Blog      Demo      Contact      888.845.8169
RedSeal Networks

Dark Reading | February 03, 2014

LockPath Now Integrated With RedSeal

LockPath, the leading provider of governance, risk management, and compliance (GRC) solutions, today announced a new connector between LockPath's Keylight platform and leading network infrastructure security management partner, RedSeal Networks. The integration dramatically improves organizational visibility into critical vulnerabilities at an asset level and gives risk managers the ability to prioritize vulnerabilities based on severity.

Read Article

Security Week | January 31, 2014

How Difficult Is Your Maze? How To Be A 'Hard Target'

Suddenly, an early 90’s Jean Claude Van Damme movie is relevant again, at least due of its name. Every security team that can fog a mirror is asking the question “what just happened at Target, and how do we make sure that doesn’t happen to us?”. The objective, of course, is to be a “hard target” – that’s a great goal for any security practice (although in the real world, it doesn’t involve bumping off the bad guy at the end of the movie).

Read Article

Government Security News | January 29, 2014

RedSeal Networks Platform Chosen for Government Security News Homeland Security Award

RedSeal Networks Solution Named ‘Best Continuous Monitoring Solution’ for Second Consecutive Year

Read Article

Dark Reading | January 24, 2014

How To Get The Most Out Of Risk Management Spend

Dark Reading recently spoke with a number of security and risk management experts, who offered practical tips for getting the most out of risk management. They say smart risk management strategies can make it easier to direct security funds to protect what matters most to the business. Organizations that use them typically can base their spending decisions on actual risk factors for their businesses, rather than employing a shotgun strategy that chases after every threat under the sun. Here are a couple of ways to start making that happen.

Read Article

Acumin | January 10, 2014

Cyber criminals run rings around IT professionals, survey finds

IT security professionals are unsure about how to improve their company’s security measures to protect against cyber attacks and cyber criminals. A survey reveals that 41 per cent of IT professionals believe it is only a matter of time before there is a major cyber attack against the United Kingdom’s critical national infrastructure.

Read Article

SC Magazine | January 02, 2014

Case study: Network clarity

As one of the largest natural gas and electric utilities in the United States, Pacific Gas and Electric Co. (PG&E) is the very definition of critical infrastructure. And, like any large business, it has to defend its tens of thousands of devices on different network segmentations from cyber attacks.

Read Article

Forbes | December 20, 2013

The Mac That Came Back From The Dead And Other Friday Stories

Giving Up On Providing Security. Not sure why all the weird stories are coming from the Brits this week, but according to a poll of 350 UK executives (conducted by OnePoll and sponsored by network infrastructure security firm RedSeal Networks), “30 percent of IT departments admit they have to turn a blind eye to critical security vulnerabilities because they just do not have the time or tools to sort them out, and 28 percent said they need more sophisticated tools to help them make sense of the deluge of data.” Why didn’t we think of this before? Ignorance really is bliss.

Read Article

Infosecurity Magazine | December 18, 2013

IT Professionals: "We're Losing the Cyberwar"

In a survey commissioned by RedSeal Networks, and carried out by OnePoll, 55% of IT departments said that they cannot or do not know if they can truthfully assure executives that they are secure. And, 51% of IT professionals polled said that they could not walk into a board meeting and provide the board with key performance indicators to show what level of success their investment is having in defending the network against the hacking community.

Read Article

Network World | December 18, 2013

Enterprise Organizations Identify Incident Detection Weaknesses

In the past, many large organizations spent about 70% of their security budgets on prevention and the remaining 30% on incident detection and response. Prevention is still important but given the insidious threat landscape, enterprises must assume that they will be breached. This means that they need the right processes, skills, and security analytics to detect and respond to security incidents effectively, efficiently and in a timely manner.

Read Article

ITProPortal | December 17, 2013

IT professionals: UK is losing battle against cybercrime

Commissioned by security firm RedSeal Networks and conducted by OnePoll, the survey of 350 IT professionals found that when asked by the board if the company was secure, 55 per cent had to admit that they could not truthfully answer yes.

Read Article

International Business Times | December 17, 2013

Major Cyber Attack on UK National Infrastructure 'Only a Matter of Time'

Research has shown that 41% of IT professionals believe it is only a matter of time before there is a major cyber attack against the United Kingdom's critical national infrastructure (CNI).

Read Article

SC Magazine | December 17, 2013

IT under threat from 'major' cyber attacks

In a study of 350 IT professionals in the UK, security management solution provider RedSeal Networks found that a significant number of professionals felt under-resourced, short on time, and subsequently were ignoring ‘critical' security vulnerabilities and fearing ‘massive' cyber attacks.

Read Article

IT Security Guru | December 16, 2013

Attack against critical national infrastructure "only a matter of time", as security professionals wade through incident data

Research has showed that 41 per cent of IT professionals believe it is only a matter of time before there is a major cyber attack against the United Kingdom’s critical national infrastructure.

Read Article

Vigilance | December 16, 2013

No Xmas fun for IT as they admit to losing the cyber-warfare battle

As most other departments are celebrating the Christmas spirit, give a thought to the IT professionals who feel more like groaning “Bah humbug” than “Merry Christmas,” as they admit to feeling lost when it comes to trying to protect the company against cyber-attacks and cyber-criminals. This could be a big problem for all of us, as 41 percent of IT Professionals believe it is only a matter of time before there is a major cyber-attack against the United Kingdom’s critical national infrastructure. A further, 17 percent are simply not convinced it will not happen.

Read Article

Pro Security Zone | December 16, 2013

Lack of time hampers fight against security vulnerabilities

As most other departments are celebrating the Christmas spirit, give a thought to the IT professionals who feel more like groaning “Bah humbug” than “Merry Christmas,” as they admit to feeling lost when it comes to trying to protect the company against cyber-attacks and cyber-criminals. This could be a big problem for all of us, as 41 percent of IT Professionals believe it is only a matter of time before there is a major cyber-attack against the United Kingdom’s critical national infrastructure. A further, 17 percent are simply not convinced it will not happen.

Read Article

bobsguide | December 16, 2013

UK IT professionals fear they are losing the cyber-security battle

Only a minority of 350 UK IT professionals surveyed by One Poll this quarter, on behalf of RedSeal, have said they could truthfully tell the board at their organisation they are secure from cyber-attack, with just 44% of respondents agreeing they could make this statement, while 36% said they couldn’t and 20% opted for don’t know.

