FedScoop | June 26, 2018
RedSeal CEO Ray Rothrock said that achieving digital resilience begins when you know about your networks — “where they connect, how they connect, to whom they give access, and what they expose.”
According to Rothrock, there are specific steps agencies should take to improve resilience:
Forbes | June 12, 2018
By Dr. Mike Lloyd, RedSeal CTO
The General Data Protection Regulation (GDPR) zero-hour has finally arrived — enforcement started May 25, 2018. Like students cramming for a midterm, I witnessed a flurry of activity from U.S. businesses since the deadline forced people to pay attention, knuckle down and study.
When students cram for a test, they take any shortcuts they can, and that can make for predictable errors, especially any time there is a mentally comfortable answer that happens to be wrong. Psychologists even have a term for this — they call it “availability bias.” In a nutshell, this is our built-in tendency to assume something is right when it’s easy to recall or that it’s wrong just because it’s harder to remember.
In NSA: The Silence of the Zero Days, published in Data Breach Today, Mathew Schwartz discusses hackers’ rapid response to newly discovered flaws and/or exploits.
I was struck by a quote from David Hogue, the head of the NSA’s Cybersecurity Threat Operations Center (NCTOC). “Within 24 hours of a vulnerability or exploit being released, it’s weaponized and used against us.”
Vulnerabilities don’t get worse; they just get better for malicious actors. Like dynamite, they get more dangerous with age. Over time hackers develop new and more damaging ways to leverage known vulnerabilities. They become part of malware campaigns like WannaCry and NotPetya, which were based on existing vulnerabilities identified in the NSA leaked Eternal Blue exploit.
He also said, “… the existing state of network defenses wasn’t robust enough to make attackers have to rely on secret exploits that might get burned once used. ‘If you can live off the land, so to speak, you don’t need to dip into your toolkit.’”
The whole article is an excellent read and I recommend you do so. I have three main takeaways for government cyber leaders.
Worry about known vulnerabilities.
Rather than fret over exotic zero-day threats, focus on basic cyber hygiene. RedSeal can help by modeling your “as-built” network, including those in the cloud, by calculating all the ways data—and intruders—can move from one point to any other. Leveraging this knowledge of access, RedSeal ranks identified vulnerabilities based on the true risks to the organization, so your team’s effort is focused and maximized.
When zero days are identified, stay ahead of the onslaught.
When a zero-day exploit is made public, every hacker will be scanning for unpatched machines. RedSeal will identify the systems at the greatest risk and help identify the best course of action for each — whether applying a network change or patching the exposed systems.
Streamline and automate NSA’s Cybersecurity Threat Operations Center (NCTOC) best practices in your environment.
Applying NCTOC’s Top 5 SOC Principles to your organization, means using RedSeal to automate processes and free up humans to engage in high impact activities. RedSeal’s network modeling and risk scoring platform provides actionable intelligence for rapid investigation by identifying exposed assets and prioritizing actions.
Do you have a problem identifying and managing your network’s vulnerabilities? Click here to set up your free trial of RedSeal and choose the better way.
Onward Nation Podcast | May 2018
With Ray Rothrock, Chief Executive Officer
Business owners share the most influential lessons learned throughout their careers, including insights into their daily habits, their most vital priorities that have contributed to their business and personal success, and the most challenging time or situation that could have devastated or even ruined their businesses or careers.
In this episode, RedSeal CEO and “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?” author Ray Rothrock discusses:
KQED WorldAffairs | May 21, 2018
With Ray Rothrock, Chief Executive Officer
Cybercrime and cyberwarfare are both on the rise. From businesses large and small to national governments, the question is not if they will experience a cyberattack, but when, how much damage will be done and how long the recovery process will be. In this week’s episode, we discuss the cybersecurity landscape and how businesses and governments can most effectively work together to mitigate risks.
Joining World Affairs CEO Jane Wales are digital security experts Ray Rothrock, CEO of RedSeal and author of “Digital Resilience,” and Richard Clarke, former U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism and most recently, author of “Warnings: Finding Cassandras to Stop Catastrophes.”
Skip Pritchard | May 17, 2018
With Ray Rothrock, Chief Executive Officer
Security incidents are up 66% year-over-year since 2009. Despite this alarming statistic, 80% of CEOs report that they are confident in their company’s cybersecurity. Cybercrime is on the rise. Are you prepared?
Cybersecurity expert Ray A. Rothrock shares the tactics used by hackers and then arms management with the tools to prevent these hacks in his new book Digital Resilience: Is Your Company Ready for the Next Cyber Threat?
Entrepreneur Effect | May 14, 2018
With Ray Rothrock, Chief Executive Officer
Cybercrime is an epidemic, and every business is at risk. For management, the question is not if you will be compromised, but when. 80% of CEOs are very confident in their company’s cybersecurity strategies, despite the fact that security incidents have surged 66% year-over-year since 2009 (PricewaterhouseCoopers). In fact, few are prepared, explains cybersecurity expert Ray A. Rothrock, who demystifies cyber risk and clearly outlines strategies for both surviving attacks and thriving even while under assault.
Forbes | April 4, 2018
By Dr. Mike Lloyd, RedSeal CTO
Two years ago, a federal government civilian agency had a problem.
Nation state actors were targeting the agency, creating numerous cyber events and breaches every day. The media was all over the story. They faced enormous pressure to change the cybersecurity status quo.
The agency’s cybersecurity team knew that they were in reaction mode. They had a gut feeling that they didn’t know as much about their networks as they needed to. Vulnerability scanners were in place, patching was done on schedule, yet incidents kept happening. Were the scanners accurate? Were there missing components on their networks?
After extensive review and testing of the cybersecurity analytics tools on the market, the agency selected RedSeal—initially to manage the findings of the vulnerability scanners and to determine what to fix first, based on risk to high value assets. After expanding the program to thirteen locations, the agency integrated RedSeal enterprise-wide for network mapping and vulnerability prioritization.
The audit team manager said, “Just last week, using RedSeal, we conducted an assessment of a location with 1,500 endpoints and correlated 5,000 vulnerabilities. Further automated analysis by RedSeal showed that only four were a critical threat and should be prioritized for remediation. Normally, the local network engineering staff would have been overwhelmed by 5,000 findings. We saved them a massive amount of work, lowered the risk of a breach and gave them an accurate model of their network for the first time.”
The agency’s Cybersecurity Assessment Team found that with RedSeal the team’s functionality, speed and accuracy was significantly improved. Intuitively, the team members are able to set up RedSeal instances and map the network with a minimum of training and outside consultants. They are also able to easily create reports customized to the needs of each site’s particular mission and responsibilities. “RedSeal is the must-have tool for any cybersecurity assessment team,” was the agency’s conclusion.
Do you have a problem with your time consuming and inaccurate manual vulnerability assessment program? Click here to set up you free trial of RedSeal and choose the better way.
SC Magazine | Feb 28, 2018