open only these pathways, and not fall back to “open everything so that we can get the critical traffic through”. Thankfully, this goal is achievable, but the bad news is it’s error prone. Human operators are not good at maintaining complex firewall rules. When mistakes inevitably happen, they fall into two groups:

  1. errors that block something that is needed
  2. errors that leave something open

The first kind of error is immediately noticed, but sadly, the second kind is silent, and, unless you are doing something to automatically detect these errors and gaps, they will accumulate, making your critical OT fabric more and more fragile over time. 

One way to combat this problem is to have a second set of humans – the auditors – review the segmentation regularly. Experience shows, though, that this just propagates the problem – no human beings are good at understanding network interactions and reasoning about complex systems. This is, however, a great job for computers – given stated goals, computers can check all the interactions and complex rules in a converged, multi-vendor, multi-language infrastructure, and make sure only intended communication is allowed, no more and no less.

In summary, IT/OT convergence is inevitable, given the economic benefits, but it creates an ugly Catch-22 scenario for those responsible for security and reliability – it’s not possible to be both super-stable and agile at the same time. The answer is network segmentation, not the old air gapped approach. The trouble with segmentation is it’s hard for humans to manage, maintain and audit without gaps creeping in. Finally, the solution to resolve this Catch-22 is to apply automation – using software such as from RedSeal to automatically verify your segmentation and prevent the inevitable drift, so that OT networks are as prepared for a hacker assault as they are for a natural disaster. 

CNAPP: The Future of Cloud Security

/by

The cloud has arrived. According to data from the Cloud Security Alliance (CSA), 89% of organizations now host sensitive data or workloads in the cloud. But increased use doesn’t necessarily mean better protection: 44% of companies feel “moderately” able to protect this data, and 33% say they’re only “slightly” confident in their defense.

With cloud networks growing exponentially, businesses need a new way to handle both existent and emerging threats. Cloud-native applications protection platforms (CNAPP) offer an integrated, end-to-end security approach that can help companies better manage current conditions and prepare for future attacks.

What is CNAPP?

As noted by research firm Gartner in their August 2021 Innovation Insight for Cloud-Native Application Protection Platforms report (paywall), CNAPP is “an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production.”

The goal of CNAPP solutions is to protect cloud-based applications across their entire lifecycle, from initial deployment and integration to regular use and maintenance to eventual end-of-life. Rather than taking a point-based approach to security that sees companies adopting multiple solutions which may (or may not) work in tandem to solve security issues, CNAPP looks to provide a single user interface and a single source of truth for all cloud-related security processes.

In effect, this approach prioritizes the centralization of cloud security processes to help companies better manage disparate applications and services.

Why Is Security in the Cloud so Challenging?

Effective security relies on effective attack path analysis – the categorization and protection of pathways. In a traditional infrastructure model, these pathways were relatively simple, stretching from internal resources to Internet applications and back.

Highways offer a simple analogy. Say that your resources are in San Francisco, California, and the Internet is in San Jose. Different highways offer different paths to the same destination. Installing checkpoints along these highways, meanwhile, makes it possible for companies to ensure that cars heading into San Francisco or back to San Jose have permission to do so. If they don’t, they’re not allowed to proceed.

The cloud significantly complicates this process by adding a host of new destinations and attack pathways, both on the ground and in the air. Where companies might have managed 50 potential points of compromise, in the cloud this number could be 5000 or 50,000 —and is constantly growing. Plus it is 100x easy to misconfigure the points of compromise.

As a result, there are both more vehicles traveling and more routes for them to travel, in turn making it 100x more complicated to see and secure the cloud. This in turn, increases the risk of traffic getting into or out of your network without the proper permissions, resulting in everything from lateral compromise to ransomware payloads to advanced persistent threats (APTs).

Clouds also create a challenge when it comes to third-party protection. While cloud-native applications are evolving to meet new enterprise requirements, well-known or specialized third-party solutions are often tapped for additional security controls or to provide enhanced functionality. In our traffic example, this means that different checkpoints are managed by different vendors that may not always speak the same language or use the same metrics. This means it’s possible for one of these checkpoints to report a false positive or negative, in turn putting your local cloud environment at risk.

How Can CNAPP Help Companies Address Cloud Security Challenges?