Read Article

Information Security Buzz | December 16, 2013

No Xmas Fun for IT as They Admit to Losing the Cyber-Warfare Battle

As most other departments are celebrating the Christmas spirit, give a thought to the IT professionals who feel more like groaning “Bah humbug” than “Merry Christmas,” as they admit to feeling lost when it comes to trying to protect the company against cyber-attacks and cyber-criminals. This could be a big problem for all of us, as 41 percent of IT Professionals believe it is only a matter of time before there is a major cyber-attack against the United Kingdom’s critical national infrastructure. A further, 17 percent are simply not convinced it will not happen.

Read Article

Dark Reading | December 16, 2013

Moving Beyond SIEM For Strong Security Analytics

While security information and event management (SIEM) tools have certainly helped many an enterprise IT organization get a better handle on aggregating and analyzing logs across disparate security tools, these organizations are starting to butt up against the limitations of SIEM. And as enterprises seek to gain more insight into business trends and user activity affecting security stances, they're finding that they shouldn't make the mistake of confusing the use of SIEM for the existence of security analytics practices.

Read Article

Security Week | December 13, 2013

How Was Your Year In Security?

2013 is rapidly running out, and 2014 is fast approaching. Security, like every other arena, can benefit from taking a step back to consider what we’ve done, where we’re going, and what we should try to do differently. (For myself, I’m writing this in the air, on what should be my last business trip of the year. One of my goals for next year is to lose status with another airline – we’ll see if I can manage that.)

Read Article

Security Week | November 25, 2013

What Is "Good Enough" Security?

Have you seen the spat between Wyndham Hotels and the Federal Trade Commission? Wyndham already suffered a painful and public breach, dating back to 2008. The FTC filed a lawsuit over a year ago, saying that Wyndham had not done enough to prevent it. Wyndham’s position is that the FTC has no authority to police their security practices.

Read Article

Security Week | October 25, 2013

Big Data Security Analytics: Building The War Room

After my last column complaining about the hype to delivery ratio in Big Data for security analytics, I seem to have convinced some people that I’m anti-Big-Data. That’d be like ordering the tide not to come in (and as far as we can tell, Cnut was misunderstood when he tried that too). Let me take the other side this time – what do we know about effective use of security analytics?

Read Article

USA Today | October 23, 2013

State Department webpages defaced

The defacement of the Our Planet subdomain on the United States Department of State website by Indonesian hacker Dbuzz shows how vulnerable the vast majority of web properties are to subversive idealogues. The nuisance attack -- reported by hackread -- is akin to spraying graffiti on a business or agency front door: "Hacked by Dbuzz" in the case of the State Department's webpage.

Read Article

Dark Reading | October 17, 2013

10 Pitfalls Of IT Risk Assessment

As IT organizations seek to make better risk-based decisions about security practices, perhaps the number one component for success is the IT risk assessment. However, even when organizations actually conduct a risk assessment, they frequently fall prey to mistakes that can greatly devalue the exercise. Here are some of the most common blunders to avoid.

Read Article

BankInfoSecurity | October 14, 2013

Big Data Analytics: Starting Small

Security teams struggling to detect signs of threats hidden in mountains of data are attracted to big data analytics. But experts advise security professionals to take an incremental approach, starting out with smaller projects. That's because the capabilities of the new analytical tools are still evolving.

Read Article

Federal News Radio | September 25, 2013

Army gets the green light for major IT security reorganization

Key congressional committees have signed off on an Army request to spend $175 million to significantly restructure the way the service secures its computer networks. The Army will begin with nodes in the U.S. and in the Middle East, which officials said is one of the first major leaps ahead toward DoD's eventual Joint Information Environment (JIE).

Read Article

Dark Reading | September 24, 2013

Connecting The Dots With Quality Analytics Data

Security analytics practices are only as good as the data they base their analysis on. If data simply isn't mined, if it is of poor quality or accuracy, if it isn't in a useable format or if it isn't contextualized against complementary data or risk priorities, then the organization that holds it will be challenged to scratch value out of analytics.

Read Article

Security Week | September 20, 2013

Big Problems In Big Data

Hi, my name is Mike, and I’m a big data skeptic – especially when it comes to security. It’s pretty clear this puts me in the minority, especially among the noise-makers – the Rolling Thunder Big Data Revue is in full swing, passing through airports and filling billboards all over town.

Read Article

Dark Reading | September 18, 2013

3 Steps To Secure Your Business In A Post-Signature World

While phishing, reconnaissance scans, social engineering, and other opportunistic attacks still comprise the lion's share of malicious activity seen by most companies, a growing proportion of attacks are able to evade signature-based defenses. Cybercriminals using fully undetectable (FUD) services can create variants that are unrecognizable to antivirus programs, and targeted attacks increasingly use custom-built malware designed to tiptoe past the target's defenses.

Read Article

Dark Reading | September 16, 2013

Is The Perimeter Really Dead?

Even while mobile, cloud, and software services are blurring the lines of corporate IT boundaries through deperimeterization, enterprises still continue to spend increasing amounts of security budget on perimeter protection. The question is, are they wasting their money? It's one of the most contentious questions in security -- perhaps only behind the one about the usefulness of antivirus. So it is no surprise that the answers are varied.

Read Article

Dark Reading | September 10, 2013

7 Starter Steps For Security Analytics Success

As organizations try to find better ways to improve their security practices, increasingly they're finding that the secrets to success are not written in runes in a far away land. They actually exist right there in enterprise, hiding away in log data, metadata, unstructured data and plenty of other instrumentation data feeds pumping out information constantly for those willing to harvest and examine them.

Read Article

GCN | September 04, 2013

The key to getting your money's worth out of IT security tools

Federal budgets are tight and money is not likely to get any looser in the foreseeable future, so making sure you get value from a cybersecurity investment is critical, said U.S. Postal Service corporate information security officer Chuck McGann.

Read Article

GCN | September 03, 2013

How USPS merges compliance, security in its huge enterprise

With more than 35,000 facilities operating across the country, understanding the U.S. Postal Service’s networks — let alone securing them — is a major challenge.

