How RedSeal’s network modeling and risk scoring platform works.
The primary input for your network model comes from configuration files RedSeal takes in from switches, routers, firewalls and load balancers. RedSeal integrates with your public cloud and private cloud managers to include all your network environments in the network model. And, RedSeal imports host and vulnerability data from vulnerability scanners and other sources.
This network modeling is done without agents, span ports or taps and without being in line with production traffic or consuming net flow data.
With this information, RedSeal uses its patented algorithms to calculate an accurate model of your network and how data can move through it. You can liken this to the roads on a map. RedSeal can show you how (or if) data can move from any point to another.
Next, RedSeal overlays the host and endpoint information, along with identified vulnerabilities. This is like placing houses and buildings along the roads – with information about broken doors and windows.
But, this is not a map, it’s a model. A visual, responsive model you can update daily, ask questions and learn from.
Risk and compliance managers can see if their network was set up as intended, and get alerts if anything changes. They can see if networking devices are securely configured and know exactly what line in the configuration to fix to make them more secure. RedSeal shows them their entire network and network security infrastructure, so they aren’t surprised by risks from datacenters they thought were decommissioned or unauthorized AWS instances. And, they will get a single metric – RedSeal’s Digital Resilience Score — to communicate with their executives. This metric can also demonstrate the network’s security posture to cyber insurance providers.
Vulnerability managers can identify areas of their network their scanners are missing and determine the best places to put those scanners. They can also improve their prioritization, since RedSeal calculates vulnerability risk scores that consider not only vulnerability severity and asset value, but also how accessible that vulnerability is from an untrusted network, such as the internet or a partner network. The calculation includes assets downstream from the vulnerability.
Incident responders can speed their investigation and containment with the network situational awareness RedSeal supplies. RedSeal connects with SIEMs, quickly locating compromised devices and determining which assets bad actors could reach from there. RedSeal’s cyber situational awareness provides the specific information they need to implement containment options, so they can decide what action to take – from increasing monitoring to placing honey pots, to changing firewall rules, to simply unplugging the device.
Network security personnel will be able to validate and manage their network segmentation and see their network security infrastructure. They’ll be able to analyze proposed network changes and determine if they violate a policy or introduce new security risks.
Network operations personnel will benefit from one comprehensive view of their network infrastructure they can use for troubleshooting. They can get detailed access information across private cloud, public cloud and physical assets. And, they can see a record of changes to their network.