Tag Archive for: RedSeal Stratus

Surviving the Worst-Case Scenario: Best Practices for Incident Response

There’s no way around it: Cyberattacks are escalating. According to data from the Identity Theft Resource Center (ITRC), the number of reported data breaches from January to September 2021 exceeded the total volume of breaches in 2020 by 17 percent — and with threat vectors such as ransomware and phishing on the rise, this number isn’t going anywhere but up.

What does this mean? It’s a matter of when, not if, when it comes to network compromise, and companies can no longer assume that security frameworks offer invincibility from evolving cyberattack trends. Instead, they need an approach designed to help them survive the work-case scenario — and come out stronger on the other side.

This is the role of robust cybersecurity incident response (IR) plans. Here’s what you need to know about how these plans work, where they can help, and what steps are necessary for effective implementation.

What is a Cybersecurity Incident Response Plan?

A cybersecurity incident response plan provides a framework for teams to follow in the event of a cyber incident or attack. Research firm Gartner defines an IR plan as something “formulated by an enterprise to respond to potentially catastrophic, computer-related incidents such as viruses or hackers.”

While there are no one-size-fits-all approaches to creating a cybersecurity incident response plan, common components include:

  • Creating an overall strategy to mitigate risk
  • Identifying potential threat vectors
  • Assigning specific tasks to team members
  • Testing the plan regularly to ensure effective operation.

It’s also worth noting that cyber incident response plans play a role in regulatory compliance. With companies now handling large volumes of financial, personal, and health information from various sources, alignment with compliance expectations requires companies to adopt the mandate of “due diligence.” That is, they must take every reasonable precaution to protect data at rest, in transit, and in use. While businesses can’t avoid every cyberattack, lacking due diligence can lead to legal and regulatory challenges. Robust incident response frameworks help ensure organizations are meeting current compliance goals.

How can a Strong Cyberattack Incident Response Plan Help Put the House Back Together?

A robust IR plan helps put your digital house back together by providing a pathway from initial incident detection to eventual remediation. This is critical because when incidents occur, panic and fear are common responses: Teams want to do everything they can to get networks back on track but simply throwing everything you have at the problem — all at once — often leads to process overlap and policy confusion.

By creating a cyberattack incident response plan that lays out a specific order of events when threats are detected and assigns key tasks to staff, teams can respond in unison when attacks occur. For example, one employee may be responsible for identifying the source of the threat, while another looks to quarantine the affected area. Other team members may be tasked with informing C-suite members about what’s happening and ensuring that backup data is safe from harm.

The Phases of an Incident Response Plan: Timing is Everything

Cyber incidents happen without warning and in real-time — they don’t wait for companies to ready their defenses and prepare for an attack. As a result, timing is everything. Businesses must be ready to respond at a moment’s notice when attacks occur to mitigate the overall impact and get systems back up and running ASAP.

To help streamline this process. The National Institute of Standards and Technology (NIST) defines four key phases:

  1. Preparation speaks to the actions taken before an attack occurs. These include regular network evaluations such as vulnerability scans and penetration tests, along with the deployment of protective tools such as encryption software, failover backups, and automated incident analysis tools.
  2. Next is detection and analysis. This includes determining primary attack vectors — such as emails, web applications, brute-force efforts such as DDoS or improper network usage by employees — along with identifying and analyzing signs of compromise such as network performance drops, antivirus warnings, or unusual traffic amounts.
  3. Containment, Eradication, and Recovery policies determine where attack data will be stored for analysis and debriefing, while eradication looks to remove malware code or breached user accounts once attacks are under control. Recovery focuses on bringing systems back online using a staged approach to ensure no threats remain.
  4. Finally, post-incident activity asks the question: What did we learn? By using data collected during the attack, companies can assess what information was needed sooner to improve response, what additional steps might speed recovery, and what steps they can take to prevent future incidents.

Top Tips for Managing Collateral Damage After an Attack

After attacks occur and incident response plans activate, it’s critical to manage collateral damage and get back on track. Five best practices include:

#1 Prioritize Visibility

The more you know, the better prepared you are to respond when attacks occur. By prioritizing network visibility, your team can discover what they don’t know and take appropriate action.