CNAPP solutions makes it possible to centralize security management for greater visibility and control. According to Gartner, this is accomplished via five key components:

  1. Infrastructure as Code (IAC) Scanning
    IAC scanning helps companies identify potential issues with distributed configurations across their network. This is especially critical as infrastructure provisioning becomes more and more automated. Without the ability to regularly scan for potential weak points, IAC becomes a potential liability.
  2. Container Scanning
    Containers are a critical part of cloud computing. By making it possible to package applications in a platform- and service-agnostic framework, it’s easy for companies to deploy new services without rebuilding code from the ground up. The caveat? Containers that have been compromised present serious risks. As a result, container scanning is critical.
  3. Cloud Workload Protection Platforms (CWPPs)
    CWPPs are designed to discover workloads within both cloud and on-premises infrastructure and then perform vulnerability assessments to determine if these workloads pose potential risks based on current policies and if any actions are required to remediate this risk.
  4. Cloud Infrastructure Entitlement Management (CIEM)
    CIEM tools help handle identity and access across the cloud. By automatically granting, revoking, and administering access to cloud services, the judicious application of CIEM solutions make it possible for companies to adopt a principle of least privilege approach to access.
  5. Cloud Security Posture Management (CSPM)
    CSPMs automate the process of identifying and remediating risk across IaaS, PaaS, and SaaS deployments in enterprise clouds. These tools provide the data-driven foundation for risk visualizations and assessments that empower effective incident response.

Working together, these solutions make it possible for companies to see what’s happening in their cloud network environments, when, and why, in turn allowing IT teams to prioritize alerts and take immediate action. Consider the RedSeal Stratus CNAPP solution, which provides companies with a “blueprint map” of their entire cloud framework to identify where resources are located and full attack path analysis to identify where they are exposed.

In the context of our highway example, RedSeal Stratus makes it possible to map every possible path and checkpoint taken, in addition to providing information about each exposed resource at risk in San Francisco and who can get to them within minutes. This makes it possible to assess the net effective reachability of all aspects of your cloud and pinpoint areas that require specific action.

What Comes Next for CNAPP?

Put simply, CNAPP is the future of cloud security, but it’s not a monolithic, one-size-fits-all solution. Given the rapidly-changing scope and nature of cloud services, CNAPP solutions won’t be one-vendor affairs but rather a consolidation of differing vendor specialties under a unified platform model that provides a single pane of glass visibility for users.

Moving forward, companies should expect an increasing focus on the data residing in the resources as the core component of CNAPP. This includes not only a focus on how they are accessible and permissions but on positively identifying where they’re located, what they’re doing, who is accessing them, risks and how they interact with other services and solutions both on-Premise and cloud.

CNAPP is coming of age. Make sure you’re ready for the next generation of cloud security with RedSeal

Cyber Insurance Isn’t Enough Anymore

/by

The cyber insurance world has changed dramatically.

Premiums have risen significantly, and insurers are placing more limits on covered items. Industries like healthcare, retail, and government, where exposure is high, have been hit hard. Many organizations have seen huge rate increases for substantially less coverage than in the past. Others have seen their policies canceled or been unable to renew.

In many cases, insurers are offering half the coverage amounts at a higher cost. For example, some insurers that had previously issued $5 million liability policies have now reduced amounts to $1 million to $3 million while raising rates. Even with reduced coverage, some policy rates have risen by as much as 300%.

At the same time, insurers are leaving the field. Big payoffs in small risk pools can devastate profitability for insurers. Many insurers are reaching the break-even point where a single covered loss can wipe out years of profits. In fact, several major insurance companies have stopped issuing new cybersecurity insurance policies altogether.

This is in part to incidents like the recent Merck legal victory forcing a $1.4B payout due to the NotPetya’s malware attack. According to Fitch Ratings, more than 8,100 cyber insurance claims were paid out in 2021, the third straight year that claims increased by at least 100%. Payments from claims jumped 200% annually in 2019, 2020, and 2021 as well.

Claims are also being denied at higher rates. With such large amounts at stake, insurers are looking more closely at an organization’s policies and requiring proof that the organization is taking the right steps to protect itself. Companies need to be thinking about better ways to manage more of the cyber risks themselves. Cyber insurance isn’t enough anymore.

Dealing with Ransomware

At the heart of all of this drama is ransomware. The State of Ransomware 2022 report from Sophos includes some sobering statistics.

