- Strengths: Rogue (Dark Space) discovery; “what if” change control validation at network and standards level; network mapping.
- Weaknesses: Would like to have a bit more view into regulatory/standards mappings.
- Verdict: RedSeal replaces blindness to IT security risk with a firm understanding of where security is working, where investment is needed and where lie the greatest vulnerabilities to cyber attack.
RedSeal accomplishes this through modeling enterprise network assets (i.e., routers, hosts, applications, etc.) and the security control/remediation infrastructure (firewalls, etc.) that protect those assets. The tool uses risk analytics to examine the model to identify high concentrations of risk and non-compliance. These analytics provide risk managers with the information needed to drive planning and prioritized action that systematically reduces exposure to cyber attack.
The product is delivered as either software running on a general purpose server or as a pre-loaded appliance. The appliance OS is Linux-based. RedSeal software runs on a Microsoft platform and requires Windows Server 2003-2008. RedSeal uses a Postgres database for its backend data store.
The tool is designed to continuously identify and prioritize key points of weakness in one's enterprise security controls. RedSeal models configurations from data collected from network devices - such as firewall, UTM devices, routers, load balancer and wireless controllers. It can also model data from vulnerability information pulled from several leading scanner vendors, and can pull security data from supported SIEM vendors. RedSeal can collect device configuration data from the leading configuration management databases (CMDBs). Through the collection of this data, one can automatically create needed asset pools. More importantly, users instantly can build a detailed network map with a visual of how things are attached in the enterprise, and what is reachable based on configured policies. This high-level overview of connectivity and reachability is a key strength for this product.
Admins can model attack simulations and determine how threats might propagate through the environment, and can model changes to see what new vulnerabilities or threats are exposed. There is a new, winning feature in this release that uses analytics and creates groupings to easily show graphically where users may have gaps in network controls or unknown access based on policies. RedSeal does not supply a regulatory or standards policy library, but that information is mapped in the backend so that users can create risk maps and reports for compliance against such standards as PCI and NIST.
Another new component is the change management workflow. This addresses risk assessment, "what if" analysis, security oversight and continuous monitoring. There is additional support for BYOD risk from collecting information on mobile devices.
The reporting and visualization capabilities are powerful while remaining easy to use. Admins have high-level executive dashboards delivering key decision-making information to leverage investments based on risk. The analyst capabilities are superb and include recommendations for best practice configuration and remediation.
Support is fee based and includes options for 24/7, four-hour or one-hour response. Support is available via phone, email and web-based options. Fees for support start at 20 percent of appliance or license fees. - ML
RedSeal replaces blindness to IT security risk with a firm understanding of where security is working, where investment is needed and where lie the greatest vulnerabilities to cyber attack.