#2 Define Recovery Times

Recovery point objectives (RPOs) and recovery time objectives (RTOs) help set goals for getting back on track and provide a finite resolution to the IR process.

#3 Seek Out Answers

While successfully mitigating an attack offers business value, managing long-term collateral damage means looking for answers about what happened, why, and what can be done to prevent similar breaches in the future.

#4 Leverage Active Backups

Multiple local and cloud backups can help get your systems back up and running. By logically segmenting them from operational networks, you can significantly reduce their risk of compromise and streamline the recovery process.

#5 Practice, Practice, Practice

As noted by the Open Web Application Security Project (OWASP), practice is paramount to ensure IR plans work as intended. From regular drills to simulated, unscheduled attacks, the more you practice your cybersecurity incident response plan, the better.

Surviving — and Thriving — After the Worst-Case Scenario

While the goal of cybersecurity planning is to help companies survive the brunt of an attack and come out the other side relatively unscathed, effective IR response offers actionable post-incident threat data to help enterprises reduce the risk of future attacks. Intelligent network modeling from RedSeal, meanwhile, provides the insight and integrations you need to take action and thrive in the wake of cyberattacks quickly.

By creating a comprehensive model of your network across cloud, hybrid and virtual environments, teams can quickly locate compromised devices, determine which assets are accessible, and take steps to stop attackers in their tracks. Integration with IBM QRader, Splunk Adaptive Response Initiative, and ArcSight, meanwhile, provides end-to-end situational awareness for improved response.

Survive the worst-case scenario — and come out better on the other side — with an in-depth cyberattack incident response plan. See how RedSeal can help. 

Why Cloud Network Segmentation Is Critical to Defense-in-Depth (DiD) Security Model

Cloud computing is hotter than ever before. The reason is quite simple: business organizations find it easier to integrate cloud solutions with their ongoing business operations. In addition, cloud solutions are often more cost-effective than deploying in-house servers and developing custom Information Technology (IT) enterprise tools.

According to Markets and Markets, the global cloud computing market is on track to grow from roughly $445 billion in 2021 to $947.3 billion by 2026, at a compound annual growth rate (CAGR) of 16.3%. More organizations are shifting their pivotal business activities to secure cloud networks. And the growth of innovative cloud technologies in the market adds fuel to the fire of worldwide enterprise cloud adoption.

As more organizations continue to migrate their workloads and applications to the cloud, security issues will become more prominent, requiring a dynamic solution that offers secure communication pathways between complex IT environments. Cloud network segmentation and defense in depth (DiD) security model can provide a way forward.

The Cloud Introduces Unique Security Challenges

Despite its growth and promise,  cloud computing poses many unique cybersecurity challenges. In cloud computing, data is stored with a third-party cloud solutions provider and accessed over the internet. This setup limits the visibility and control over data. Along with that, most cloud computing security risks are associated with cloud data security. A 2021 Statista survey reveals that data loss is one of the top cloud security concerns for 64% of the respondents.

On a similar note, the latest survey from Cloud Security Alliance queried 1900 IT and security professionals from a variety of organizations and found that 58% of the respondents are concerned about security in the cloud. Over 10% of the respondents reported cloud security incidents in the past year with security misconfigurations and cyberattacks such as denial of service being the most common causes.

What is Cloud Network Segmentation?

Network Segmentation is a proven network security technique that divides a network into smaller, manageable sub-networks that enable network security teams to compartmentalize the sub-networks. Once the network has been divided into smaller yet easily manageable segments, the security team can deliver high-end security tools and services to each segment.

But the common misconception is that network segmentation cannot work in the ecosystem due to the dynamic nature of clouds. This dynamic nature coupled with the unlimited scalability of the clouds attracts businesses towards cloud computing. But many believe that it has turned more complex to manage. Some believe that segmentation demands rigid policies defined by Internet Protocols (IPs), suitable for on-premises networks, but not for Software-Defined Networking (SDN). In popular opinion, smaller, structured, and secured zones never work in a dynamic environment like cloud networks.

