Finally, a Risk Assessment product that allows me to sleep better!

RedSeal, a risk assessment vendor, shoulders the load of my security prioritization.

If you're anything like me, the term 'sound asleep' is nothing but a fairy tale as Microsoft patches and application vulnerabilities dance around in your head!  Now, I hate marketing 'exaggerations' as much as the next guy (a primary reason I stopped attending the local ISACA meetings) but I can't help but praise a tool called RedSeal (and no I'm not getting any kickback from the vendor). 

About 8 months ago, I went on the hunt for a Risk Assessment software - something that will provide me a reliable bird's eye view into even the deepest and darkest subnets of my network and requires minimal legwork.  This is a screen capture from the dashboard that is showing the imminent threat paths from the 'big bad cloud' to trusted resources.

http://www.geospatialdefense.com/RedSeal/Internet-to-Trusted-Threats.png

Prior to RedSeal, to get a true evaluation of my network's security posture it would take me weeks to PAINFULLY cross correlate penetration testing results, vulnerability assessments, one-off security tools (i.e. nmap) and assessments of router/switch/firewall configs.  Not to mention all my other daily responsibilities!  The two/three week span of evaluation forced long hours and weekend work and let's face it - was outdated by the time I was finished!  I evaluated the ability and cost of several vendors and selected RedSeal.  There were two primary reasons for my selection (other the cost - which was a $90K delta) including compatibility with my current security architecture and the ability to provide "downstream risks" if an externally facing node was breached. 

It's no secret that network efficiency revolves around how well your:

• systems are identified by server classifications metrics
• internal tools communicate with each other
• correlate information feeds from each other
• and present it to the user.

Rarely can a security analyst get everything they need regarding an 'event' from just one application or one data location.  Assessing the network's risk is no different!  For my network, I was able to utilize the security strategies already deployed including - Qualys, Nessus, Tripwire, Foundstone, etc.  Every morning, RedSeal automatically imports the nightly scans and delta changes throughout the network from Tripwire and provides the 'latest and greatest' security posture (given the network probably doesn't change too significantly every 24 hours but better more information than not enough!)  Here are links to 2 of the better reports that I look at regularly.

http://www.geospatialdefense.com/RedSeal/Best Practice Changes_08_03_204429.pdf

http://www.geospatialdefense.com/RedSeal/Security Posture_08_03_204719.pdf

***Of course I couldn't post the results of my own network but I was able to extract some data from RedSeal's demo environment (thanks to Randy Williams and Rod Stuhlmuller). 

And lastly, the unsung hero - immediate exporting of an accurate network topology to Visio.  Since the software is importing scanners and configs it does a pretty good job of mapping the network infrastructure.

• Cisco
• INFOSEC
• network security
• risk assessment
• risk assessment software