Posts

RedSeal Enhances Digital Resilience Platform, Dramatically Reducing Network Analysis Time and Boosting Security Team Productivity

Expanded coverage of hybrid datacenters creates more complete and accurate network models
New integration apps accelerate incident investigations and bring live traffic into RedSeal platform

SUNNYVALE, Calif. – November 14, 2017 – RedSeal today announced new enhancements and integrations for its market leading network modeling and risk scoring platform, used by more than 40 U.S. government agencies and many Global 2000 companies worldwide.

More Holistic View Across Hybrid Datacenters

Nearly all large enterprises today include on-premise, cloud and virtualized networks, which results in network systems that are large, complex, and constantly changing. This makes it very difficult to have a complete and detailed understanding of the current state of a network. To address this, RedSeal is expanding its Software Defined Networks (SDN) and public cloud capabilities with the addition of Microsoft Azure ARM (Azure Resource Manager) modeling, and support for RedSeal’s virtual appliance to run on Microsoft Hypervisor, Hyper-V. This builds on its existing ability to model networks on Amazon Web Services Virtual Private Clouds (VPCs), and software-defined networks (SDNs) in VMWare NSX, and Cisco ACI.

CIS Benchmarks

RedSeal also announces support for CIS Benchmarks for Cisco, enabling customers to conduct secure configuration checks of their network devices against the CIS standard.

New Integrations for Improved Productivity

To improve security team productivity, RedSeal is adding new integration apps with IBM’s QRadar SIEM and Micro Focus ArcSight’s Enterprise Security Management (ESM) software. RedSeal customers can also bring live traffic information from Gigamon’s Visibility Platform directly into their RedSeal queries. Specifically:

  • Gigamon Visibility Platform customers can now call Gigamon from the RedSeal user interface to see if live traffic is occurring in any detailed path query in RedSeal.
  • Apps for IBM’s QRadar SIEM and Micro Focus ArcSight’s ESM dramatically reduce incident investigation times for users by giving them unprecedented network context and actionable intelligence. By integrating RedSeal’s network modeling platform into their current interface, they will be able to quickly kick off an incident investigation phase by cross launching the RedSeal IR query directly from the console of the product they use.

These add to RedSeal’s existing suite of integration apps with Splunk’s Enterprise Security SIEM, Rapid7’s Insight VM vulnerability management software, and ForeScout’s CounterACT, announced earlier this year.

“Bad actors continue to unleash advanced attacks targeting vulnerabilities enterprises don’t know exist,” Kurt Van Etten, vice president of product management at RedSeal. “The first step to improving digital resilience is to prepare for these unknown and unavoidable attacks by having a complete understanding of access across hybrid datacenters. These new enhancements bring our customers a holistic view of their network, whether on-premise, virtual or in the cloud, while accelerating incident containment times through increased power and deep integrations with current security solutions.”

About RedSeal
RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network. Follow RedSeal on Twitter at @redseal_co and on LinkedIn.

Contact:
Dean Fisk, Finn Partners
+1 (707) 292-4201
dean.fisk@finnpartners.com

RedSeal To Be Mega Sponsor at Splunk .conf2017 Showcasing RedSeal Adaptive Response App for Incident Response

Sunnyvale, Calif. – RedSeal, a leader in network modeling and cyber risk scoring, today announced it is a Mega sponsor of .conf2017: The 8th Annual Splunk Conference.  At booth M38, RedSeal will demonstrate how its network modeling and risk platform integrates with Splunk Enterprise Security (ES) to greatly accelerate incident investigation and containment. RedSeal became a member of the Splunk Adaptive Response Initiative in February 2017 and the RedSeal Adaptive Response App for Incident Response is currently available on Splunkbase.

“We made the decision to be a Mega sponsor of .conf two years in a row to reinforce the importance of integrating network context with existing security applications,” said CEO and Chairman of RedSeal Ray Rothrock. “The integration of  RedSeal’s network modeling and risk scoring platform with Splunk’s analytics-driven security platform provides security professionals with real-time visibility into the blast radius, potential attack paths and associated at-risk assets for an Indicator of Compromise.”

RedSeal’s Vice President of Product Management, Kurt Van Etten, will present a session titled Accelerate Incident Investigation with RedSeal and Splunk Adaptive Response Actions at .conf2017 on Thursday, September 28th. During the session, attendees will learn how RedSeal’s integration with Splunk ES leverages  the Splunk Adaptive Response framework to provide immediate answers to the following investigation-relevant questions:

  • What is the compromised device? Where is it physically and logically located?
  • What other critical assets can the threat access?
  • Can an untrusted network reach the compromised device?
  • What are the exact firewalls and rules you must modify to contain the threat?