Contrary to popular notions, today, many business organizations are implementing cloud network segmentation to enhance their cloud security and ensure compliance. It proves that network segmentation can be done in clouds, and it doesn’t need to be so rigid.

What is Defense In-Depth Security Model?

Defense-in-Depth (DiD) security model is the latest cybersecurity strategy that devises a multi-layered defensive mechanism to protect your valuable data and information. During an event of a cyberattack, if one defensive mechanism fails, the next one comes forward to prevent the cyberattack. This cybersecurity approach, with deliberate redundancies, identifies various cyberattack vectors and augments the comprehensive security of a system.

DiD is also popularly known as the ‘castle approach’ as it reminds us of the layered guarding of a medieval castle. To successfully infiltrate a castle, you must face many challenging obstacles such as moats, barricades, ramparts, drawbridges, towers, and bastions. Similarly, a hacker or malware must tackle several cybersecurity barriers to launch an attack on a network or an IT system guarded with Defense In-Depth security model.

Digital technology has stirred up the way we live, work and play. Today, almost every enterprise all over the globe is hurrying up to set its foot in the digital world. But, unfortunately, the digital world is highly vulnerable to various types of cyberattacks. On top of that, a single cybersecurity method can’t successfully protect a digital ecosystem from this plethora of cyberattacks. It is where the Defense-in-Depth security model comes into play.

Defense-in-Depth security model–a multi-layered cybersecurity approach–can significantly improve the security of every segment of IT system from a computer to an enterprise’s Wide Area Network (WAN) that accommodates 50,000 users. When an enterprise deploys different lines of defenses such as firewalls, Intrusion Detection (IDS), and Prevention Systems (IPS) together, it can effectively eliminate the vulnerability of relying on a single cybersecurity solution.

How Does Cloud Network Segmentation Support a Defense In-Depth Strategy?

Cloud network segmentation, at its heart, is a Defense-in-Depth cybersecurity approach. It can effectively reduce the risk of data breaches as it wraps layer upon layer of security around IT systems and data. This multi-layered cybersecurity strategy prevents malicious malware from spreading across every network in a business organization. It can also efficiently block hackers from quickly accessing networks and eliminate the possibility of sensitive data from being exposed.

A handful of cloud security solutions providers bring hybrid cloud security solutions like DiD that can precisely meet your business standards, requirements, and goals.

Build a Solid First Line of Defense with RedSeal

In today’s Digital Age, we witness the rising intelligent integration of cloud computing in the enterprise sphere. In this highly competitive scenario, Cloud Network Segmentation and Defense-In-Depth Security Model, without a doubt, boost the performance, security, and reliability of your network.

RedSeal gives a boost to your enterprise’s cyber resilience in a transparent yet straightforward way. We help business organizations boldly face the challenges of escalating cyber complexity and threats. At RedSeal, we help clients understand the intricacies of their network and the risks associated with it.

Visit us to know more about how our cloud security solutions can help you quickly validate your security policies and prioritize issues compromising your most valuable network assets.

Visibility: The key to proper Cloud Security Posture Management

Cloud security has become increasingly complex and distributed. The rapid transition to remote work and increased cloud adoption have changed the IT landscape dramatically, which has produced new vectors for cyber attacks and data breaches. Today’s cyber criminals aren’t necessarily trying to knock down doors. Organizations are actually leaving many of them open themselves. According to Gartner, through 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

This is an unsettling prediction, but not entirely surprising given realities that teams face today. The overwhelming complexity of the cloud systems asks for both expertise in both application development and security, which is perhaps unreasonable. The placement of security controls has moved away from security teams and into application development teams.

CSPM: The industry’s response to cloud complexity

To deal with this complexity and constant change, a new market segment has emerged broadly referred to as Cloud Security Posture Management (CSPM), which is typically used by security organizations that want the equivalent visibility and security that they’ve had with on-premise environments.

Current CSPM technology aims to help security teams understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured–and to automate as much of it as possible. And while it is largely successful in accomplishing these feats, CSPM in its current form isn’t without its limitations. As we’ve learned in the past with our approach to securing on-premise networks, visibility plays a fundamental role.