Ransomware attacks nearly doubled in 2021 vs. 2020, and ransom payments are higher as cybercriminals are demanding more money. In 2020, only 4% of organizations paid more than $1 million in ransoms. In 2021, that number jumped to 11%. The average ransomware paid by organizations in significant ransomware attacks grew by 500% last year to $812,360.

More companies are paying the ransom as well. Nearly half (46%) of companies hit by ransomware chose to pay despite FBI warnings not to do so. The FBI says paying ransoms encourages threat actors to target even more victims.

Even with cyber insurance, it can take months to fully recover from a ransomware attack and cause significant damage to a company’s reputation. Eighty-six percent (86%) of companies in the Sophos study said they lost business and revenue because of an attack. While 98% of cyber insurance claims were paid out, only four out of ten companies saw all of their costs paid.

There’s some evidence that cybercriminals are actively targeting organizations that have cyber insurance specifically because companies are more likely to pay. This has led to higher ransom demands, contributing to the cyber insurance crisis. At the same time, there’s been a significant increase in how cybercriminals are exacting payments.

Ransomware attackers are now often requiring two payments. The first is for providing the decryption key to unlock encrypted data. A demand for a separate payment is made to avoid releasing the data itself publicly. Threat actors are also hitting the same organizations more than once. When they know they’ll get paid, they often increase efforts to attack a company a second or third time until they lock down their security.

Protecting Yourself from Ransomware Attacks

Organizations must deploy strict guidelines and protocols for security and follow them to protect themselves. Even one small slip-up in following procedures can result in millions or even billions of dollars in losses and denied claims.

People, Processes, Tech, and Monitoring

The root cause of most breaches and ransomware attacks is a breakdown in processes, allowing an attack vector to be exploited. This breakdown often occurs because there is a lack of controls or adherence to these controls by the people using the network.

Whether organizations decide to pay the price for cyber insurance or not, they need to take proactive steps to ensure they have the right policies in place, have robust processes for managing control, and train their team members on how to protect organizational assets.

Organizations also need a skilled cybersecurity workforce to deploy and maintain protection along with the right tech tools.

Even with all of this in place, strong cybersecurity demands continuous monitoring and testing. Networks are rarely stable. New devices and endpoints are added constantly. New software, cloud services, and third-party solutions are deployed. With such fluidity, it’s important to continually identify potential security gaps and take proactive measures to harden your systems.

Identifying Potential Vulnerabilities

One of the first steps is understanding your entire network environment and potential vulnerabilities. For example, RedSeal’s cloud cybersecurity solution can create a real-time visualization of your network and continuously monitor your production environment and traffic. This provides a clear understanding of how data flows through your network to create a cyber risk model.

Users get a Digital Resilience Score which can be used to demonstrate their network’s security posture to cyber insurance providers.

This also helps organizations identify risk factors and compromised devices. Also, RedSeal provides a way to trace access throughout an entire network showing where an attacker can go once inside a network. This helps identify places where better segmentation is required to prevent unauthorized lateral movement.

In case an attack occurs, RedSeal accelerates incident responses by providing a more complete road map for containment.

Cyber Insurance Is Not Enough to Protect Your Bottom Line

With escalating activity and larger demands, cyber insurance is only likely to get more expensive and harder to get. Companies will also have to offer more proof about their security practices to be successful in filing claims or risk having claims denied.

For more information about how we can help you protect your network and mitigate the risks of successful cyber-attacks, contact RedSeal today.

The Unique Security Solution RedSeal Brings to Multi-Cloud and Hybrid Network Environments

/by

One of the most significant benefits of implementing a multi-cloud strategy is the flexibility to use the right set of services to optimize opportunities and costs.

As public cloud service providers (CSPs) have evolved, they have started to excel in different areas. For example, programmers often prefer to use Azure because of its built-in development tools. However, they often want their apps to run in AWS to leverage the elastic cloud compute capability.

Adopting a multi-cloud strategy enables enterprises to benefit from this differentiation between providers and implement a “best of breed” model for the services that need to consume. They can also realize significant efficiencies, including cost-efficiency, by managing their cloud resources properly.

But multi-cloud solutions also bring their own challenges from administration to security. This can be especially challenging for organizations that don’t have deep experience and knowledge across all platforms and how they interconnect. It can sometimes seem like speaking a different language. For example, AWS has a term called VPC (virtual private cloud). Google Cloud Platform (GCP) uses that term, too but it means something different. In other cases, the reverse is true. The terminology is different but they do the same things.

