Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

RedSeal Systems, Inc.

Product Version Certified: Security Risk Manager 3000
Certified for use with: NGX with Application Intelligence

Product Description: RedSeal SRM 3000 is a Security Risk Management solution which visualizes and quantifies business risk, pinpointing areas of exposure and giving guidance on how to best focus resources toward mitigation. SRM accomplishes this by combing an understanding of the network, including knowledge the permitted traffic flows as expressed in device configurations, along with vulnerability data and patch information to pinpoint actual attack vectors that may be exploited.
 
Key Features and Benefits
OPSEC Integration
Additional Information		 Clear
 
Company Description: RedSeal Systems develops enterprise security software that streamlines and automates the security management lifecycle. RedSeal´s solutions enable companies to quantify overall security, assess critical areas of risk, and validate that their security infrastructure successfully stops attacks. With RedSeal, enterprises can measure and reduce security risks, increase responsiveness to business demands, and reduce operational costs.
 
Key Features and Benefits

RedSeal SRM includes the following features and benefits:

Risk quantification – measures the network’s risk posture based on calculation of the exposure and value of network assets. RedSeal’s unique approach employs Adaptive Risk Analysis, a method by which the granularity of the output is adjusted based on the amount of input to the system.

Proactive mitigation – compiles a prioritized list of vulnerabilities and misconfigurations to indicate where to remediate first to gain the greatest reduction in risk.

Threat analysis – displays graphically, one breach at a time, the multi-step path an exploit can take to penetrate critical business resources. The threat map is based on the traffic analysis, any vulnerability data available, and RedSeal’s own knowledge base of vulnerabilities and impacts.

Network configuration checking – verifies that the configuration details on devices such as routers and firewalls do not have unintended consequences (such as inadvertently allowing too much access), highlights non-compliance of best security practices, and notifies users of general misconfigurations.

Traffic flow analysis – computes the real-world permitted traffic flows across the network, factoring in filtering rules and flow modifiers (such as NAT). The results can be compared to security policy requirements to quickly identify and pinpoint important infrastructure discrepancies that affect security and availability of key services.

Actionable trending and reporting – summarizes the network’s security posture over days, weeks, or months. Trending data is grouped to highlight vulnerabilities, changes in risk, and the security posture of important devices and groups (for example, SOX servers).
OPSEC Integration
RedSeal SRM 3000 uses the CPMI API to retrieve FW-1 configuration information from SmartCenter including interfaces, network objects, filtering rules, network address translation rules, service objects, and other configuration data. This information is used to build a network topology model as well as perform an analysis of permitted traffic flows throughout the network.
 
Additional Information

Security Risk Manager 3000 Datasheet