Read Article

USA Today | August 28, 2013

How a low-level hack shut down the New York Times

The extended online outage of the New York Times highlghts a profound, long-standing security weakness in digital commerce: the pervasive use of a simple username and passwords to access online accounts.

Read Article

Network World | August 23, 2013

$6B DHS Cybersecurity Contract Sets Off Race To Supply Real-time Monitoring To Feds

Along with IBM, the systems integrators winning a spot on CDM include Booz Allen Hamilton, CSC, Knowledge Consulting Group, Lockheed Martin, Northrop Grumman, SAIC and ManTech. The contract also brings in dozens of vendors of monitoring, scanning, log management and security-information and event management tools. These include McAfee, Symantec, ForeScout, Splunk, Veracode, Rapid7, Core Impact, Microsoft, RedSeal, nCircle and several more. ForeScout, for example, said its CounterACT monitoring product has been included in product suites put forward by 11 out of the 17 systems integrators winning the contract.

Read Article

Security Week | August 23, 2013

How to Get Ahead in Risk Management

Risk management is easy enough to say, but pretty tricky to get right in practice. Some organizations are asked to do it by concerned board members looking for reassurance in an increasingly scary online world.

Read Article

PC Magazine | July 23, 2013

Apple Portal Attack Not Malicious, But Developers Still a Target

PC Magazine interviewed Dr. Mike about the most recent Apple “intruder” and the danger of “hub site” breaches.

Read Article

Security Week | June 28, 2013

Getting Real About Real-Time Security

In this article, Dr. Mike explains how continuous monitoring allows enterprises to continuously see and understand their risk posture, and why the concept is so often misinterpreted.

Read Article

Dark Reading | June 20, 2013

Why Are We So Slow To Detect Data Breaches?

Ericka Chickowski explains why many organizations are so slow to detect data breaches and how companies can improve the visibility of their networks and talks to Dr. Mike Lloyd about picking up the patterns of attack and what organizations can do to protect themselves and their data.

Read Article

PC Magazine | June 19, 2013

US, Russia to Share Cyber-Security Data to Defend Critical Systems, Avoid Cyber-War

PC magazine explores the trend of security data sharing within the cyber-security industry, the most recent data sharing between the U.S. and Russia and future of international cyber-security. Fahmida Y. Rashid speaks to Dr. Mike Lloyd regarding these important issues.

Read Article

USA Today | June 12, 2013

Snowden case: How low-level insider could steal from NSA

USA Today reporters Byron Acohido and Peter Eisler report on the Snowden/NSA scandal, investigating the claims made by Snowden. USA Today speaks with Dr. Mike Lloyd regarding the complex problem that many organization face in securing massive networks.

Read Article

USA Today | June 11, 2013

Could Edward Snowden really shut down the NSA?

Byron Acohido delves deeper into the claims made by Edward Snowden regarding the NSA data mining scandal. Does Snowden’s intelligence extend as far as he claims? Acohido speaks with Dr. Mike Lloyd on the subject.

Read Article

Security Week | May 31, 2013

Continuous Monitoring and the Confusion It Causes

How much automation should you employ in risk management? What’s the best ratio of detection mechanisms to preparation techniques? Dr. Mike Lloyd explains to Security Week just why the private sector has cyber risk management all wrong, and what the government agencies are doing right.

Read Article

RCR Wireless | March 04, 2013

Reader Forum: The myth of BYOD – Why network access is the key to security

Managing the access between the wired and wireless networks to enforce exactly what access is allowed to BYOD devices has to be the first step in any wireless initiative – before any thought of managing the mobile device can be considered.

Read Article

Dark Reading | February 15, 2013

More Intelligent Services Help Rein In Security Policies

When setting and managing policies--whether using only on-premise technology or taking advantage of a service--companies should start by keeping the high-level goals in mind and do a complete inventory of their assets, says Mike Lloyd, chief technology officer for security-management firm RedSeal Networks. Following the initial creation of policies for the organization and technical policies for each device, the security team should also validate that each part of the network complies with policy.

Read Article

Fast Company | February 13, 2013

Barack Obama Is The First Cyber War President, But A President Can't Win A Cyber War

RedSeal Networks develops security assessment software for government and large corporations, Another In-Q-Tel-backed company, Tenable, handles vulnerability management projects for large and small clients while even collaboration platform Huddle receives funding to make secure communication tools for government agencies. In-Q-Tel's Dan Geer wrote in 2010 that the CIA-linked venture capital firm's goal in cybersecurity investments is to pursue “the absence of unmitigatable surprise.” Once again, that defensive posture shows up.

Read Article

Dark Reading | February 12, 2013

Taming Big Bad Data For Better Security

For companies, then, the first step is finding missing systems -- and missing data -- in their networks, Lloyd says. "What we found is that all security teams have dark space in terms of big data," he says. "If you don't have all your data, you can't do good big-data analytics."

Read Article

(IN)SECURE | February 06, 2013

RedSeal 6.5 supports BYOD, SIEM and risk metrics

“In an ideal world, CISOs, CIOs, IT security directors and administrators can take a look at their network and close any gaps that expose vulnerabilities, but the reality is, most organizations have ‘known unknowns’ – assets that are out of sight, not properly monitored or tracked, but important due to their downstream impact on other assets that are visible,” said Parveen Jain, president and CEO of RedSeal Networks. “You can’t protect what you can’t see.”

Read Article

eWeek | February 06, 2013

RedSeal Targets Network 'Dark Space' With Big Data Analytics

In the latest release of the RedSeal Platform, version 6.5, the vendor addresses "dark space" – a term meant to describe the parts of the network infrastructure that is unmanaged, unmonitored and unseen by security tools because security administrators are unaware of its existence. With RedSeal 6.5, the company looks to solve this issue by enabling users to see a complete map of their infrastructure.

Read Article

AFP | February 05, 2013

Twitter hit by 'sophisticated' cyber attack

"The breach at Twitter is yet another wake up call -- have we had enough yet?" said Mike Lloyd, chief technology officer at security firm RedSeal Networks.
"Attackers are clearly a step ahead of most defenders -- it's a war between corporations and data thieves, and we're losing."

