RedSeal

RedSeal Network Advisor 4.1

Continuous Network Security Monitoring

The network. It’s the first line of defense for your organization’s information. Every year, companies spend billions of dollars on firewalls, proxies, routers and other devices to prevent unauthorized access to their network. And yet security breaches are still depressingly routine. Why?

In most large organizations, firewall rulesets and ACLs have grown far too complex for a single human to understand. In fact, 91 percent of firewall administrators believe an error has been introduced into their ruleset in the last month. And unlike errors that provide too little access, the phone doesn’t ring when an error results in too much access—until it is too late. Even so, most organizations make rule changes weekly, with little assurance of their accuracy other than a manual approval and an annual audit.

RedSeal Network Advisor is security posture management software for your enterprise network. Every day, it gathers the configurations of all your network devices: firewalls, routers, load balancers, and more. It analyzes how the rules on all of these devices work together to defend business assets on your network. And it validates this access control against both regulations and your own security policies. The result: you get the security you expected when you invested in all those devices in the first place.

With RedSeal, you’ll know precisely what access is allowed from the internet and extranet, between security zones, and to all of your critical systems. Spot inadvertent or malicious exposure in minutes—not when you have your next audit or breach. Demonstrate your security to auditors, customers and management. And, most importantly, ensure the safety of your critical business information and systems.

• 

  In this screen shot, RedSeal shows every subnet that can access the datacenter. Click on a line for details of the allowed flows.

• 

  RedSeal shows what traffic is allowed to flow between your security zones. Click on a line for details of the flows

• 

  RedSeal evaluates network compliance with regulations such as PCI. Violations are flagged immediately for remediation.

• 

  RedSeal identifies rules that are never or infrequently used to reduce rulebase complexity.

• 

  RedSeal pinpoints the devices and rules that both enable and block access between any two points on your network.

• 

  RedSeal provides detailed reports on policies and compliance that demonstrate your security to auditors and management.

Continuously Monitor Network Security

Comprehensively Analyze Network-Wide Access

To be confident in your network security, you need to know exactly what access is—and is not—allowed throughout your infrastructure. In addition to assessing individual firewalls, RedSeal automatically collects the configuration files for all of your network devices and analyzes how they all work together. First, it creates an accurate map of your network so you know how everything is connected. Then RedSeal calculates the access permitted between every two points in your infrastructure. By clicking anywhere on the map, you’ll instantly see what access is permitted to and from that point to every other point in your network. And unlike other systems, RedSeal shows you all access that could occur, not just what is currently in use.

Understand Access Between Security Zones

To deliver defense-in-depth, many organizations architect their network into security zones and control access between them. RedSeal allows you to group subnets and systems into zones and automatically calculates the access enabled between them. With this capability, you can instantly identify if there is direct access from any of your internet connections to any of your finance servers. Validate that traffic is directed properly through security assets like proxy or DLP systems. You can even understand the impact of comprehensive network segmentation projects.

Continuously Validate Access Control Policies

Regulatory mandates, such as PCI DSS, SOX, FISMA, HIPAA and NERC CIP, incorporate specific requirements for network security. Internal security policies supplement these external mandates with additional restrictions on network-level access. With RedSeal, you can define policies for what traffic should be permitted or denied between security zones. RedSeal automatically validates that your network configuration actually enforces these policies, enabling you to attain and continuously maintain compliance. RedSeal will even email you when a firewall or router change violates a critical access policy. Plus, RedSeal’s policy engine documents justifications for access and supports time-limited exceptions, ensuring that temporarily authorized access does not inadvertently become permanent.

Verify Device Configuration Policies

In addition to access rules, many other configuration parameters of network devices can impact your security. By comparing each device configuration against over 100 best practices, including those published by NIST, ISO, DISA, device vendors and the results of RedSeal internal security research, RedSeal automatically verifies that all of your devices are configured to meet industry best practices. For example, RedSeal incorporates built-in checks for weak authentication, overly permissive policies, and settings that enable session hijacking. In addition, RedSeal enforces your internal policies by verifying that configurations comply with custom criteria.

Improve network security operations

Optimize the Rulebase on Firewalls and Routers

Over time, firewall rules often become obsolete. As these unused rules accumulate, they increase the complexity of managing the firewall and pose potential security risks. RedSeal automatically evaluates firewalls and routers to determine rules that are unneeded and unused. It identifies rules that can be removed without changing the security function because they are disabled, time inactive or redundant. For rules that are active, RedSeal reports on the frequency and timeframe of each rule’s use. This makes it easy to identify rules that are no longer being used, as well as improve performance by reordering the rulebase.

Reliably Enable Access to Applications

Requests to enable end-to-end access often require changes in multiple network devices. RedSeal analyzes each access request to determine the devices required to provide that access. It then identifies which devices (if any) are currently blocking the desired access and pinpoints the specific rules and ACLs that require change. This reduces fire drills during the change window and ensures that the requested access will be reliably enabled.

Isolate Causes of Unwanted Access

In a complex network, it is very difficult to determine what devices and rules are responsible for unwanted access. RedSeal automatically identifies the set of devices that collectively enable access between any two points in your network. Within the devices, it even pinpoints the exact rules that enable the traffic flow. With RedSeal, your team will quickly isolate the root cause of risky or non-compliant access on your network.

Initiate, Track and Verify Trouble Tickets

Once you have decided to take action, RedSeal makes it easy to assign a task—and ensure that it is correctly completed. By clicking on any policy violation, RedSeal automatically opens a trouble ticket in the BMC Remedy Action Request System. From within RedSeal, you can view and track the status of the ticket as it is assigned and resolved. And, once the ticket is closed in Remedy, RedSeal will verify that the policy violation has actually been addressed before marking it complete.

Address Auditor Concerns & Avoid Findings

Demonstrating compliance to the never-ending stream of security auditors consumes significant time and resources from your team. RedSeal’s policy validation capabilities automate control testing, reducing the risk of findings in your audits. In addition, RedSeal’s reports detail your controls and validate that they are operating as intended. And because RedSeal software itself is an automated control, auditors often require significantly less sampling to sign off on your security, saving your organization time and expense.