Cloud provider solutions don’t always address the needs of hybrid multi-cloud deployments. Besides the terminology of AWS, Azure, GCP, Oracle’s OCI, IBM’s cloud, and others have different user interfaces. In a multi-cloud environment or hybrid environment, it can be far more difficult to secure than a single cloud.

Because of these challenges the need for a platform-independent solution that can understand all of the languages of each platform is needed to translate how your multi-cloud solutions are configured, interconnected, and help mitigate the risks.

How RedSeal Manages Multi-Cloud and Hybrid Cloud

At RedSeal, we provide the lingua franca (or bridge) for multi-cloud and on-premise networks. Security operations center (SOC) teams and DevOps get visibility into their entire network across vendors. RedSeal provides the roadmap for how the network looks and interconnects, so they can secure their entire IT infrastructure without having to be experts on every platform.

In most organizations using multi-cloud and hybrid cloud, however, network engineers and SOC teams are being asked to learn every cloud and on-prem resource and make sure they are all configured properly and secured. Many will deploy virtual cloud instances and use virtual firewalls, but as complexity rises, this becomes increasingly difficult to manage.

RedSeal is the only company that can monitor your connectivity across all of your platforms whether they are on-prem or in the cloud. This allows you to see network topology across all of your resources in one centralized platform.

Proactive Security

Proactive security is also complex. Most security offerings monitor in real-time to alert you when there’s an attack underway. That’s an important aspect of your security, but it also has a fundamental flaw. Once you recognize the problem, it’s already underway. It’s like calling 9-1-1 when you discover an emergency. Help is on the way, but the situation has already occurred.

Wouldn’t you like to know your security issues before an incident occurs?

RedSeal helps you identify potential security gaps in your network, so you can address them proactively. And, we can do it across your entire network.

Network Segmentation

Segmenting your network allows you to employ zero trust and application layer identity management to prevent lateral movement within your network. One of the most powerful things about RedSeal is that it provides the visibility you need to manage network segmentation.

It’s a simple concept, but it can also become incredibly complex — especially for larger companies.

If you’re a small business with 100 employees, segmentation may be easy. For example, you segment your CNC machine so employees don’t have admin rights to change configurations. In a mid-size or enterprise-level company, however, you can have an exponential number of connections and end-points. We’ve seen organizations with more than a million endpoints and connections that admins never even knew existed.

It’s only gotten more complex with distributed workforces, remote workers, hybrid work environments, and more third-party providers.

RedSeal can map it all and help you provide micro-segmentation for both east-west and north-south traffic.

Vulnerability Prioritization

Another area where RedSeal excels is by adding context to network vulnerability management. This allows you to perform true risk-based assessments and prioritization from your scanners. RedSeal calculates vulnerability risk scores that account for not only severity and asset value but also downstream risk based on the accessibility of vulnerable downstream assets.

In many cases, RedSeal uncovers downstream assets that organizations didn’t know were connected or vulnerable. These connections provided open threat surfaces, but never showed up in alert logs or only as low-to-medium risks. So, SOC teams already overwhelmed with managing critical and high-risk alerts may never get to these hidden connections. Yet, the potential damage from threat actors exploiting these connections could be even greater than what showed up as high risk.

RedSeal shows you the complete pictures and helps you prioritize vulnerabilities so you can focus on the highest risks in your unique environment.

Play at Your Best

In the late ’90s, world chess champion Garry Kasparov faced off against Deep Blue, an IBM supercomputer, in a six-game exhibition. Kasparov won the first match. Deep Blue won the second and the next three ended in draws. When Deep Blue won the final match and secured the overall victory, Kasparov was asked to concede that the best chess player in the world is now a computer.

Kasparov responded by saying that people were asking the wrong question. The question isn’t about whether the computer is better, but rather how do you play the best game of chess? Kasparov believes he lost not because the computer was better, but because he failed to perform at his best and see all of the gaps in his play.

You can’t afford to make mistakes in your security and beat yourself. By understanding your entire network infrastructure and identifying security gaps, you can take proactive measures to perform at your best.

RedSeal is the best move for a secure environment.

Learn more about how we can help protect your multi-cloud and hybrid cloud environments. Contact RedSeal today.