Read Article

Dark Reading | November 28, 2012

7 Risk Management Priorities For 2013

"Continuous monitoring will be taken up by [or required of] anyone doing business with the U.S. government, and will end the year closer to being a standard 'best practice' for all organizations," says Lloyd, CTO of Red Seal Networks

Read Article

Tech Target | November 19, 2012

U.S. cybersecurity efforts down but not out after Senate vote

With so much of the critical infrastructure run by private companies, it's difficult to protect national interests, said Mike Lloyd, chief technology officer at security management firm RedSeal Networks Inc. These competitive, profit-driven companies often put security on the back burner, he said. "If your market competitor outpaces or underspends and takes imprudent risks, you have a nightmarish choice: Do you take risks too, or do you play it safe and lose market share in the hopes there will be a major incident for your competitor and not for you?" he added.

Read Article

ReadWriteWeb | November 16, 2012

Cybersecurity Bill Dies, Obama Signs Cyberwar Directive. What's Next?

"Global IT infrastructure is a world of glass houses, and there’s an escalating trend of people throwing stones,” Mike Lloyd, chief technical officer of RedSeal Networks, told ReadWrite in an email. "Sometimes it’s necessary to move beyond your own glass house to catch someone who is threatening or actually attacking your infrastructure. "

Read Article

Government Computer News | October 29, 2012

Proactive, continuous monitoring key to thwarting cyber crime

Cyber warfare is here and if we don't shift the way we think and strengthen our defenses, we will pay the price down the line, writes Jim Flyzik.

Read Article

Dark Reading | October 26, 2012

Monitoring To Detect The Persistent Enemies

Having more layers is a good thing, because attackers are always motivated to get a step ahead, says Mike Lloyd, chief technology officer with RedSeal Networks, a networking monitoring firm.

Read Article

Business Insider | October 18, 2012

Here's How The US Invited Iranian Hackers To Attack America's Banks

The U.S. isn't in the best position to invite cyberwar. People in glass houses shouldn't throw stones. [And] unfortunately, it's not just that—very simple stones can break our glass windows. We have very thin defenses.

Read Article

Dark Reading | August 31, 2012

ABCs Of Factoring Risk Into Cloud Service Decisions

"Many organizations are stuck in either of two bad answers: either 'damn the torpedoes, we're going ahead with no idea what we're getting into,' or 'no way, no how,'"says Dr. Mike Lloyd, CTO of RedSeal Networks. "Both are clearly bad."

Read Article

Stockhouse | August 23, 2012

McAfee Security Innovation Alliance Adds New Partners

Current McAfee SIA Technology Partners Cyber-Ark Software, RedSeal Networks, and Securonix have achieved “McAfee Compatible” status for additional integrations. McAfee has worked with these partners to test and validate their integrations for their adherence to best practices for integrating with McAfee products.

Read Article

Dark Reading | August 22, 2012

5 Systems You're Forgetting To Patch

"When a given database costs serious amounts of dollars per minute of downtime, the application owners are very reluctant to patch," says Dr. Mike Lloyd, CTO of RedSeal Networks.

Read Article

Homeland Security Today | August 20, 2012

Finding New Infrastructure Solutions

“People might assume that our critical infrastructure—for example, power generation and distribution networks—are all built from cutting-edge networked equipment, but the reality is the opposite,” Mike Lloyd, chief technology officer at RedSeal Networks, Santa Clara, Calif., noted. “Critical infrastructure is generally built for reliability, meaning an ability to stay up during natural disasters or other ‘unintelligent’ situations. This means, for the [information technology] equipment, the old and well known is strongly preferred over the new. But as we’ve all learned on our laptops, old software is very bad when considering smart attackers—old equipment has old misconfigurations and old vulnerabilities. It’s not at all uncommon to find antiquated operating systems, or industrial machines with open phone line access, and even vendor-supplied passwords.”

Read Article

KLIV Radio | August 14, 2012

KLIV Interview with Dr. Mike Lloyd - Securing Critical Infrastructure

Cyber attacks are no longer just the work of criminals and mischievous hackers. There is a lot more going on where nation states have been launching attacks on other peoples' infrastructure. Simply put, in a world of glass houses it gets quite interesting when people start throwing stones.

Read Article

Infosecurity Magazine | July 30, 2012

Cyberattacks on critical infrastructure increase 17-fold, says NSA chief

In response to the New York Times story, Mike Lloyd, chief technology officer at RedSeal Networks, observed that “all infrastructure targets share a common defensive problem: too much complexity. As the attackers move to greater and greater automation, the defenders must do likewise, exhaustively testing their existing network defenses so they can find weaknesses before the attackers do.”

Read Article

Broadcast Newsroom | July 30, 2012

New Report Shows Dramatic Increase in Uptake of Continuous Monitoring

RedSeal Networks, the world's leading proactive enterprise security management provider, today highlighted results of the recent ESG Research Report, "Security Management and Operations," which found that a growing number of organizations are adopting continuous monitoring to improve protection of their electronic assets and validate compliance with required security policies.

Read Article

Fast Company | July 18, 2012

The Messianic Spyware Buried In A Fake Daily Beast Article

According to the CTO of security firm RedSeal, Mike Lloyd, “Mahdi should remind anyone of the old idea that people in glass houses shouldn’t throw stones. This latest malware does not show signs of being complex and expensive, but the relative simplicity of the weapon (compared, say, to Flame) does not mean it’s less effective at reaching its goals. Globally, our infrastructure is weak – there have been steady increases in complexity, and networks continue to become more interdependent. Research shows that easy attacks work, and are at the core of the majority of detected breaches. Attackers do not need major nation-state resources to compromise most defenses. The motivation behind this specific outbreak may be international espionage, but these techniques and others demonstrate how easily defenses can be compromised, including for corporate espionage, theft, or acts of war.”

Read Article

Infosecurity | July 17, 2012

'Messiah' malware arises in the Middle East

Commenting on the discovery of Mahdi, Mike Lloyd, chief technology officer of RedSeal Networks, said that the malware “does not show signs of being complex and expensive, but the relative simplicity of the weapon (compared, say, to Flame) does not mean it’s less effective at reaching its goals….The motivation behind this specific outbreak may be international espionage, but these techniques and others demonstrate how easily defenses can be compromised, including for corporate espionage, theft, or acts of war."

