RedSeal 6 v6.6
Strengths: Rogue (Dark Space) discovery; ‘what if’ change control validation at network and standards level; network mapping
Weaknesses: Would like to have a bit more view into regulatory/standards mappings
Verdict: RedSeal replaces blindness to IT security risk with a firm understanding of where security is working, where investment is needed and where lie the greatest vulnerabilities to cyber attack
RedSeal 6 is a risk-based IT security management platform that enables organisations to identify, prioritise and respond to critical points of weakness in complex enterprise security control infrastructure. It accomplishes this through modelling enterprise network assets (i.e. routers, hosts, applications, etc.) and the security control/remediation infrastructure (firewalls, etc.) that protect those assets.
The tool uses risk analytics to examine the model to identify high concentrations of risk and non-compliance. These analytics provide risk managers with the information needed to drive planning and prioritised action that systematically reduces exposure to cyber attack.
RedSeal 6 is delivered as either software running on a general purpose server or as a pre-loaded appliance with a Linux-based OS. RedSeal software runs on a Microsoft platform and requires Windows Server 2003-2008. It uses a Postgres database for its backend data store.
The product is designed to continuously identify and prioritise key points of weakness in one's enterprise security controls. It models configurations from data collected from network devices - such as firewall, UTM devices, routers, load balancer and wireless controllers. It can also model data from vulnerability information pulled from several leading scanner vendors, and can pull security data from supported SIEM vendors.
RedSeal 6 can collect device configuration data from the leading configuration management databases, which enables users to automatically create needed asset pools. More importantly, users can instantly build a detailed network map with a visual of how things are attached in the enterprise, and what is reachable based on configured policies. This high-level overview of connectivity and reachability is a key strength for this product.
There is a new, winning feature in this release that uses analytics and creates groupings to easily show graphically where users may have gaps in network controls or unknown access based on policies. Administrators can model attack simulations and determine how threats might propagate through the environment, and can model changes to see what new vulnerabilities or threats are exposed.
RedSeal does not supply a regulatory or standards policy library, but that information is mapped in the backend so that users can create risk maps and reports for compliance against such standards as PCI and NIST. Also new in v6.6, this information can be fed into a GRC platform for enterprises requiring a more formal policy and compliance mapping solution.
Another new component is the change management workflow. This addresses risk assessment, 'what if' analysis, security oversight and continuous monitoring. There is additional support for BYOD risk from collecting information on mobile devices.
The reporting and visualisation capabilities are powerful while remaining easy to use. Administrators have high-level executive dashboards delivering key decision-making information to leverage investments based on risk. The analyst capabilities - which allow users to drill down to detailed information and quickly and easily identify, manage and remediate risks - are superb and include recommendations for best practice configuration and remediation.
Support starts at 20 per cent of appliance or licence fees and includes options for 24/7, four-hour or one-hour response.