“The federal government is finally taking bold steps to fulfill what the Constitution says in its preamble - ‘to provide for the common defense,’ in this case, the common cyber defense. The actions and budget announced today are an important recognition and investment in the defense of the critical information infrastructure of the United States, and...

The recently disclosed back door in Juniper’s ScreenOS software for NetScreen firewalls is an excellent reminder that in security, the first and foremost need is to do the basics well.  The details of the vulnerability are complex and interesting (who implanted this, how, and what exactly is involved?), but that is not what matters for defenders.  What...

For the third time in a row, I flew down to Texas at the end of the year. The reason? To attend the important Alamo ACE event presented by the local San Antonio AFCEA chapter. With multiple sessions over three days covering primarily cybersecurity and ISR, the event draws 1500 military and industry leaders. My takeaway? RedSeal’s cybersecurity analytics...

I recently returned from Hawaii where I attended the AFCEA TechNet Asia Pacific trade show for the fifth time in a row. It’s always a good opportunity to hit a couple of birds with one stone: meet with some customers, develop relationships with new prospects and hear which issues and initiatives are getting the highest attention.   It wasn’t a surprise...

Blue vs Red. No, not the Rooster Teeth series for the Halo fans out there. For those that do not know how the reference pertains to cyber security: Blue teams can be looked at as the good guys (cyber defenders) and Red teams are the bad guys (attackers). Not to say the Red teams are “bad guys”; their job is to identify weaknesses in order to teach and...

Not too long ago I had a customer, “Joe”, explain to me how he overcame organizational challenges and got his network team to operationalize the findings from RedSeal. Joe started by taking advantage of RedSeal features that can be leveraged immediately upon deployment, such as the Best Practice and STIG checks. He generated a report and sent it over...