Prioritizing vulnerabilities purely by severity alone does not efficiently reduce the actual network attack surface
Security controls and network devices deployed within a large, complex network are able to provide or report millions of lines of data every day. This data can be a valuable and often unused asset to strengthen network security. Depending on the data source, the accuracy of the data, and whether or not it can be normalized, configuration data can be used for security visualization and predictive threat modeling. One valuable source of threat data that can be imported is vulnerability scan data.
Security Visualization for Predictive Threat Modeling
Context-Aware Vulnerability Prioritization
Most organizations invest significant resources to discover and remediate host vulnerabilities; however, because these assessments don’t consider network access, they often incorrectly place the greatest importance on vulnerabilities already mitigated by security controls already in place - such as firewalls. RedSeal provides security managers with the information and metrics needed to maximize the value of vulnerability prioritization and management initiatives to:
- Proactively identify those host vulnerabilities that can be accessed from untrusted networks to isolate weaknesses that represent significant risk for external attacks.
- Determine how effectively defenses have been aligned to prevent pivot attacks from advancing across infrastructure to give attackers access to exploitable vulnerabilities.
- Validate that existing vulnerability scanning initiatives are trained on those areas of the network that need to be tested most aggressively and plan future scanning efforts.
The RedSeal 6 Platform is able to identify these exposures before the attack happens - by automatically prioritizing vulnerabilities and analyzing them in the context of network access. Streamlining the remediation process, RedSeal allows organizations to focus their vulnerability management resources on the most significant elements of risk first, effectively closing the window of potential compromise.
Network Access Paths
and Mitigating Controls
With “Detailed Path” features, RedSeal 6 can identify the details between any two points within the network, and can see which devices and specific rules/ACLs enable or block the access. Results of Detailed Path reports can be exported to share with network engineering as part of the change control work process.
Impact and Exposure Assessment
for Rule / ACL Changes
Changes made to Firewall rules and router ACL’s are often made without a pre-implementation impact assessment of that change. When an impact assessment is made, it often takes many man hours to perform and the change must take place on the actual network prior to validation, potentially leaving the network exposed to greater risk. RedSeal allows IT Staff to make a change and impact assessment in minutes to identify the total number of hosts and vulnerabilities exposed by the change, and if any of the hosts present a leapfrog opportunity.