Rapid Analysis of Internet Exposure

RedSeal Cloud provides an in-depth visualization of the topology and hierarchy of your cloud security infrastructure, including connectivity between all resources and the Internet. RedSeal Cloud’s Real Exposure feature analyzes connectivity from an end-to-end perspective, identifies what is really exposed to the Internet and provides:  

  • A list of resources (subnets/instances) deemed critical based on tags, VPCs, VNets and subnets 
  • Specific services that are exposed (e.g. HTTPS (443), SSH/TCP(22), SMTP/TCP(25)) with details about how the exposure occurred 
  • Policy checkpoints in place and their exact location 
  • Information about traffic that can enter/exit a policy checkpoint and what controls are enabling entry/exit 

DEMO: RedSeal Cloud Exposure Management

During this installment of the RedSeal Cloud Demonstration Series, we will show how RedSeal Cloud, our new Cloud Security Posture Management Platform performs Cloud Exposure Management. We will walk you through a use case for Amy, a Cloud Security Engineer, who has been tasked with verifying that Corporate Critical Resources are not exposed to the Internet.

RedSeal Cloud Case Studies


Identify Critical Resources Inadvertently Exposed to the Internet

Accurately visualize your entire infrastructure

Easily remediate incidents via seamless ticketing integration

Display cloud security posture over time and see where you are most exposed


Visualize Your Multi-Cloud Inventory and Connectivity with Maps

Proactively map all of your Azure subscriptions and AWS accounts

Map your gateways, subnets, VPCs, VNets, and security groups

Quickly identify any environment changes with automated reports


Achieve Continuous Compliance in Your Multi-Cloud

Simplify and ensure continuous 24/7 compliance

Provide extensive reporting on compliance status

Enable customized compliance policies appropriate for your organization


Real Exposure identifies the tags that have resources (subnets and instances) that are exposed to the Internet and provides detailed drill down to identify the specific resources. It also provides detailed drill down to see precisely how the exposure has occurred.  

RedSeal Stratus has real exposure that identifies subnets and instances that are exposed with an in-depth visualization of organization’s AWS cloud inventory and Azure cloud inventory.
With RedSeal’s Stratus organizations can accurately visualize and map their entire cloud inventory infrastructure. Organizations can easily mitigate incidents while displaying their cloud security posture to identify any critical resources exposed with root cause analysis.

The detailed drill down of each resource explains the exposure including: 

  • The path from the resource to the Internet and all checkpoints in-between 
  • Detailed information about controls and policies at each checkpoint allowing or denying access 
  • Specific identification of ports/protocols controlling the access that may allow Internet exposure 


These unique features provide much greater detail than standard tools provided by Cloud Service Providers. By analyzing the details of the actual paths to the Internet, showing all of the security checkpoints and their associated policies (filters, controls), RedSeal Cloud enables security teams to: 

  • Proactively identify all possible paths from the Internet to critical resources (not just paths with traffic) with an agentless approach  
  • Identify unintended exposure to the Internet with detailed information about how traffic is traveling through the various security controls 
  • Create targeted remediation strategies that eliminate unintended exposure 
  • Ensure compliance with security policies related to Internet exposure (e.g. PCI-DSS) throughout your entire public and private cloud infrastructure 
Eliminate unintended risk exposures with RedSeal Stratus. All network infrastructures and cloud inventories are mapped into a single pane of glass to help identify vulnerability pathways to secure your ransomware attack against sophisticated cybercriminals.


Stop unintended exposure and bring all your AWS and Azure network infrastructure and EKS, AKS and GKE inventory into a single comprehensive visualization.