Redjack Cyber Resilience Platform FAQs

Product
Written By Kristen Jacobsen

Recently, we hosted a webinar titled “Intro to the Redjack Platform for Cyber Resilience,” where we explored the features and benefits of our recently released platform. Throughout the session, participants posed insightful questions about deployment, sensor placement, data storage, and integration with existing systems. We’ve compiled these questions along with those we didn’t have time to address during the webinar into this blog, ensuring all your queries about Redjack are answered. 

How long does it take to deploy Redjack sensors?

The amount of time it takes depends on two things: the size and scale of the environment and whether the customer has any security and risk configuration management processes that need to be completed before deploying a sensor. Generally speaking, whether sensors are in the cloud or on-premises, the actual deployment process takes just a few minutes. 

The sensors are very lightweight and effective. Redjack doesn’t need complete sensor coverage before it starts providing value. We can deploy a few sensors and the platform will tell us if and where we need additional sensors. 

Redjack doesn’t charge for sensor licenses. They are effectively free, except for the cloud costs for the cloud sensors and the hardware costs for the on-premises sensors. 

How long do the Redjack sensors need to be on and watching? 

Organizations generally aren’t designed, they grow organically as your IT staff adds capabilities as needed. Enterprise environments also change drastically month by month as new assets are integrated into the infrastructure and old assets are phased out. The Redjack platform continuously monitors these changes to ensure you have the most up-to-date information, facilitating informed and timely decision-making.

We typically advise customers that it will take about a week after deployment for Redjack to start providing value. In practice, it generally takes around three days. 

How do you know where to place the sensors? 

We want to place the sensors between as many of your assets that deliver business functions as possible. The sensor deployment is very similar to the monitoring you would be doing for any insider threat or lateral movement detection solutions you may already be using. 

Generally speaking, for on-premises deployments we deploy to internet access points. For cloud deployments, the sensors will be installed in monitoring points in the cloud. If you don’t already have span ports or packet brokers in place to monitor things moving across your environment, we’ll be solving more than one problem for you through the deployment process.

Where is the data being stored? Is Redjack storing it, or is the customer storing it? 

We are very flexible in regards to how you want to store your data because this is a disaster recovery solution. So we typically would not approach this as ‘we will deploy this into the cloud that you use’ because if that cloud goes down you don't have the information from Redjack you need in order to perform your recovery. 

Our platform and front end can be deployed to any cloud, and we typically work within the cloud environments that our customers own. We do not enforce the idea that you must send us your data, but we would be open to doing that as well. 

The key point is that we compress the data we generate and that gives us some flexibility around where we put it. 

What types of customers are using the solution now? What industries? 

We work with one of the 5 largest government agencies in the world and one of the 5 largest companies in the world. We’ve worked with insurance companies, municipal governments, and healthcare organizations. 

The type of customer that we deliver the most value for is large customers, and that isn’t a sales pitch. If you have 40 IT assets in your environment, Redjack is overkill. Large organizations with a few thousand IT assets are generally environments where things have started to get out of hand. That’s where you need help to demystify what is going on in your environment.

What kind of systems can Redjack integrate with?

The solution areas we work with include cybersecurity endpoint solutions, vulnerability management, configuration management databases, and backup disaster recovery solutions

Does Redjack offer a trial version?

We do. We can do a resilience assessment framework where you pick one of your business functions and we focus on that with a small deployment and give you a resilience review. 

Given the diverse needs and priorities of various stakeholders within an organization, how does the Redjack platform ensure alignment between cyber resilience and overarching business goals?

We provide evidence around the resilience posture of a business function. Instead of a CISO marching into a room and saying ‘here are my priorities, it’s based on my professional opinion’ they can show you a picture of the problem. They can demonstrate that this part of your environment has pretty weak hardening and it has a lot of exposure, and we need to address that problem because it is the beating heart of one of the most important functions of the business. 

Redjack shows information about the environment that is based on the communications activity between assets. Another expert in the room can’t say ‘those two things aren’t connected,’ because you can prove that they are. That’s really important, to be able to show things in context and to base it on evidence. 

In the context of regulatory compliance becoming more stringent and complex, how does the Redjack platform streamline compliance efforts while ensuring adherence to evolving regulatory standards?

A lot of the regulatory efforts are manual and survey-driven. In order to answer all the questions for a regulator you go ask members of your team what’s going on. Then you compare the results of those surveys to see if there are outliers as a form of validation. 

Redjack provides evidence based on activity. This does two important things: 

  1. It gets you past the problem of people not knowing or lying because your source of truth is based on subjective opinion

  2. It gives you a justification and substantiation to show a regulator ‘here is how I know what is going on. Here is how I know I have found all the databases in my environment and tracked whether or not there is customer information. I have watched all of the communications across the environment and seen how they all interact, and this is the result.’ As opposed to ‘I asked, and everybody told me this list.’ 

Redjack is very powerful for alignment around data-driven evidence and that is why Redjack has been so involved with the general counsel at big companies. 

With the increasing prevalence of AI-powered cybersecurity solutions, how does the Redjack platform mitigate the risk of false positives and ensure the accuracy of threat detection and response?

Redjack is not a threat detection and response solution. What we provide to your stack of IT and security tools is the business context. You can identify if threat intelligence pertains to your most important assets. We can also help you triage an alert so that you know, even if it’s a false positive, if it impacts the beating heart of your organization and you should check it manually anyway. 

In fact, my [Greg Virgin, CEO of Redjack] background is in threat hunting. A very important step for an organization that wants to be excellent at threat hunting to take is to increase your false positive rate in the parts of your environment where you need to be able to detect a stealthy adversary. I would caution against the blanket statement that you should reduce false positives. For the beating heart of your organization, you should turn up the sensitivity. 

This is the kind of enablement and triage that Redjack provides: is it worth it to do an analysis? Most cybersecurity solutions consider every device with a blinking power light to be the same. That is the part of that equation that Redjack addresses.

Improving your cyber resilience

By leveraging the Redjack platform, organizations can enhance their cyber resilience through detailed asset discovery, real-time monitoring, and evidence-based compliance. We hope this blog has provided you with valuable insights into how Redjack can help your organization achieve robust cyber resilience and streamlined disaster recovery. Contact us if you would like more information, or to schedule time to talk to our experts.

Thank you again for joining us, and stay tuned for more updates and expert insights from Redjack.

Join us for our upcoming webinar “How to Achieve Cyber Resilience”.

Kristen Jacobsen
Previous

How Redjack Helps Enable Compliance With FFIEC Risk Management Guidelines
Next

Introduction to the Redjack Cyber Resilience Platform