.conf2017 will feature more than 200 technical sessions, including more than 80 customer presentations, and is expected to attract IT, security and business professionals from across the globe who know the value of their data. The conference will be held September 25-28, in Washington, DC at the Walter E. Washington Convention Center in Washington, DC, with three days of optional education classes through Splunk University, September 23-25, 2017.

.conf2017 attendees will learn how to gain Operational Intelligence from machine-generated data by improving customer experience and service delivery, enhancing IT performance, shipping better code faster, providing timely business insights or reaching new levels of security in their organization. With 85 of the Fortune 100 in attendance, it’s the best place to learn how leading companies are using Splunk. Attendees will share best practices, discover new features and ways to implement Splunk software to gain insights from their data. Register for .conf2017. At the conference, follow us on LinkedIn and Twitter  or follow the conference itself @splunkconf (all conversations tagged #splunkconf17).

About RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.

RedSeal Further Expands Its Hybrid Datacenter Modeling Capability with Seamless Integration with Cisco ACI

Security teams will gain holistic view of their entire network and boost productivity

SUNNYVALE, Calif. –  Today RedSeal increased its capabilities for modeling complex networks by adding a new integration with Cisco Application Centric Infrastructure (ACI). The integration between RedSeal’s network modeling and risk-scoring platform and Cisco ACI expands customers’ ability to create one, unified model of their hybrid datacenters —including devices that are on-premise, virtualized, and/or in a public cloud — and to conduct queries across all of these environments.

The digital infrastructure of today’s modern enterprise includes a complex array of on-premise, cloud and virtualized networks, which are constantly changing, making a complete and detailed understanding of the current state of a network a time-consuming and complex task. RedSeal’s ability to model complete hybrid datacenters – including software-defined networks (SDNs) in VMWare NSX and now Cisco ACI, as well as previously announced enhanced modeling of Amazon Web Services Virtual Private Clouds (VPCs) – gives customers a comprehensive view of their entire as-built network.

The Cisco ACI integration builds on RedSeal’s ability to provide critical visibility into access controls for these hybrid datacenter environments, as well as alert users to violations of customized policies they have established for their organizations. This capability also helps security teams be more productive by allowing them to quickly and accurately model devices and associated policies within the Cisco ACI fabric.

“Enterprise security teams are struggling, as they’re understaffed and under pressure. When it comes to understanding network access across and within all of their network fabrics, they’re in the dark,” said Kurt Van Etten, product VP at RedSeal. “They need a holistic view of their network that’s deeply integrated with their current security solutions. The integration of Cisco’s ACI fabric with the RedSeal platform provides this visibility, giving enterprise security teams much needed context for prioritizing vulnerabilities, accelerating incident response, managing compliance, and improving the overall resilience of their infrastructure.”

________________

About RedSeal
RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure.  Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams.  Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

Download our solution brief RedSeal and Cisco ACI.

RedSeal Joins Splunk Adaptive Response Initiative at RSA 2017

RedSeal and Splunk Combine Forces to Deliver Automated and Continuous Response, Optimize Analytics-Driven Security and Improve Operational Efficiency

SUNNYVALE, Calif. & SAN FRANCISCO – RedSeal, the leader in network modeling and cyber risk scoring, and Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that RedSeal has joined the Splunk® Adaptive Response Initiative. Powered by a growing list of leading cybersecurity technology vendors, Adaptive Response is a best-of-breed security initiative that leverages end-to-end context and continuous response to improve security operations with an adaptive security architecture. The announcement was made at the 2017 RSA Security Conference.

Following its unveiling at the 2016 RSA Security Conference, the Adaptive Response Initiative now includes over 20 participating vendors as members. With this extensive network, organizations can use Splunk Adaptive Response to further interact with data, extract and share new insights, gain more context and invoke actions across key security and IT domains. Ultimately, this allows customers to detect threats faster, make analytics-driven decisions and improve operational efficiencies within their Security Operations Center (SOC).

“Our increasingly digital world underscores the need for enterprise networks to be resilient to cyber events and network interruptions. Improved security posture and accelerated incident recovery are central to achieving this goal,” said Ray Rothrock, CEO of RedSeal. “By combining Splunk’s centrally positioned analytics-driven security platform with RedSeal’s network modeling and risk scoring platform, we are thrilled to help security professionals around the world gather even more context to detect threats quicker and deliver a more automated and continuous response against advanced attackers.”