The importance of visibility

It’s not uncommon for organizations to lose track of their cloud deployments over time, considering it only takes a developer and a department credit card to spin up a cloud environment. Nowadays developers are empowered to innovate at speed and scale but who is actually keeping track of these newly-created multi-cloud VPCs, VNETs, and VCNs? Even more worrisome–who is responsible for securing them?

There are always unknowns when networks grow and change, but we also know that tools that provide visibility can give security teams a more accurate, dynamic and comprehensive look at what resources they have, how they are connected and the risks associated with them.

Unfortunately, many CSPM tools present their findings in static, tabular forms and it can be challenging to get an understanding of the relationships between resources, such as between multiple accounts and whether they’re shared or not. Teams are often being asked to secure unmonitored cloud environments and can benefit from a visual, interactive model of their organization’s cloud resources.

This visibility allows security teams to gain full awareness of their cloud footprint and reduce their overall attack surface by understanding the interconnectivity between their resources. Some CSPM tools can show connectivity where there is traffic, but security teams want to calculate how an instance gets to the Internet, what security points it goes through, and through which port and protocols.

Understanding end-to-end access

Current CSPM solutions remain insufficient when it comes to accurately calculating access that can lead to data breaches. Many tools simply call into the APIs of CSPs looking for misconfigurations at the compute and container levels but they don’t fully understand “end-to-end” access. For example, they may only look at a setting in AWS that states a particular subnet is “public” so therefore it’s exposed. That’s not necessarily true because there may have other security controls in place, such as 3rd party firewalls or their own Kubernetes security policy.

For example, perhaps a network security engineer who doesn’t understand native AWS and Azure firewalls instead decides to use a 3rd party firewall from a vendor they’re already familiar with. If that firewall is blocking access to the public-facing Internet, current CSPM tools won’t recognize it, and security engineers can spend their days chasing false positives simply due to a lack of accurate information involving access.

Prioritizing exposed resources

With increased cloud complexity comes increased risk–there were over 200 reported breaches in the past 2 years due to misconfigured cloud deployments. Several of the largest data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks, so prioritization efforts should begin there. Unintended access and Shadow IT can also lead to cloud leaks, and so by establishing an “exposure first” security approach, cloud security teams can identify key vulnerabilities and prevent costly breaches.

CSPM is a key ally in the fight to secure the cloud, but security teams need additional visibility and improved accuracy that is still lacking in many

For more information on RedSeal’s CSPM solution, RedSeal Stratus, check out our website. Or sign up for the Pilot program.

RedSeal Opens Stratus Early Adopter Program to Security Teams Struggling with Cloud Security

Stratus — a SaaS-based Cloud Security Posture Management (CSPM) solution — addresses dangers of exposure and unintended access issues; Free webinar and demo on December 8

SAN JOSE, Calif., Dec. 01, 2021 (GLOBE NEWSWIRE) — RedSeal today introduced its Stratus Early Adopter Program, which provides select customers and prospects the opportunity to evaluate the company’s new SaaS-based Cloud Security Posture Management (CSPM) solution. The new Stratus SaaS offering is focused on providing visibility to cloud and Kubernetes inventory and determining exposed resources in cloud and hybrid cloud environments.

Implementing security controls for cloud environments now extends beyond the responsibility of traditional network security teams, and today includes application developers and DevOps teams. These controls must also consider workload containerization such as Kubernetes, and native offerings from Cloud Security Providers such as Amazon Web Services. As a result, there is exponential growth and pervasiveness of misconfigurations, which put high value resources at risk of unintended exposure to the Internet.

Current members of the Stratus Early Adopter Program represent enterprises ranging from banking and financial services firms, to federal government agencies and high-tech companies. These users have reported benefiting from Stratus’ ability to easily see both exposure and conductivity in and across all accounts in a single view.