Read Article

Signal Magazine | July 11, 2012

The Future Landscape for Communications

Prem Iyer, vice president, North America Channel Sales, RedSeal Networks Incorporated, explained that there is no panacea solution to mobile security, and he talked about problems with applications security. Mobile devices also bring in another level of risk less common with large desktops or other traditional computing equipment—the ease with which mobile tools can be lost or stolen. Iyer stated that security has always been a challenge in the world of mobility, an issue that takes on increased meaning for warfighters. “Operations will always trump security,” he said. Security must become an enabler to use with developers integrating it into systems from the beginning, not adding it on at the end.

Read Article

Market Watch | June 18, 2012

Bay Area News Group Showcases RedSeal Networks Among the Top 10 Workplaces for 2012

"Every company's greatest resource is its people so this award holds particular significance as we've worked very hard to build a dynamic and rewarding workplace culture," said RedSeal Networks President and CEO Parveen Jain. "It's particularly gratifying to have been nominated for this award by our employees and hear just how much they love being a part of the RedSeal team. RedSeal has always been characterized by an incredible group of talented and committed contributors."

Read Article

Federal Buyers Guide | June 18, 2012

Bay Area News Group Showcases RedSeal Networks Among the Top 10 Workplaces for 2012

RedSeal Networks, the leading provider of proactive enterprise security management solutions, further cemented its bellwether status atop the IT security industry sector today in being named as one of the Bay Area’s Top Workplaces for 2012 by The Bay Area News Group (BANG).

Read Article

Business Insider | June 05, 2012

CYBERSECURITY EXPERT: The US Is Vulnerable To Viruses Much Simpler Than Those It Used Against Iran

"It's not about whether these fancy weapons, that look like we built, could be used on us," Dr. Mike Lloyd, Chief Technology Officer at Red Seal Networks said. "We need to take a step back and think, 'What kind of weapon would it take to hurt us?' And the answer is that simple weapons work today."

Read Article

Computerworld | June 02, 2012

Government role in Stuxnet could increase attacks against U.S. firms

"We now as a nation have painted a huge target on our back," said Mike Lloyd, chief technology officer at security vendor RedSeal Networks. By choosing to develop and use cyber weapons such as Stuxnet, the U.S. has basically exposed its own companies and networks to the same kind of threats, Lloyd said.

Read Article

Market Watch | May 30, 2012

RedSeal Networks Wins Red Herring Top 100 Award

"We are honored to be recognized by Red Herring as one of the most innovative and promising private companies in the United States today," said Parveen Jain, president and CEO of RedSeal Networks. "This award is simply another vote of confidence and affirmation for our growth strategy and the work we are doing to help our commercial and government sector customers proactively protect their network infrastructure and reduce overall IT risk."

Read Article

Infosecurity | May 10, 2012

Drowning in data: Security professionals look to metrics for a lifeline

“We are drowning in details; we have mountains of facts but very little useful information”, observed Mike Lloyd, chief technology officer with RedSeal Networks. “People agree that the right way to deal with this is using metrics”, he told Infosecurity.

Read Article

Network Computing | May 04, 2012

The ABCs of APTs: How To Fight Advanced Persistent Threats

While these companies--including Fidelis Security Systems, NetWitness (another EMC addition), Naurus, RedSeal Networks and Hewlett-Packard--promise that their products will help protect against APTs, many users are not aware of just what an APT is.

Read Article

Sys-Con | May 04, 2012

Coordinating Security Information

More interesting is the fact that, when you look at the responses by the role of the respondents, 53 percent of security managers, administrators and auditors expected to meet the Sept. 30 deadline, while only 28 percent of CIOs and chief information security officers expected to. Mike Lloyd, RedSeal's CTO, said, "This is an interesting finding, not what a cynic might expect."

Read Article

Dark Reading | April 23, 2012

Why Don't Firewalls Work?

"Even the best firewalls might fail an audit -- or get hacked -- if your enterprise doesn't follow proper change and configuration management practices."

Read Article

SecurityWeek | April 23, 2012

Iran Took Systems Offline After Cyber Attack Hit Oil Industry

“The real news here is that this type of campaign could clearly have a serious and detrimental impact- both financially and socio-politically,” said Dr. Parveen Jain, president and CEO of RedSeal Networks, who also holds a Ph.D. in Nuclear Engineering. “The reality is that many of the SCADA systems used through industries such as oil, electric and water systems are based on legacy computing technologies that were deployed before concerns of cyber threats were a reality."

Read Article

GSN | April 10, 2012

Technology provides day-to-day window into security, says RedSeal CEO

Although government, critical infrastructure and private network managers have worked hard to mitigate breaches and incursions over the years, they may not have a complete picture of what they’re up against day-to-day, according to the chief executive officer of an upstart network intelligence and security company.

Read Article

Dark Reading | April 10, 2012

Utah Health Data Breach Affects Nearly 800,000

State officials offered some details on the nature of their security defenses. Mike Lloyd, CTO at RedSeal Networks, said that based on those reports, the Utah security architecture may be prone to human error.

Read Article

Dark Reading | March 23, 2012

Minimizing The Attack Surface Area A Key To Security

While many security experts have talked about the end of the network perimeter, thinking about the attack surface as the new perimeter can help companies better secure their networks and data, says Mike Lloyd, chief technology officer for RedSeal Networks, a provider of security intelligence and management products.

Read Article

SC Magazine | March 23, 2012

The seal of security

Parveen Jain, president and CEO of Redseal Networks (and previously chief marketing officer at McAfee after his company, IntruVert Networks, was acquired in 2003), said he came out of retirement to lead Redseal, which he called "a CT or MRI scan for networks".

Read Article

CRN | March 20, 2012

“CT scan” of IT security world issues channel war cry

Talking to ChannelWeb, RedSeal chief executive Parveen Jain said SIs and VARs are a "huge fan" of the technology because it can be used to quantify what other security technologies end users need.

Read Article

Government Computer News | February 23, 2012

A Self-Healing Network and Other New Technology for Government

RedSeal Network’s Proactive Security Intelligence system is designed to provide end-to-end security and automated network assessment, said Mike Paluzzi, managing director of the company’s federal business unit. The software-based system collects the data in routers and firewalls, gathers their files and parses out their rules sets to provide administrators with network situational awareness.