While many organizations employ a layered, multi-vendor approach to security, most individual solutions are not designed to work together outside of the box. Splunk Enterprise Security (Splunk ES), working in conjunction with technologies like RedSeal’s network modeling and risk scoring platform, extends analytics-driven decision-making and improves detection, investigation and remediation times by centrally automating retrieval, sharing and response.

“We created the Adaptive Response Initiative so organizations could efficiently combat advanced attacks while utilizing their existing security architectures. Members like RedSeal are key to the success of Adaptive Response,” said Haiyan Song, senior vice president of security markets, Splunk. “Together we will solve this very challenging problem facing every enterprise.”

 

About RedSeal

RedSeal puts power in decision makers’ hands with the essential network modeling and risk scoring platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can improve their security posture, accelerate incident response, and improve the productivity of their network and security teams. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, Calif. and serves customers globally through a direct sales and channel partner network.

RedSeal Extends Digital Resilience Platform Across Network Environments, Improves Security and Network Teams’ Productivity with New Integrations

Expedites Analysis with Seamless Integration into Network Security Products from Splunk, Rapid7 and ForeScout

 SUNNYVALE, Calif. –  Today RedSeal (www.redseal.net) announced enhancements and new integrations for its market leading network modeling and risk scoring platform. The enhancements will give RedSeal users a single, comprehensive understanding of network security across their datacenter, cloud and software-defined networks.

The enhancements also help security teams be more productive despite ever-increasing demands by delivering actionable intelligence from RedSeal’s network modeling platform directly into Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose vulnerability management software, and ForeScout’s CounterACT.

“Enterprises today have complex network infrastructures with many point product security solutions,” said Ray Rothrock, chairman and CEO of RedSeal. “To improve their resilience in the face of inevitable attacks, they need a holistic view of their network that’s deeply integrated with their current security solutions.”

Platform Enhancements

The digital infrastructures for nearly all Global 2000 companies include on-premise, cloud and virtualized networks. The resulting networks are large, complex, and constantly changing, making a complete and detailed understanding of the current state of a network very difficult. To address this, RedSeal can now model complete networks – including software-defined networks (SDNs) in VMWare NSX and enhanced modeling of Amazon Web Services Virtual Private Clouds (VPCs).

RedSeal provides critical visibility into access controls for these SDN environments, and alerts users to violations of customized policies they’ve established for their organizations.

Expanded Integrations with Splunk, Rapid7 and ForeScout

To streamline security teams’ efforts, and further improve network security, RedSeal now integrates into the user interfaces of Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose vulnerability management software, and ForeScout’s CounterACT.

This improves the efficacy of each of these products, giving their users unprecedented network context within the tools, and in the format, they’re already using. Specifically:

  • Integration with Splunk’s Enterprise Security SIEM accelerates incident response efforts. RedSeal provides the SIEM with critical network context and identifies access paths to and from Indicators of Compromise (IOC) leading to other critical assets.
  • Integration with Rapid7’s Nexpose vulnerability management software identifies gaps in vulnerability scan coverage.
  • Integration with ForeScout’s CounterACT prioritizes hosts in terms of actual risk so appropriate action can be taken.

“Customers tell us that RedSeal’s unique information adds value to a number of their security functions,” said Rothrock. “Now they can get this information without having to open and learn another product. These apps give our customers even more productivity and efficiency, accelerating their ability to identify and respond to problems.”

To learn more, visit RedSeal Integration Apps.

About RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

RedSeal and ForeScout Federal CTOs Explain how They Jointly Map, Identify and Increase the Resilience of Public Sector Networks

Last month, Wallace Sann, the Public Sector CTO for ForeScout, and I sat down to chat about the current state of cybersecurity in the federal government. With ForeScout, government security teams can see devices as they join the network, control them, and orchestrate system-wide responses.

Many of our customers deploy both RedSeal and ForeScout side by side. I wanted to take a look at how government security teams were dealing with ongoing threats and the need to integrate difference cybersecurity tools into the “cyber stack.”

Our conversation is lightly edited for better clarity.

Wayne:  Describe the challenges that ForeScout solves for customers.

Wallace:  We help IT organizations identify IT resources and ensure their security posture. There’s always an “ah-ha moment” that occurs during a proof of concept. We see customers who swear by STIG, and will say they only have two versions of Adobe. We’ll show them that there are 6-7 versions running.  We tell you what’s on the network and classify it.