Security challenges in the cloud have become so prevalent that Gartner has defined CSPM as a new category of security products designed to identify misconfiguration issues and risks in the cloud. As a CSPM, RedSeal Stratus helps security teams better manage this increased risk by:

  • Immediately identifying which resources are unintentionally exposed to the Internet due to misconfigurations
  • Visualizing their complete AWS cloud architecture to truly understand connectivity between and within cloud resources
  • Understanding their Amazon Elastic Kubernetes Service (EKS) inventory and identifying overly permissive user and service accounts

“Everyone knows that visibility is critical for CSPM to meet its full potential, but very few vendors are delivering on this promise,” said Bryan Barney, RedSeal CEO. “What makes visibility so powerful is the true calculation of access and exposure, and not simply the reliance on CSP settings. With RedSeal Stratus, we are now providing the most accurate, reliable and actionable approach to calculating access and exposure in the cloud.”

RedSeal Stratus is currently focused on AWS cloud environments. Recognizing the demand for better security posture management across Microsoft Azure and Kubernetes environments, Stratus will evolve to support these platforms early next year, making Stratus a complete, robust CSPM solution. Participants of the Stratus Early Adopter Program are eligible for a free 6-month subscription to RedSeal Stratus, with up to 3,000 EC2 instances.

Stratus Webinar and Demonstration

RedSeal will be hosting a free webinar for customers and prospects interested in joining the Stratus Early Adopter Program. The online event will take place on Tuesday, December 8th at 11:00am PST and will provide an exclusive overview of RedSeal’s new SaaS-based CSPM solution. The webinar will cover how RedSeal Stratus can help security teams better manage increased cloud security risks with:

  • Complete and up-to-date visualization of cloud infrastructure
  • Detailed knowledge of Amazon EKS accounts and policies
  • Out-of-the-box dashboard that identifies resources that exposed to the Internet

Click here to register for the free event.

About RedSeal

RedSeal — a security solutions and professional services company — helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments — public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif. Follow RedSeal on Twitter and LinkedIn.

Why Cloud Security Posture Management Is Essential to Your Overall Security Plan

I think we’d all agree the last year and a half has brought disruption, and cloud security wasn’t exempt. The Covid-19 crisis has dramatically expanded attack surfaces as companies transitioned to remote work and embraced the cloud. But let’s be clear: the cloud is not a magic bullet. Yes, the cloud is relatively new and exciting, and it does prevent some of the old security mistakes. And yes, the cloud does close off some previously vulnerable spaces. But at the same time, it opens up new ways to do things wrong.

This is where a strategy called cloud security posture management (CSPM) comes in. The goal of CSPM is to find and reduce attack surfaces, and then eliminate misconfigurations through continuous monitoring of cloud infrastructure. This is important, because more than 99% of cloud breaches have their root cause in customer misconfigurations and mistakes, according to Gartner.

House on fire

I like to use the analogy of a brick house. Even if a house is made of perfect bricks, is it immune to falling down? No. Naturally, when you build a house, you want to make sure the bricks you’re using are solid. But even then, the house can still fall if built incorrectly. Cloud innovators push an approach called “shift left” (meaning detecting problems sooner in the build process), but this is no replacement for checking the final result. After all, no matter how carefully you check a building’s blueprints, the final structure will inevitably be different.

CSPM automates the process of ensuring the individual bricks are OK, but more importantly, makes sure the house as a whole is constructed properly, so it won’t collapse when the big bad wolf (or a squad of hackers) comes along and tries to blow it down.

But what makes CSPM so compelling from a security standpoint is that it’s proactive, not reactive like endpoint management or extended detection and response (XDR). These are analogous to fire alarms for your building. Alarms are necessary for sure, but you have to actually prevent some fires, not just wait and react. So, while firefighting is critical, part of your budget should be for tools that prevent fires in the first place and plan ahead for resilience of your infrastructure when a fire does break out.

CSPM is all about being proactive and putting the right processes in place so that fewer fires start, and spread less when they do happen. Sure, mistakes and misconfigurations will still happen. CSPM recognizes this reality, but proactively hunts for the ingredients that drive security fires rather than just accepting that they can’t be stopped.

The fantasy of DevSecOps

Your developers are not security gurus. The framework called DevSecOps advocates adding security practitioners into the software development and DevOps teams. DevSecOps strives to find a happy balance between development teams that want to release software quickly and security teams that prioritize protection. But, to me, this is too optimistic a notion – it glosses over the fundamental differences that must exist between security thinkers and app developers. Developers think “how can I make this work?”, but security is about thinking backwards – “how can this be abused?”

