This week I met a vendor offering a technology that I dare to say is rather unique.
Parveen Jain, president and CEO of Redseal Networks (and previously chief marketing officer at McAfee after his company, IntruVert Networks, was acquired in 2003), said he came out of retirement to lead Redseal, which he called "a CT or MRI scan for networks".
He said: “It will tell you what needs to be done. A lot of people put in place technologies that tell you what is happening on the network, but what we offer can help measure defences as it is built into the intrusion detection and prevention and data-loss prevention, so you can be assured of the level of security in the network.
“This is not a stress test, we are not penetration testers. This will look at your network and provide proactive security intelligence. It will look at your network infrastructure and within that there will be functional zones, so you will isolate them and provide security for them. You will assume that there is a firewall for that and it may have layer three or a thousand firewalls, but if they are mis-configured you are in trouble.
“The software will look at the code and say which device is mis-configured and tell you what could happen as a result. This will identify which line is mis-coded and isolate it. Once you have this information, that will help prioritise what to fix.”
Established in the US, the company is now targeting Europe with a healthy presence in retail, financial services and government agencies, and partnerships formed with Cisco, McAfee and ArcSight. The partnerships with these and the likes of Rapid7, Tenable and Qualys allows the software to correlate both sets of data.
The company calls its technology "proactive security intelligence" and says it is similar to security incident and event management (SIEM) solutions, but different as it is continuously monitoring and always on-premise.
Rob Pollard, general manager EMEA at Redseal, said the challenge for businesses is to find time to deal with change.
“The problem is the CISO meets the CEO and is asked how secure the network is, so how do they measure it? You cannot manage what you cannot measure, and if you cannot measure, you cannot change it,” he said.
“What is needed is a metric for security, to tell you how secure you are and the level of exposure. We offer a continuous dashboard for the measurement of security, what has expired and what is the compliance position.”
As well as the continuous monitoring, Jain also said that it allows for software testing to be done before installation. “Security guys are not lazy, they are high-quality professionals, but networks are convoluted and they are too busy to check the rules, and if they want to test software, do they check it or run it anyway?” he said.
Pollard added: “Also, every time a change is made, it will check that nothing has happened to impact the security or situation.”
Redseal offers one product which Jain told me has been enhanced over time, with capability added for legacy systems; "You cannot ignore them as they may be the culprit and you have to be prepared for those types of things."
I was asked what I thought of the product based on this discussion, and what struck me was that this seemed rather unique. There are the likes of Splunk, BDNA and Red Lambda that offer network mapping, while security vulnerabilities are discovered by the aforementioned Qualys, Rapid7, and Secunia. As for continuous monitoring, well, there is no end of vendors offering that capability.
I am sure that there will be many who will tell me that they are/have been doing something similar to Redseal for years and have more users/customers/partners, but this seems a particularly useful piece of technology that could benefit many. Yes, with each piece of software comes more vulnerabilities, but better to begin to eliminate those that are already there, right?