The platform is focused on delivering continuous monitoring, compliance automation and risk measurement and control.
This product was the only solution delivered as an appliance. It is built on a Dell sever platform and is customizable. The RedSeal 4200 is architected to offer a fast and efficient means of implementing RedSeal security software, and is designed to provide the most secure, scalable and dependable deployment possible.
This solution is more security- than assessment-driven. As a continuous monitoring offering focused on correlating IT, network and vulnerability data feeds, RedSeal identifies risk associated with one's security effectiveness, as opposed to more policy- and compliance-driven tools.
There is a large library of supported vendor products allowing one to quickly and easily import network, security and vulnerability information into the tool. Once a user connects a device, RedSeal automatically builds out network maps and begins correlating this information with the configuration and vulnerability data and builds this into a threat reference library.
RedSeal is positioned to find and help eliminate gaps in one's security controls and, more importantly, prioritize or measure the impact of those gaps so that users can balance security investments with the highest return on those investments. RedSeal also takes into account the underlying business value of individual systems and assets, based on their importance to operations or retention of sensitive data, allowing users to prioritize mitigation even more effectively. The network mapping function is a wonderful visual representation of assets and the interconnections that may exist based on network and various controls in the environment. The ability to conduct a reachability study based on a threat and to determine where and how far that threat could propagate in an enterprise is a valuable analysis tool. This provides a great opportunity to mitigate either a threat or a vulnerability before the actual compromise or exploit. The correlation capability of the RedSeal product takes a lot of the noise out of the traditional vulnerability scan process by providing a real risk priority based on the entire environment.
RedSeal is not an assessment or audit tool, but it does correlate risk to various controls for compliance regulations, like PCI, NIST and FISMA, creating reports that show gaps in deployed configurations/controls. For example, for PCI, it may ask: Is my credit card data isolated properly? One also can model what the network should be doing to be in compliance.
We liked the attack simulation feature, which gives one the ability to model a threat based on the known access and vulnerability information and determine, step by step, what could be breached. There is a dashboard component that provides some high-evel management-level details so that one has a snapshot of the key risk posture items. Further, there is built-in reporting capabilities that provide the data roll-up from most of what we described above.
Although this product only gives a piece of the overall risk picture, it’s an important piece and one that a number of assessment and audit driven tools don’t deliver and could leverage.