Security is also fundamentally a big-picture problem, where all interactions have to be considered. Getting back to the building analogy, CSPM lets you compare the final structure to the blueprints used to construct it. It allows you to examine the building to see whether there are any flaws or points of structural weakness that the bad guys can exploit to get in. Humans aren’t good at continuous detail checking, but it’s a great job for automated software.

Context is king

Context is everything. The blueprints don’t tell you whether you’re building on sand or building on bedrock. CSPM provides that critical context not just for one section of your structure but for the entire building and its surroundings.

CSPM also automatically determines whether all the cloud applications and services across your entire organization are configured correctly and securely. It’s simply not possible to hire enough security professionals to do that on their own. It’s not that people you have aren’t good; it’s that you’ll never have enough people who are experts in all the rapidly changing cloud languages and configurations.

Bad guys are actively hunting for new openings in your cloud. CSPM is quickly becoming one of the best ways to close the gaps in your security posture and shut the door on those who intend to do you harm.

Check out RedSeal Stratus – our new CSPM tool that offers the worlds most accurate, reliable, and actionable approach to calculating access and exposure. You can join the pilot program now!

Where is the new “Security Stack” hiding?

Security challenges resulting from migrating the security stack to the cloud

The days of the traditional security stack are numbered, brought on by the maturity of shared resource computing and the rapid migration to the public cloud due to the COVID-19 pandemic. This blog will explore a brief history of fortification, its impact on the early internet security architectures, and today’s challenges. I’ll conclude with a few suggestions that every security professional should consider.

From the beginning, cave dwellings were used to protect that of value. Humans have long considered, planned, and implemented various fortification methods. A city wall built around valuable, trusted assets is commonplace from our very early history. Fortification walls were used to protect individuals, tribes, and countries and could be made more secure by adding additional layers. The extra layers of defense increased the protection by the means known as “defense in depth” whereby a compromise in one other layer would sufficiently hinder further advancement or retreat by the attacker.

Fast forward to the late 20th century, many Request for Comments (RFC) drafted, outlined the internet foundation by focusing on moving datagrams from point A to point B. The primary concern was redundancy, resiliency, and reliable delivery of information. However, in the last few years of the 20th century, three essential security concepts were explored: confidentiality, integrity, and availability, known as the “CIA Triad.” Think of CIA as security that attempts to ensure information from the sender can:

  1. only be read by the receiver
  2. while in transit, the data has not been changed or tampered with
  3. the information reaches the intended audience

The 21st century brought a flurry of security and technologies based on ancient, fortified city walls. These defense in depth architectures often made the incorrect assumption that data inherited implicit trust based on location. For instance, data inside a corporate network was not scrutinized equally to data outside the corporate network. These initial security tools – the “Security Stack” – were often placed at the ingress/egress points of the network to inspect, analyze, prioritize, route, and scan for nefarious activities or threats from outside the network perimeter.

The problem with relying on perimeter-based security alone is people. People have always been migratory, traveling beyond the city walls. Speaking for myself, I have worked remotely, assisting companies with network security for 20+ years. As a “road warrior”, my network connections are from hotels, public hotspots, and client networks that have traversed untrusted networks. To prevent unauthorized access, my company had had to apply additional security controls to allow me to be connected successfully behind the “security stack.”

Between 2006 and 2010, the concept of shared computing resources took hold, and the promise of more computing power for less cost fueled a steady adoption rate over the next decade. Cloud service providers (CSPs) like Amazon, Microsoft, Google, Oracle, and others saw a steady, predictable increase in the use of shared resources located within a CSPs network, A.K.A “Public Cloud Network.” However, with the advent of cloud computing, the lines between trusted and untrusted networks were further obscured, and the need for visibility into and across disparate networks became more evident.

2020 brought with it a pandemic that forced hundreds of millions of employees to connect from untrusted sources and work remotely, in many cases bypassing the traditional security stacks intended to provide defense in depth. Corporations faced an unforeseen lack of visibility and conventional tools failed.  This rapid migration of corporate workloads (applications) to cloud computing combined with a disintegration of the traditional security stack has resulted in an environment of ever-increasing attacks and ransomware.

