The goal of security visualization is to absorb vast amounts of data quickly, in order to prevent cyber threats and proactively manage risks.
THE PROBLEM
Networks are Becoming Increasingly More Complex
Networks are becoming more complex for a number of reasons. Rapid growth to meet business needs is often where control of the network is initially lost. In addition, many networks grow organically under the stewardship of different administrators, often with different philosophies on operations that will induce misconfigurations and operational management shortfalls. Network modifications in order to allow for the implementation of new technologies can be another factor; and the increasing requirements to secure company data for business as well as compliance requirements. In addition, companies are especially vulnerable to network dark space, the up to 18% of the network infrastructure that is unmanaged, unmonitored, and unseen.
All of these factors combined can contribute to what is known as network drift and can incur significant effort to correct, not to mention the increased risk involved when trying to secure corporate and/or sensitive data.
THE SOLUTION
Security Risk Management
with RedSeal
The RedSeal 6 Platform is a Security Risk Management solution for cyber-attack prevention that provides continuous monitoring of the infrastructure access paths within both corporate and government network environments.
The RedSeal 6 Platform:
-
Gathers the configuration files of all
the Layer 3 network devices including firewalls, routers, mobile device controllers and load balancers -
Builds a virtual model of your network daily by
analyzing how the rules on all of these devices work together - Validates these access configurations against Governmental and Industry-driven regulations as well as internally defined security policies
THE RESULT
On demand, precise end-to-end mapping of network access paths and the contextual
impact they have on the network as a whole.
Solving the Puzzle of Network Complexity
One of the main reasons why breaches continue to happen is that it is very difficult to visualize and maintain consistent access policy across multiple, disparate IP-based network devices and security controls. With thousands of ACL’s to configure and manage across the enterprise weekly, organizations have little assurance of their accuracy other than manual approval and a costly and painful annual audit.
Visualize Your Network
Using RedSeal, a default baseline policy can be extracted from the devices already imbedded within the network to create a navigable topology map, modeling the entire network. This allows organizations to visually understand the relationships between devices, the default access paths, and whether or not the wired and wireless network is compliant against the requirements for secure business operations. Changes made to the network can be validated against the model prior to implementation to ensure that inadvertent exposures are kept to a minimum without incurring actual risk.
The unsurpassed value RedSeal brings to the network in helping organizations visualize the security infrastructure, streamline policy creation, and meet audit and compliance initiatives - may well prove to be the cornerstone of network security going forward.
Becoming Consistently Compliant
Because of the time and costs involved, enterprises have started to move away from the tactical once-a-year ‘data dump’ audit to a more strategic continual compliance process with investments made in automated tools to help streamline their processes and procedures.
Continuous Monitoring
Continuous monitoring offers an additional layer of oversight over the security architecture already deployed within the network and can attest to the effectiveness of internal controls. This approach greatly lessens the workload on IT departments when an actual audit approaches, as a historical record of change control and validation is available to prove ongoing compliance with the required regulations. Questions every organization needs to ask and answer include “Was I compliant last week?” and “Am I compliant now, six months after the audit?” with supporting analytics to prove the response. In order to do this, organizations must invest in automation, as a manual process cannot hope to achieve the level of performance required.
Automated Compliance
The RedSeal 6 Platform provides an “out of the box”
policy mapped to PCI DSS and FISMA requirements.
By comparing the model of the network security architecture
to a predefined policy template, RedSeal continuously and automatically identifies problems as they surface and before auditors arrive. A simple graphical representation depicts security zones and connectors represent the inter-zone compliance status to help identify strict policy violations that need to be addressed or warnings that require business approval.
The ongoing threat of network drift requires a centralized approach based on the continuous monitoring of key infrastructure assets to protect against critical data theft.
Identifying Risk and Minimize Attack Surface
Most large enterprises identify thousands of vulnerabilities every time they conduct a vulnerability assessment. Prioritizing remediation efforts is key to an effective security management program. Unfortunately, the prioritization offered by scanners doesn’t take into account the exposure and protection provided by the network infrastructure, so figuring out which vulnerabilities need to be remediated or shielded by a compensating control is the real challenge.
Prioritize Vulnerabilities and Manage IT Risk
Without the ability to prioritize vulnerabilities for remediation based on whether the vulnerabilities are directly or indirectly exposed, they just identify the highest risk score vulnerabilities in the abstract, regardless of the specifics
of your network.
All vulnerabilities are not created equal and do not represent the same level of risk to an organization. Even the same vulnerability can differ greatly in significance depending on whether it’s directly exposed to attack, or well protected, deep inside defensive infrastructure.
With the ability to import host vulnerability data into RedSeal, network administrators can perform context aware analyses of host vulnerability data in relation to access paths and
other vulnerabilities to determine if the vulnerability is exposed and a higher priority than
a non-exposed vulnerability shielded by a firewall.
RedSeal supports many of the leading Vulnerability Management solutions, including main stream vendors such as eEye, McAfee, nCircle, Qualys, Rapid 7 and Tennable Nessus.