Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

1/26/2010
04:32 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RedSeal Rolls Out Change Management

RedSeal Network Advisor 4.1 and RedSeal Vulnerability Advisor 4.1 are available immediately

San Mateo, CA " January 26, 2010 " RedSeal Systems, the leading provider of software for security posture management, today announced a set of new capabilities to help security and network organizations assess the security impact of changes to their IT infrastructures. The enhancements are being released in version 4.1 of RedSeal Network Advisor and RedSeal Vulnerability Advisor and build upon the industry-leading continuous monitoring and near real-time risk management capabilities already provided by these products.

The new capabilities in the 4.1 releases help IT organizations address a number of network security challenges:

Should I make a change? When a network change is proposed, RedSeal software automatically assesses the risks that the change will pose to the organization's security. It identifies vulnerabilities that will become attackable, any newly exposed hosts that could become launch points for attacks deeper into the organization, and any additional risk that will result from the change. This information enables IT organizations to identify mitigating steps (such as patching) that need to be taken before the change is implemented.

How do I make the change? In large networks, enabling access over the network requires changes to multiple firewalls, routers and load balancers. Precisely defining the required changes is complex and difficult. To reduce the chance of impacting availability, organizations often allow excessive access, creating security risks. RedSeal software automatically analyzes proposed end-to-end access to identify which devices must be changed, as well as the precise rules or ACLs that need modification. These capabilities improve both the accuracy and productivity of firewall and network operations groups.

Have past changes outlived their usefulness? Over time, some firewall rules will become obsolete. As these unused rules accumulate, they increase the complexity of managing the firewall and can pose security risks. RedSeal software evaluates firewalls and routers to identify rules that have become redundant, disabled, or that are no longer in use. This capability makes it easy for firewall operations groups to clean up rule sets to improve manageability and performance.

The greatest security issues often derive from changes that are not made to firewalls. Changes to servers, applications, and routers often necessitate corresponding changes to firewalls and the security infrastructure. If these required changes are not made, security breaches can easily occur. RedSeal software continuously monitors the entire IT infrastructure to ensure that the security components are providing the protection required by the application components. When a change anywhere compromises the security of the organization, RedSeal detects the issue, isolates the root cause and informs IT and business management of the risks and recommended actions for remediation.

"IT infrastructures and the security controls that protect them are constantly changing," said Tom Arthur, CEO, RedSeal Systems. "In today's complex environments, changes to either can easily open security holes that put an organization's systems and information at risk. RedSeal automates the continuous and comprehensive assessment of an organization's security posture to ensure that their critical assets are protected."

RedSeal Network Advisor 4.1 and RedSeal Vulnerability Advisor 4.1 are available immediately. Existing RedSeal customers will receive the new capabilities as part of their maintenance programs.

About RedSeal Systems, Inc.

RedSeal Systems develops security posture management software that enables organizations to assess and strengthen their cyber-defenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that could be exploited—before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls, routers, load balancers and hosts, delivering in-depth understanding of overall security posture, continuous compliance with regulations such as PCI, FISMA, and SOX, and actionable steps for risk remediation. For more information, visit RedSeal at www.redseal.net.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.