Read Article

TechNewsWorld | February 10, 2012

US Plans Stricter Laws For Government Network Hacks

“Taking the necessary precautions to avoid that insecurity is an absolute necessity in today's climate, according to Mike Lloyd, CTO of RedSeal Networks. "To prevent this, likely targets need to use automation to understand weaknesses; today, it's all too easy for those who feel like it is to use their own automation tools to deface, degrade or even destroy online infrastructure.”

Read Article

Dark Reading | February 10, 2012

Five Tactical Security Metrics To Watch

Companies need to be able to look for solutions to problems that may be beneficial to multiple servers and workstations. A good metric to track that positive benefit is to focus on the impact of fixing a particular vulnerability, said RedSeal Networks CTO Dr. Mike Lloyd. "The highest impact I might have is not just by patching the most critical servers over and over again," said Lloyd. "I want to find a way to maximize the downstream impact of fixing some assets."Patching a dozen critical servers or updating firewall or intrusion-detection rules? Knowing the impact of each action is key.”

Read Article

Government Computer News | January 17, 2012

Is CIO Confidence on FISMA Compliance Waning?

"Everybody agrees that this is the right thing," said Dr. Mike Lloyd, chief technology officer at RedSeal Networks, with 64 percent of respondents saying that continuous monitoring and the security metrics it provides will improve IT security status. "This clearly is a technical problem."

Read Article

Dark Reading | January 13, 2012

Five Principles To Improve Your Security Monitoring

"Security is the absence of something, and that is hard to measure," said Dr. Mike Lloyd, chief technology officer at RedSeal Networks. "So what you have to measure is posture -- how far you are ahead of the next threat." Instead, companies should measure metrics that improve security, such as the number of vulnerabilities remediated. "The trick then is to make it quantifiable and repeatable," he says.

Read Article

TechNewsWorld | January 09, 2012

Symantec Source Code Scattered to the Winds

"Anyone who faces risk due to assets in someone else's control needs to establish a yardstick that the outside entity can use to show they have taken due care," said Dr. Mike Lloyd, chief technology officer at RedSeal Networks. The yardstick needs to be quantifiable objectively, must maintain some privacy for the organization being studied, and "must actually measure security posture, not just busy-ness," Lloyd concluded.

Read Article

eWeek | January 08, 2012

Stratfor, Facebook Worm, Fujitsu Virus Lead Week's Security News

Security experts were more concerned about the fact that Symantec lost its data through no fault of its own, since the code was on a third-party server. "It is not enough to ensure you follow best practices; in an interconnected world, you have to worry about the security of other organizations," Dr. Mike Lloyd, CTO of RedSeal Networks, told eWEEK.

Read Article

Dark Reading | January 07, 2012

Hackers Claim Breach Of Norton Antivirus Source Code; Experts Say Claims Are Exaggerated

"It is not enough to ensure you follow best practices; in an interconnected world, you have to worry about the security of other organizations," said Dr. Mike Lloyd, chief technology officer at RedSeal Networks. "Your business partners and strategic customers may be friendly, but they are not going to expose specifics to you about how well they protect themselves."

Read Article

SearchSecurity | January 06, 2012

Symantec Source Code Theft: Threat is Low to Current Products, Vendor Says

It's difficult for organizations to "understand the risk of a network you cannot see," said Mike Lloyd, CTO of Santa Clara, Calif.-based vendor RedSeal Networks. "As we steadily lose control of our own critical assets, and as attackers increasingly automate their attacks, we will need more baselines like this so that one organization can show another that it is well run."

Read Article

PCAdvisor | January 06, 2012

Security roundup: DOD revving up cyber-defense; Microsoft to have big January Patch Tuesday

However, Mike Lloyd, chief technology officer at RedSeal Networks, points out the breach does raises questions about addressing security of your own corporate data in the networks of business partners and others. "The fact that Symantec suffered a breach due to lax protections in someone else's network is a significant wake-up call," he said.

Read Article

Government Computer News | January 04, 2012

Pessimism over FISMA Deadline Starts at the Top, Survey Finds

"Other companies to watch in this sector include website vulnerability company WhiteHat Security Inc. and RedSeal Networks Inc. which combines vulnerability data with network access data to provide a picture of the overall health of a network, rather than pinpointing particular holes."

Read Article

Dow Jones | January 03, 2012

Cyberthreats Evolve, Start-ups Responding

"Everybody agrees that this is the right thing," said Mike Lloyd, chief technology officer of RedSeal Networks, which sponsored the survey in which some 64 percent of respondents said that continuous monitoring and the security metrics it provides will improve IT security status. 'This clearly is a technical problem.'"

Read Article

Federal News Radio | December 23, 2011

Agencies Struggle with Continuous Monitoring Mandate

"People are aware of the objectives, but when you map it down to practical technical concerns, people don't even agree on which technologies they will do the continuous monitoring in," said Mike Lloyd, CTO of RedSeal Networks. "There doesn't seem to be agreement that what we need to do is get, what those with a military background would call, situational awareness. We understand we need the situational awareness, but it is not a well settled question how to do that. These environments are extremely complex."

Read Article

Dark Reading | December 21, 2011

7 Housekeeping Duties For Better Database Security In 2012

"The databases that exist today have ultimately been designed to allow the easiest access from a multitude of devices and places. In many people's minds, they think you need to access a server with an application running on that, and that there is a measure of safety for the data sitting underneath the application because the application is secure," says Dr. Mike Lloyd, CTO of RedSeal Systems. "But your database is sitting out there, and, in many cases, when it came out of the box, it came configured to be connected to the Internet."

Read Article

eWeek | December 21, 2011

Hackers Stole Emails From Employees in Chamber of Commerce Breach

Modern IT infrastructure can be very "porous" and it's difficult for security teams to "understand it all," Mike Lloyd, CTO of RedSeal Networks, told eWEEK. The Journal report highlighted "significant out-bound holes" as it appears the infiltrators were able to "exfiltrate" the data they found, Lloyd said. Most organizations build some defenses against in-bound attacks, but very few effectively know how to control out-bound traffic, he said.

Read Article

TechNewsWorld | December 16, 2011

Power Grid Cybersecurity: Who's In Charge?

