RedSeal supports six of the eight DHS CDM DEFEND solution requirements.:
Hardware Asset Management: RedSeal’s complete network map and network device inventory provides a framework for hardware inventory processes and discovery. The solution also provides a complete inventory of in-scope Layer 2 and Layer 3 network devices.
Configuration Settings Management: RedSeal automatically analyzes individual device configurations to see if they are secure. This includes password policies for firewalls, routers, load balancers, and wireless controllers, services enabled, logical port configurations, and networking parameters. You can also create custom checks and be notified automatically about any deviations from baselines.
Vulnerability Management: At the highest level, vulnerability management consists of two tasks: vulnerability scanning and remediation. RedSeal can determine if you have any gaps in your vulnerability scan coverage and identify the device blocking it. In addition, RedSeal has a unique ability to prioritize remediation by identifying the vulnerabilities that pose the highest risk—in each network.
Boundary Protection: Effective boundary protections are typically based on network architecture and access policies on routers, switches and firewalls. In practice, it is extremely difficult to operationalize this control, especially in multi-vendor environments. However, RedSeal Is able to analyze networks continuously and evaluate possible connectivity against desired policy.
Incident Response: Many information sources and technical disciplines must work in concert for effective incident response. Once an indicator of compromise is identified by a SIEM, RedSeal brings network topology and reachability information to help determine how significant the risk is and what systems may be at risk. Normally this is a manual and time-consuming process, relying on traceroutes and network maps that are often out of date. RedSeal automates this entire network investigation process, providing incident response teams with accurate information about network exploitation paths so their response can be quicker and more focused.