Zero Trust Network Access (ZTNA): Reducing Lateral Movement

/by

In football, scoring a touchdown means moving the ball down the field. In most cases, forward motion starts the drive to the other team’s end zone. For example, the quarterback might throw to a receiver or handoff to a running back. Network attacks often follow a similar pattern: Malicious actors go straight for their intended target by evaluating the digital field of play and picking the route most likely to succeed.

In both cases, however, there’s another option: Lateral movement. Instead of heading directly for the goal, attackers move laterally to throw defenders off guard. In football, any player with the ball can pass parallel or back down the field to another player. In lateral cyberattacks, malicious actors gain access to systems on the periphery of business networks and then move “sideways” across software and services until they reach their target.

Zero trust network access (ZTNA) offers a way to frustrate lateral attack efforts. Here’s how.

What is Zero Trust Network Access?

Zero trust network access is rooted in the notion of “need to know” — a concept that has been around for decades. The idea is simple: Access and information are only provided to those who need it to complete specific tasks or perform specific actions.

The term “zero trust” refers to the fact that trust is earned by users rather than given. For example, instead of allowing a user access because they provide the correct username and password, they’re subject to additional checks which verify their identity and earn the trust of access. The checks might include two-factor authentication, the type of device used for access, or the user’s location. Even once identity has been confirmed, further checks are conducted to ensure users have permission to access the resource or service they’re requesting.

As a result, the term “zero trust” is somewhat misleading. While catchy, it’s functionally a combination of two concepts: Least privilege and segmentation. Least privilege sees users given the minimum privilege necessary to complete assigned tasks, while segmentation focuses on creating multiple digital “compartments” within their network. That way, even if attackers gain lateral access, only a small section of the network is compromised.

Adoption of ZTNA is on the rise, with 96 percent of security decision-makers surveyed saying that zero trust is critical for organizational success. Recent predictions also suggest that by 2023 60 percent of enterprises will phase out their remote access virtual private networks (VPNs) and replace them with ZTNA frameworks.

The Fundamentals of ZTNA-Based Architecture

While the specifics of a ZTNA deployment will look different for every business, there are five fundamental functions of zero-trust network access:

1. Micro-segmentation: By defining networks into multiple zones, companies can create fine-grained and flexible security policies for each. While segments can still “talk” to each other across the network, access requirements vary based on the type of services or data they contain. This approach reduces the ability of attackers to move laterally — even if they gain network access, they’re effectively trapped in their current segment.

2. Mandatory encryption: By encrypting all communications and network traffic, it’s possible to reduce the potential for malicious interference. Since they can’t see what’s going on inside business networks simply by eavesdropping, the scope and scale of their attacks are naturally limited.

3. The principle of least privilege: By ensuring that all users have only the minimum privilege required to do their job, evaluating users’ current permission level every time they attempt to access a system, application, or device, and removing unneeded permissions when tasks are complete, companies can ensure that a compromised user or system will not lead to complete network access.

4. Total control: By continually collecting data about potential security events, user behaviors, and the current state of infrastructure components, companies can respond ASAP when security incidents occur.

5. Application-level security: By segmenting applications within larger networks, organizations can deploy application-level security controls that effectively frustrate attacker efforts to move beyond the confines of their initial compromise point.

Best Practices to Tackle Risk with ZTNA

When it comes to network security and lateral compromise, businesses and attackers are playing by the same rules, but in many cases, malicious actors are playing in a different league. To follow our football analogy, it’s as if security teams are playing at a high-school level while attackers are in the NFL. While the plays and the objectives are the same, one team has a distinct advantage in terms of size, speed, and skill.

ZTNA can help level the playing field — if it’s correctly implemented. Here are three best practices to make it work:

1. Implement Automation

Knowing what to segment and where to create segmentation boundaries requires a complete inventory of all desktops, laptops, mobile devices, servers, ports, and protocols on your network. Since this inventory is constantly changing as companies add new cloud-based services, collecting key data is no easy task. Manual processes could take six months or more, leaving IT teams with out-of-date inventories.

Automating inventory proceeds can help businesses create a functional model of their current network that is constantly updated to reflect changes, allowing teams to define effective ZTNA micro-segmentations.

2. Prioritize Proactive Response

Many businesses now prioritize the collection of “real-time” data. The problem? Seeing security event data in real-time means that incidents have already happened. By capturing complete network visibility, companies can prioritize proactive responses that limit overall risk rather than requiring remediation after the fact.