"When it came to protecting clients in a number of instances, the advice from vendors was to unplug the SCADA solution from anything connected to the Internet or any public network," said Parveen Jain, President and CEO of RedSeal Networks. Still, "it's a big problem where you have old systems, sometimes unresponsive vendors, limited resources and yet [a technology that's] a tremendous source of risk to almost everyone."

Read Article

Dark Reading | December 14, 2011

Study: Most Federal Agencies Uncertain About Meeting FISMA Security Monitoring Deadlines

"Interestingly, the senior people that we surveyed -- the people who have the broadest view of the problem -- were the most pessimistic," says Mike Lloyd, CTO at RedSeal, which makes security monitoring solutions. "The people who can see the whole picture are realizing how difficult continuous monitoring is and how much more is still to be done."

Read Article

TMCnet | November 16, 2011

RedSeal Networks Raises $10 Million from Investors

"RedSeal is one of the most strategic and influential providers on the global security market based on its ability to solve the most acute challenges faced by every large enterprise security organization today, complexity and change," Ray Rothrock, chairman and Partner of Venrock, said. "The constant evolution of security infrastructure makes it nearly impossible for even the best professionals in any organization to maintain the visibility necessary to ensure compliance and critical asset protection, or measure their progress over time."

Read Article

Wall Street Journal | November 16, 2011

RedSeal Networks Raises $10 Million in Funding

RedSeal Networks has raised $10 million in additional funding from insiders to help companies and government agencies protect their networks against hackers, VentureWire has learned.

Read Article

Network Computing | November 11, 2011

RedSeal Networks Upgrades Security Intelligence Software Offering

"It's a count of activity, of all the processes that your people run that they record. How many times did you change the firewall? How many patches did you deploy? How many times did you update your antivirus signatures?" says Mike Lloyd, CTO for RedSeal. "The problem with this approach is that you're measuring your busy-ness, not your business."

Read Article

Dark Reading | November 09, 2011

Product Watch: New RedSeal App Lets Enterprises Benchmark Security Risk, Attack Surface

"Concepts like attack surface and overall risk can be very difficult for security to explain to top management, much less measure," said Dr. Mike Lloyd, CTO at RedSeal. "We're giving them some tools to help do that."

Read Article

Dark Reading | October 24, 2011

Despite Stiffer Reporting Requirements Many Agencies Still Slow To Implement Continuous Monitoring

"The move to monthly reporting was [former federal CIO] Vivek Kundra's effort to make it impossible to do security reporting as a bureaucratic exercise," says Mike Lloyd, chief scientist at RedSeal Systems, which makes security monitoring tools. "If you're doing it monthly, you can't do it with people pushing paper. He was trying to make reporting difficult enough to force agencies to move to automation."

Read Article

Tech Herald | October 17, 2011

Security Teams Left in the Dark by Current Technologies and Practices

Can anyone be blamed for feeling like this? It seems like there is a new breach or incident reported in the news each week. Yet, most of the automated attacks are preventable. Technologies and policies that assess code development, user and process enforcement, and traffic analysis are all helpful when addressing these types of threats.

Read Article

SearchSecurity | October 13, 2011

IT Security Pros Acknowledge Network Security Weakness, Configuration Issues

"Security professionals all agree we are losing this war," said Mike Lloyd, chief technology officer at RedSeal. "This is not only a startling conclusion, but it's also interesting that security organizations are actually admitting this."

Read Article

Dark Reading | October 13, 2011

Many Security Pros In The Dark About Their Own Environments, Study Says

"On the one hand, it shows that, as an industry, we are growing up -- we're willing to admit we don't have all the answers," said RedSeal CTO Dr. Mike Lloyd. "On the other hand, it also shows that it's time for many organizations to wake up and smell the coffee -- they don't have some of the information they need to build a comprehensive defense."

Read Article

CSO | October 12, 2011

You Just Can't Win When The Bad Guys Have Cooler Toys

"Consistent application of network security controls across even medium sized networks has transcended human ability," RedSeal CTO Dr. Mike Lloyd said. "For many years there's been the notion of an arms race between IT security professionals and attackers; what this survey proves is that the good guys understand they're facing a truly daunting task to keep up."

Read Article

Dark Reading | September 23, 2011

Sound Database Security Starts With Segmentation

"If you cannot keep the "crown jewel" servers up to the minute with the latest patches, then you have to put these most critical assets inside a "zone" to defend them," said Dr. Mike Lloyd, CTO of RedSeal Systems. "This can be called the 'Boy in the Bubble' security model -- you have to secure these most sensitive machines, using an internal perimeter because patching frequently isn't an option."

Read Article

Dark Reading | August 29, 2011

Unifying Compliance Initiatives To Make Budgets Last

"Of course the response to that is to unify your controls. Look at the set of audits you have in place, about what they have in common, pass that once, and use the same report over and over," says Dr. Mike Lloyd, CTO of RedSeal Systems. "This doesn't come cheap, it takes effort to do this but it can be done."

Read Article

Dark Reading | August 26, 2011

Web-Searchable Databases An Increasing Security Risk

"Blaming Google for this is really getting it all backwards," said Dr. Mike Lloyd, chief technology officer at RedSeal Systems. "Google just makes it clear that there is a problem. If you left the door unlocked on a store room for years and then Google Maps came along and put a photograph showing there was no lock on the door, the fact that the photograph went up isn't the problem. The problem was that the door was unlocked for years."

Read Article

USA Today | August 23, 2011

Hacking exposes large caches of personal data

"With the addition of indexing data that is accessible via FTP, hackers can now identify wide-open FTP sites that may contain sensitive data or can be used to leapfrog to other machines on the company's internal network," says Tom Rabaut, RedSeal analyst. "Also, Google offers the ability to restrict searches to a single domain which will make it easier for hackers to limit their data mining to only target companies."

Read Article

Security Week | July 20, 2011

RedSeal Systems Names Parveen Jain as CEO

"Security professionals in organizations of all sizes are tasked to defend against escalating threats despite shrinking budgets. Addressing the complexity of today's networks and attacks requires the intelligence and operational insights that RedSeal uniquely delivers, along with the opportunity to optimize security spending," said Ray Rothrock, Chairman of RedSeal's Board of Directors. "Parveen will drive RedSeal to even greater success by providing organizations with the products they need to improve their network defenses and prevent the data breaches that dominate today's headlines."