Wayne:  We often say that RedSeal is analogous to a battlefield map where you have various pieces of data coming in to update the topography map with the current situation. By placing the data into the context of the topography, you can understand where reinforcements are needed, where your critical assets are and more.

RedSeal’s map gives you this contextual information for your entire enterprise network. ForeScout makes the map more accurate, adapting to change in real time. It lets you identify assets in real time and can provide some context around device status at a more granular or tactical level.

Wallace:  Many companies I speak to can create policies on the fly, but ensuring that networks and endpoints are deployed properly and that policies can be enforced is a challenge.

Wayne:  Without a doubt. We were teaching a class for a bunch of IT professionals, telling them that RedSeal can identify routes around firewalls. If the networking team put a route around it, the most effective firewall won’t work. The class laughed. They intentionally routed around firewalls, because performance was too slow.

Endpoint compliance typically poses a huge challenge too. RedSeal can tell you what access a device has, but not necessarily when it comes online. Obviously, that’s one of the reasons we’re partnering with ForeScout.

Wallace:  ForeScout can provide visibility that the device is online and also provide some context around the endpoint. Perhaps RedSeal has a condition that DLP is running on the endpoint. ForeScout could tell you that DLP is not loaded, and therefore no access allowed.

Wayne: Inventory what’s there. Make sure it’s managed. If not managed, you may not know you were attacked and where they came in or went. If you have that inventory, you can prevent or at least respond quicker.

Another important component is assessing risk and knowing what is important to protect. Let’s say we have two hosts of equal value. If Host 1 is compromised, you can’t leapfrog any further. No other systems will be impacted. If Host 2 is compromised, 500 devices can be compromised including two that may have command and control over payroll or some critical systems. Where do you want to put added security and visibility? On the hot spots that open you up to the most risk!  We put things into network context and enable companies to be digitally resilient.

Wallace:  With so many security concerns to address, prioritization is critical.

Wayne:  IoT is obviously a trend that everyone is talking about and is becoming an increasing concern for agency IT Security orgs. How is ForeScout addressing IoT?

Wallace:  ForeScout provides visibility, classification and assessment. If it has an IP address, we can detect it. Classification is where we are getting better. We want to be able to tell you what that device is. Is it a security camera? A printer? A thermostat? We can classify most common devices, but we want to be 75-90% accurate in device classification. The problem is that many new devices are coming out every day. Many you can’t probe traditionally; it could take the device down.  And, you can’t put an agent on it.  So, we’re using other techniques to passively fingerprint a device (via power over Ethernet, deep packet inspection, and more), so we can get to 95% accuracy.

Wayne:  Do you see a lot IoT at customer sites, and are they concerned?

Wallace:  Some don’t realize they have an issue. Many don’t know that IoT devices are on their networks. We are seeing more cases where we are asked to assess IoT environments and address it. Before, we weren’t asked to take action. We used to be asked how many Windows and Mac devices there were. Now, there is a movement by government agencies to put anything with an IP address (the OT side) under the purview of the CISO.

Wayne:  We see a lot of devices – enterprise and consumer – that aren’t coded securely. IoT devices should be isolated, not connected to your mission critical operating environment.

Wallace:  I was curious how RedSeal handles IoT?

Wayne:  If there is vulnerability scan data, it tells us what OS, applications running, active ports, host name, MAC address, etc.  Without that data, we can grab some device data, but with ForeScout, can get more context/additional data about the device. ForeScout can tell you the devices are there. RedSeal can ensure that it’s segmented the way it should be. We can tell you it’s there and how you can get to it, people need to make decisions and act. We show IoT devices as a risk.

Wayne:  What are some of the trends that you are seeing that need to be addressed at customer sites?

Wallace:  From a native cloud perspective, we are working on extending the customer on-premise environment and bringing visibility and control to the cloud.   We are also working on making it easier to get security products to work together.  People don’t have the resources for integration and ongoing management.  We’re working to orchestrate bi-directionally with various toolsets to provide actionable intelligence – advanced threat detection, vulnerability assessment, etc.

We can take intel from other vendors, and ForeScout gives us the who, what, when, where from an endpoint to determine if that device should be on a network.

For example, an ATD vendor can detect malware (find it in their sandbox).  They will hand us an incident of compromise (hash, code, etc.).  We’ll look for those IoCs on devices on the network and then quarantine those devices.

Wayne: Security vendors need to work together.  Customers don’t want to be tied to a single vendor.  Thanks for your time today.

 

For more information, visit our websites at RedSeal and ForeScout.