Post pandemic, the traditional security stack has dispersed. Some components still reside in on-premises networks, some in the public/private clouds, some at the network perimeter edge, and some on the endpoint device. The critical lesson is that the “edge” is no longer the boundary of location. The new “edge” is now the boundary of information. Data is the new edge.

To achieve security in modern networks, visibility is now more critical than ever. Complex architectures based on, IaaS, PaaS, SaaS, and On-Premises resources combined with new wide-area transport systems like SD-WAN, and a myriad of security filters in the form of cloud regions, accounts, VPC/VNETs, Network ACLs, Security Groups, and tools like SASE (Secure Access Service Edge), and Transit Gateways are indeed the new modern “Security Stack.” To secure this modern-day infrastructure, the corporation needs unparalleled visibility, awareness of where vulnerabilities exist, and connectivity across all network clouds and on-premise.

Finally, here is a message for the CISO or security professional searching for solutions. Ask yourself the following questions and seek answers for any you are unsure of.

  1. How well do your security teams understand cloud inventory?
  2. How do you check to see if resources are unintentionally exposed to the internet?
  3. How do you validate cloud segmentation policies and remediate them?
  4. How do you prioritize vulnerabilities in a public cloud environment?

For tips on how to “Safeguard Your Cloud Journey with a Comprehensive Security Solution” download our data sheet.

RedSeal and Cloud Security Posture Management

According to Gartner’s Innovation Insight for Cloud Security Posture Management, this year (2021), “50% of enterprises will unknowingly and mistakenly have exposed some applications, network segments, storage, or APIs directly to the public internet”. And by 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

What do these statistics say about the changing face of cybersecurity? Twenty years ago, the most common source of security failures was naïve user behavior, typically clicking on a malicious email attachment or link. In on-premise environments, this is still a common vector of infection, but in the cloud the problem is not naïve users, it is overwhelmed administrators. 99% of cloud security failures will be the customer’s fault, because cloud platforms and applications will simply be misconfigured. Let that sink in. Simple misconfigurations were never the primary source of security failures in the past.

Administrators aren’t stupid; they misconfigure systems because they are overwhelmed. Of course, there is a chronic shortage of security talent, but that has been true for decades. What has changed, with the advent of cloud computing, is the overwhelming complexity of the systems. Cloud security controls and best practices are very different from those used in on-premise environments. Those available in AWS are similar, but different from those in Azure, or Google Cloud. Kubernetes has a unique security model of its own, and all these environments are changing constantly.

To deal with this complexity and constant change, a new family of technology has emerged broadly referred to as Cloud Security Posture Management (CSPM). The goal of these technologies is to help admins understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured, and whether it meets various compliance standards.

For more than a decade, RedSeal has been in the business of helping customers understand their on-premise networks i.e. what devices are on the network, how they are connected, and the security implications of their configuration. We do this by creating a detailed model of their network that can be compared against best practices, compliance standards, and the customer’s intended network design (customers are almost always surprised with how different their network is from what they originally intended). Put simply, customers use us to find and correct network misconfigurations.

With data centers and networks moving to the cloud, our customers are increasingly asking us to help them find and correct cloud misconfigurations as well. They need an accurate model of their cloud environments to understand questions like how many cloud accounts they really have, what resources are in each, what security controls are in place, what is the aggregate effect of all those security controls on resource access, and are any resources inadvertently exposed to the internet. They often have a basic design for their cloud but are unsure if their implementation is consistent with their intentions. The truth is, it never is, and they need a product that can provide them with a reality check.

At RedSeal, our mission is to provide organizations with technology that allows them to understand their network, hybrid, and cloud security posture. Because cloud technology is so complex, and changing so quickly, organizations need powerful technology to understand their implementation. They need to model their environment, so they can easily spot flaws. Our tag line is “See and Secure” because you can’t secure what you don’t understand.

For more information on RedSeal Stratus, our new CSPM solution, click here.

For more information of ways that RedSeal can help avoid unintended internet exposure, check out our Solution Brief.

If you’re concerned about your EKS Security, click here.