Read Article

Dark Reading | July 18, 2011

Enemy At The Loading Dock: Defending Your Enterprise From Threats In The Supply Chain

"It's been about: I need to connect to this business partner, then that business partner, then that business partner, and then all the sudden, your great castle of defenses has a whole wall missing, because you have this wide path out to all these extranet partners," said Dr. Mike Lloyd, Chief Scientist at RedSeal Systems.

Read Article

eWeek | July 15, 2011

Marine General Calls for Stronger Offense in U.S. Cyber-Security Strategy

"The government agencies haven't gotten to that point of awareness yet," said Major General John Casciano. "We keep saying the same old things, senior officials are giving the same old briefings and we are not further along solving the problem."

Read Article

eWeek | June 21, 2011

U.S. Congress Wants to Make Hacking Government Networks a Felony

“The “emphasis on cyber-security by the Administration and Congress is commendable,” but progress has been practically non-existent, as the country hasn’t really moved forward towards enacting a comprehensive cyber-security law, said Major General John Casciano, an adviser on government security issues to security software producer RedSeal Systems. “We are not further along solving the problem than we were 20 or 25 years ago,” Casciano said.”

Read Article

SC Magazine Product Review | June 01, 2011

RedSeal Network Advisor & Vulnerability Advisor 4.2

"Strong integration, nice best practice and downstream impact capabilities. Very useful risk map with great visualization for the security team."

Read Article

SC Magazine | April 20, 2011

Script kiddies take over from criminal 'masterminds': Verizon study

"When attackers are using automated scripts, to a large extent, they don't care who you are. They care about what you have, and they are coming for you."

Read Article

Dark Reading | April 20, 2011

Continuous Monitoring Still A Long Way Off For The Feds

With a federal agency deadline for Federal Information Security Management Act (FISMA) compliance reporting through the new automated CyberScope tool already five months past, many security experts believe the government still has a long way to go in its quest to establish standards and implement continuous monitoring across the board."

Read Article

Dark Reading | April 19, 2011

Verizon Data Breach Report: Bad Guys Target Low-Hanging Fruit

"If you look at the [Verizon report], you see that most attacks were not targeted at a specific company, but were designed to find the enterprises that were most vulnerable. Ninety-seven percent of the breaches could have been avoided by using simple controls."

Read Article

Dark Reading | March 30, 2011

Searching For Security's Yardstick

“If security is about prevention of leaks and attacks, then, what metrics should security departments show their bosses to prove that they are doing their jobs well?”

Read Article

SC Magazine | March 28, 2011

Rise in federal cyberattacks partly due to better monitoring

“The government is facing more sophisticated, targeted attacks launched for the purpose of cyberespionage. We should be worried about the attacks we are not detecting.”

Read Article

Martin McKeay, Network Security Blog | February 14, 2011

NSP Microcast: Interview with Dr. Mike Lloyd at B-Sides SF

Dr. Mike Lloyd from RedSeal gave one of the opening talks at this year’s Security BSides San Francisco and through a series of unfortunate events there was no stream of his talk nor did it get recorded. But since I was scheduled to talk to him today anyway, heres a small taste of what his talk was like.

Read Article

Threatpost | February 14, 2011

Common Security Mistakes Can Lead to Major Compromises

“Security is hard and getting it right all the time is nearly impossible. But many of the mistakes that people make are simple, avoidable ones that can lead to serious intrusions and major network compromises.”

Read Article

CSO Online | January 28, 2011

Telecom infrastructure faces daunting risks, TATA CSO says

"Finding every potential configuration problem and vulnerability on our network is simply too big a job for human efforts alone. RedSeal took that whole process out of the equation and automated everything."

Read Article

Information Week | January 14, 2011

CIA Invests In Secure Virtualization, Infrastructure Monitoring

"The technology keeps IT administrators apprised of up-to-date security status information they can use to make cost-effective, risk-based decisions about IT systems, according to In-Q-Tel."

Read Article

Dark Reading | December 23, 2010

Why Don't Firewalls Work?

"Even the best firewalls might fail an audit -- or get hacked -- if your enterprise doesn't follow proper change and configuration management practices."

Read Article | December 17, 2010

Analysis: Cybersecurity's Double-Edged Sword

"In the dynamic and ever-changing networks in which agencies operate, continuous monitoring simply can't be performed manually; it must be supported by software that provides powerful new weapons for defending against and thwarting attacks."

Read Article

Federal News Radio | December 02, 2010

Does this audit make me look fat?

"It's that time of the year for audits under the Federal Information Security Management Act (FISMA). But will your audit make your agency appear bloated with risks?"

Read Article

Dark Reading | October 14, 2010

Security's Risk And Change Management Tools: Drawing A Picture Of Security Posture

"It's a question that business executives love to ask -- and IT people hate to answer. "What's our security status?" If you've been around IT security for more than a week, then you know there's no definitive, empirical way to answer that question. Recently, however, some large enterprises have been getting a little closer to providing some metrics for security posture, using an emerging class of products that is coming into its own."

Read Article

Network World Review | July 12, 2010

Firewall Operations Management

"Overall, we were most impressed with RedSeal and Skybox, which cover all the basics, plus have the added benefits of being able to support multiple vendor vulnerability scanning products, which can calculate the network's risk scores and run vulnerability analyses on your whole network."

Read Article

The Armed Forces Journal | June 01, 2010

Navigating the fog of cyberwarfare

"The only hope for clearing the fog of cyberwarfare is to bring to bear automated systems that continuously monitor security posture and provide risk-based situational awareness to decision makers."

Read Article

SC Magazine Product Review | May 18, 2010

SC Magazine Product Review - 5 Stars

"A very nice operational risk solution that has everything needed to take control of security posture management."

Read Article

Network World | May 12, 2010

Firewall audit and big-picture risk assessment

"In a perfect world, everyone would have a tool like this."

Read Article

SC Magazine Product Review | February 02, 2010

"This is enterprise-wide security peace of mind in a box."

"This product solves a major problem for large enterprises: visibility of the enterprise's actual security configuration."

Read Article