"Many enterprise networks are burdened by complex sets of access rules distributed across firewalls, routers, and other infrastructure devices. With every new rule or rule change there is the potential to create a gap in the network's defense and violate an enterprise security policy or a mandated control," said Phil Schacter, vice president and service director for The Burton Group's Security and Risk Management Strategies. "A systematic approach is needed to validate that current network security rules are consistent with required controls and enterprise security policies."
RedSeal software continuously analyzes every firewall rule and router ACL on the network to audit both individual devices and how those devices interact to deliver security to the business as a whole. It summarizes enabled and prohibited access in simple diagrams and reports. These enable security management personnel to easily spot exposures that otherwise would have gone unnoticed until exploited by a hacker.
RedSeal Network Advisor 4.0 also verifies that the network enforces the security organization's access policies, both internal and regulatory. Users can specify what access should be prohibited or allowed between security zones. RedSeal analyzes the access actually enabled on the network to verify that firewalls, routers and other devices are correctly configured. If a violation is discovered, RedSeal notifies the appropriate personnel. It then isolates the root cause of the access, identifying the exact devices, rules and ACLs that enable the risky access.
RedSeal Network Advisor 4.0 reduces the burden of audits for PCI DSS, NERC CIP, SOX, FISMA and other regulations. RedSeal automates control testing, decreasing the risk of a finding by auditors. RedSeal also offers reports that detail the controls and demonstrate that they are operating properly, lessening the time and cost associated with supporting each audit.
"The last year has seen a significant increase in both the number and seriousness of cyber-attacks." said Tom Arthur, CEO of RedSeal Systems. "Organizations purchase billions of dollars of network security equipment each year to defend themselves, but a single configuration error can render their entire investment worthless. RedSeal's software enables CISO's to make informed decisions before the next attack to assure their defensive posture is strong."
Features and Benefits Specific capabilities in RedSeal Network Advisor 4.0 include:
RedSeal Vulnerability Advisor RedSeal Systems today also announced RedSeal Vulnerability Advisor 4.0, software for actionable vulnerability management. RedSeal Vulnerability Advisor integrates with RedSeal Network Advisor to assess the results of vulnerability scans in the context of network security. This automatically identifies vulnerabilities that are exposed to untrusted networks or that can result in widespread access to critical systems. RedSeal prioritizes all vulnerabilities from enterprise-wide scans to isolate those that must be remediated immediately due to the risk they pose. In addition, RedSeal Vulnerability Advisor identifies mitigation options, validates scan coverage and provides reports for auditors that demonstrate control of business risk.
Pricing and Availability RedSeal Network Advisor will be available in late June 2009. Pricing starts at $25,000. Existing customers of RedSeal SRM will receive RedSeal Network Advisor at no charge as part of their software maintenance agreement.
About RedSeal Systems, Inc. RedSeal Systems develops security assurance software that enables organizations to assess and strengthen their cyber-defenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that could be exploited-before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls, routers, load balancers and hosts, delivering in-depth understanding of overall security posture, continuous compliance with regulations such as PCI, FISMA, and SOX, and actionable steps for risk remediation. For more information, visit RedSeal at http://www.redseal.net.