Network Security Assurance Software Prevents Data Breaches

RedSeal Network Advisor 4.0 uncovers security holes, verifies compliance with regulations and policy

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of this vendor's statements.

RedSeal Systems today announced RedSeal Network Advisor 4.0, network security assurance software that continuously analyzes the end-to-end interaction of firewalls, routers, and load balancers throughout the enterprise and comprehensively identifies security holes in the infrastructure. RedSeal also validates that corporate network security policy is enforced, enables rapid remediation of unintended exposures, and demonstrates regulatory compliance to auditors.

RedSeal software continuously analyzes every firewall rule and router ACL on the network to audit both individual devices and how those devices interact to deliver security to the business as a whole. It summarizes enabled and prohibited access in simple diagrams and reports so security management personnel can easily spot exposures that otherwise would have gone unnoticed until exploited by a hacker.

RedSeal Network Advisor 4.0 also verifies that the network enforces the security organization’s access policies, both internal and regulatory. Users can specify what access should be prohibited or allowed between security zones. RedSeal analyzes the access actually enabled on the network to verify that firewalls, routers, and other devices are correctly configured. If a violation is discovered, RedSeal notifies the appropriate personnel. It then isolates the root cause of the access, identifying the exact devices, rules, and ACLs that enable the risky access.

RedSeal Network Advisor 4.0 reduces the burden of audits for PCI DSS, NERC CIP, SOX, FISMA and other regulations. RedSeal automates control testing, decreasing the risk of a finding by auditors. RedSeal also offers reports that detail the controls and demonstrate that they are operating properly, lessening the time and cost associated with supporting each audit.

“The last year has seen a significant increase in both the number and seriousness of cyber-attacks.” said Tom Arthur, CEO of RedSeal Systems. “Organizations purchase billions of dollars of network security equipment each year to defend themselves, but a single configuration error can render their entire investment worthless. RedSeal’s software enables CISO's to make informed decisions before the next attack to assure their defensive posture is strong.”

Capabilities in RedSeal Network Advisor 4.0 include:

  • Network topology mapping: RedSeal generates and displays a map of the entire enterprise network, showing how subnets are interconnected by routers, firewalls, and other devices.

  • Automated firewall audit: RedSeal analyzes individual firewalls to identify common configuration issues such as redundant rules, weak authentication, and overly permissive access policies.

  • End-to-end assessment: RedSeal analyzes the interaction of all firewall, routers and load balancers throughout the enterprise to determine what access is allowed or denied between every two systems.

  • Security zone visualization: RedSeal summarizes the network infrastructure into security zones and determines the access between them. This instantly informs management if, for example, access exists between any internet or extranet connection and any financial server.

  • Continuous policy compliance: RedSeal aggregates network access policies, approvals and exceptions. It then continuously validates that the actual configuration of the network enforces these policies.

  • Root cause isolation: RedSeal automatically identifies the root cause of undesired access, pinpointing the exact devices, rules, and ACLs that combine to enable the access.

  • Closed-loop trouble ticket integration: RedSeal integrates with BMC Remedy Action Request System to open trouble tickets for policy violations. When the operations group marks the trouble ticket as complete, RedSeal will automatically verify that the violation has been remediated.

  • Compliance reporting: RedSeal automates control testing to prevent findings by an audit. RedSeal’s integrated reports document security policies (including approvals and exceptions) as well as demonstrate that the network complies with those policies.

RedSeal Vulnerability Advisor

RedSeal Systems today also announced RedSeal Vulnerability Advisor 4.0, software that integrates with RedSeal Network Advisor to assess the results of vulnerability scans in the context of network security. The software automatically identifies vulnerabilities that are exposed to untrusted networks or that can result in widespread access to critical systems. RedSeal prioritizes all vulnerabilities from enterprisewide scans to isolate those that must be remediated immediately due to the risks they pose. In addition, RedSeal Vulnerability Advisor identifies mitigation options, validates scan coverage, and provides reports for auditors that demonstrate control of business risk.

Pricing starts at $25,000. Existing customers of RedSeal SRM will receive RedSeal Network Advisor at no charge as part of their software maintenance agreement.

More information is available at www.redseal.net.