3. Adapt Access as Required

Security isn’t static. Network configurations change and evolve, meaning that ZTNA must evolve in turn. Bolstered by dynamic visibility from RedSeal, businesses can see where lateral compromise poses risk, where segmentation is working to prevent access, and where changes are necessary to improve network security.

Solving for Sideways Security

Security is a zero-sum game: If attackers win, companies lose. But the reverse is also true. If businesses can prevent malicious actors from gaining lateral access to key software or systems, they come out ahead. The challenge? One-off wins aren’t enough; businesses need consistent control over network access to reduce their total risk.

ZTNA can help reduce the sideways security risks by minimizing available privilege and maximizing network segmentation to keep attackers away from high-value data end zones and instead force functional turnovers to network security teams.

Download our Zero Trust Guide today to get started.

The House Always Wins? Top Cybersecurity Issues Facing the Casino and Gaming Industry

/by

Head into a casino, and you should know what you’re getting into — even if you see some success at the beginning of the night, the house always wins. It’s a truism often repeated and rarely questioned but when it comes to cybersecurity, many casino and gaming organizations aren’t coming out ahead.

In this post, we’ll dive into what sets this industry apart, tackle the top cybersecurity issues facing casino and gaming companies, and offer a solid bet to help build better security infrastructure.

Doing the Math: Why Casinos and Gaming Businesses are at Greater Risk

Gaming and casino industry companies generate more than $53 billion in revenue each year. While this is a big number, it’s nothing compared to the U.S. banking industry, which reached an estimated $4847.9 billion in 2021. And yet at 1/100 the size of their financial counterparts, casinos now face rapidly-increasing attack volumes.

In 2017, for example, a network-connected fish tank was compromised by attackers and used as the jumping-off point for lateral network movement. In 2020, the Cache Creek Casino Resort in California shut down for three weeks after a cyberattack, and in 2021 six casinos in Oklahoma were hit by ransomware.

So what’s the difference? Why are casinos and gaming companies being targeted when there are bigger fish to fry? Put simply, it’s all about the connected experience. Where banks handle confidential personal information to deliver specific financial functions, casinos collect a broader cross-section of information including credit card and income information, social security numbers, and basic tombstone data to provide the best experience for customers on-site. As a result, there’s a greater variety of data for hackers to access if they manage to breach network perimeters.

Casinos and gaming companies also have a much larger and more diverse attack surface. Where banks perform specific financial functions and have locked down access to these network connections, casinos have a host of Intenet-connected devices designed to enhance the customer experience but may also empower attacks. IoT-enabled fish tanks are one example but gaming businesses also use technologies like always-connected light and temperature sensors, IoT-enabled slot machines, and large-scale WiFi networks to keep customers coming back.

In practice, this combination of connected experience and disparate technologies creates a situation that sees IT teams grow arithmetically while attacks grow geometrically. This creates a challenge: No matter how quickly companies scale up the number of staff on their teams, attackers are ahead.

Not only are malicious actors willing to share data about what works and what doesn’t when it comes to breaching casino cybersecurity, but they’re constantly trying new approaches and techniques to streamline attack efforts. IT teams, meanwhile, don’t have the time or resources to experiment.

The Top Four Cybersecurity Issues Facing Casino and Gaming Companies

When it comes to keeping customer and business data secure, gaming and casino companies face four big issues.

  1. IoT Connections
    While IoT devices such as connected thermostats, refrigerators, and even fish tanks are becoming commonplace, robust security remains rare. Factory firmware often contains critical vulnerabilities that aren’t easily detected or mitigated by IT staff, in turn creating security holes that are hard to see and even more difficult to eliminate.
  2. Ransomware Attacks
    Ransomware continues to plague companies; recent survey data found that 49 percent of executives and employees interviewed said their company had been the victim of ransomware attacks. This vector is especially worrisome for casinos and gaming companies given both the volume and variety of personal and financial data they collect and store. Successful encryption of data could shut companies down for days or weeks and leave them with a difficult choice: Pay up or risk massive market fallout.
  3. Exfiltration Issues
    Collected casino and gaming data is also valuable to attackers as a source of income through Dark Web sales. By quietly collecting and exfiltrating data, hackers can generate sustained profit in the background of casino operations while laying the groundwork for identity theft or credit card fraud.
  4. Compliance Concerns
    If casinos are breached, they may face compliance challenges on multiple fronts. For example, breached credit card data could lead to PCI DSS audits, and if businesses are found to be out of compliance, the results could range from substantial fines to a suspension of payment processing privileges. Compromised personal data, meanwhile, could put companies at risk of not meeting regulatory obligations under evolving privacy laws such as the California Consumer Protection Act (CCPA).

Betting on Better Security

Once attackers have access to casino networks, they’ve got options. They could encrypt data using ransomware and demand payment for release — which they may or may not provide, even if payment is made — or they could quietly exfiltrate customer data and then sell this information online. They could also simply keep quiet and conduct reconnaissance of new systems and technologies being deployed, then use this information to compromise key access points or sell it to the highest bidder.

The result? When it comes to protecting against cyberattacks, businesses are best served by stopping attacks before they happen rather than trying to pick up the pieces after the fact. For networks as complex and interconnected as those of casinos, achieving this goal demands complete visibility.

This starts with an identification of all devices across network architecture, from familiar systems such as servers and storage to staff mobile devices and IoT-connected technologies. By identifying both known and unknown devices, companies can get a picture of what their network actually looks like — rather than what they expect it to be.

RedSeal can help casinos achieve real-time visibility by creating a digital twin of existing networks, both to identify key assets and assess key risks by discovering the impact of network changes. For example, casinos could choose to run a port and protocol simulation to determine the risk of opening or closing specific ports — without actually making these changes on live networks. RedSeal can also help segregate key data storage buckets to mitigate the impact of attacks if systems are compromised.

Helping the House Win

Attackers are trying to tip the odds in their favor by compromising connected devices and leveraging unknown vulnerabilities. RedSeal can help the house come out ahead by delivering real-time visibility into casino and gaming networks that help IT teams make informed decisions and stay ahead of emerging cybersecurity challenges.

Ready to tip the odds in your favor? Start with RedSeal.

RedSeal Fills the Gaps in Cloud Security with the Launch of RedSeal Stratus

/by

New platform alleviates security challenges of cloud infrastructures by automatically calculating unintentional exposure of critical resources to the Internet

RedSeal reduces risk by offering security teams a single, comprehensive view of their cloud and continuously meet internal and external compliance mandates

RSA, San Francisco: June 9, 2022 – RedSeal today announced the launch of RedSeal Stratus, a Cloud Native Application Protection Platform (CNAPP) solution. The new solution gives security professionals a ‘blueprint map’ of their enterprise cloud to allow them to accurately identify where and how their business-critical resources are exposed to the Internet. 

Stratus provides a singular view of an organizations cloud infrastructure, either Amazon AWS or Microsoft Azure or both, by creating a comprehensive visualization of connectivity within and between clouds using an agent-less API driven approach. 

Fast Analysis Allows Quick Action

Stratus evaluates policies in cloud gateways, 3rd party firewalls, subnets (NACL policies) and instances (security group policies) with full attack path analysis to calculate unintended exposure and quickly begin remediation steps to prevent ransomware attacks and data breaches.

RedSeal’s patented discovery algorithm creates a dynamic visualization of the connectivity and hierarchical relationship between cloud resources and provides: 

  • Exposure trend analysis for AWS and/or Azure in a single view
  • Exposure information organized by AWS accounts, Azure subscriptions, tags, and security groups
  • A detailed visualization of precisely how critical resources are exposed to the Internet
  • The drill-down details of each control and policy at all security checkpoints

Bryan Barney, Chief Executive Officer at RedSeal, commented: “Public cloud models do not have clear perimeters making it a very different reality compared to on-premise security. It has become a large and highly desirable attack surface for online criminals who will quickly exploit poorly secured cloud ports.”

He continued: “Cloud infrastructures can contain thousands of different resources, and organizations can quickly lose track of where their critical assets are located and how they are connected and secured. Stratus is designed to help our customers See and Secure their entire multi-cloud environment. It gives security teams a centrally and continuously monitored and updated view of their cloud resources, making it easy to spot compliance gaps or respond quickly to breaches or unintended exposure to the Internet.” 

About RedSeal

RedSeal – a security solutions and professional services company – helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments – public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

Tag Archive for: RedSeal Stratus

Nothing Found

Sorry, no posts matched your criteria