TECHNOLOGY INTEGRATION GUIDE INTRODUCTION RedSeal s cybersecurity analytics platform integrates data from your network devices and security solutions to provide a comprehensive model of your network and its security posture. By combining all this information, RedSeal optimizes the value of each individual solution, prioritizes security issues by putting them in the context of your network, and shortens remediation cycles. NETWORK DEVICES AND INFRASTRUCTURE Routers Alcatel-Lucent 7750SR-c12/OS 11.0.R4 SR-OS 11.0.R4 Arista EOS 4.2.7 4.11.4 Cisco IOS 11.0-15 Cisco IOS-XR 3.8 4.2 Cisco NX-OS 5.1 Cisco VPN-3000 4.x HP H3c Comware 5.20.106 HP ProCurve #K.15.12.0012 Juniper JunOS 8.5 10.4 + 11 & 12 Load Balancers A10 ACOS 2.7.1 Brocade IronWare BigIron/FastIron 8.0, ServerIronXL 7.5 Cisco CSS 11501/11050/ 11150 Citrix NetScaler 9.2 F5 BIG-IP 10.2, 11.0 11.3 Radware 4408 with Alteon software 26.x or 28.x Riverbed SteelApp SteelApp Traffic Manager 9.1 (Stingray) Firewalls Check Point File, OPSEC R65, R70, R71, R75, R76, R77 Cisco FWSM v2, v3, v4 Cisco PIX v6.3, v7, v8 Cisco ASA v8 Cisco Catalyst 6400 ACE A2 (3.1) Cisco ACE Software appliance A4 (2.1a) Fortinet Fortigate FortiOS 4.x, 5.x Juniper ScreenOS 6.x Juniper JunOS 8.5 10.4, plus 11 & 12 McAfee Firewall Enterprise 7, 8.1.2, 8.2.0, 8.2.1, 8.3 McAfee (Stonesoft) NGFW 5.7.0 Palo Alto Networks PAN-OS 4.x, 5.x, 6.x
Wireless Controllers Manufacturer Device name/os Versions support Aruba ArubaOS 6.1.3 Cisco Wireless Controller 7.4 Cisco Aironet IOS 11.0-15 Virtualized/cloud infrastructure AWS VPC N/A AWS Config N/A VMware vshieldedge VMware 5.5.0 CONFIGURATION MANAGEMENT DATABASES (CMDB) Manufacturer Name/OS Versions supported BMC Network Automation BladeLogic 8.2.0 Cisco Security Manager 4.3.0 EMC Ionix Voyence N/A HP Network Automation Opsware 7.6, 9.0, 9.1 Infoblox NetMRI 6.4.1, 6.9 Open source RANCID N/A SolarWinds NCM (Orion) 5.5.2, 6.0, 7.0.2, 7.1.1, 7.3 Tripwire Tripwire Enterprise 8.1, 8.1, 8.2 Note: Specific device support varies with each CMDB vendor. Please refer to RedSeal's Data Import Plugins Guide available from the RedSeal Support Portal for additional considerations on integration with CMDB systems. Note: RedSeal also supports importing device configurations that have been saved to a file. Refer to documentation from specific device vendors for additional information on using this methodology. 2 4/7/2015
SECURITY SOLUTIONS Vulnerability Scanners DDI Frontline 5.0 BeyondTrust REM Security Management Console 3.7.9 & 3.8 BeyondTrust eeye Retina 3.8 & 5.16 McAfee Vulnerability Manager 7.0.1 & 7.5 Open source nmap 6.25 Qualys QualysGuard 7.6 Rapid7 NeXpose 4.12 Symantec Vulnerability Manager 10.0.5 Tenable Nessus 4.6.2.1 & 4.8 Tripwire (ncircle) IP360 6.8.9, 6.9, & 7.3.x Security Management Cisco Enterprise 4.3.0 McAfee epo 4.5, 4.6, 5.1 Governance/Risk/Compliance (GRC) LockPath Keylight 4.1 RSA Archer 5.3 Symantec CCS Suite 11 Security Information and Event Management (SIEM) HP ArcSight ESM McAfee ESM 9.2 Splunk 6.1 3 4/7/2015
RedSeal Integrates and Optimizes Security Solutions OVERVIEW RedSeal s cybersecurity analytics platform creates a complete inventory of all of the Layer 3 devices and infrastructure in your network, including routers, load balancers and firewalls, along with cloud-based and virtualized devices. It imports configuration data to build a model of your network, including all connectivity and access paths between any two points on it. RedSeal correlates the model with vulnerability scan data to put security issues in context. With this, RedSeal is able to prioritize your network s most critical security issues (based on access/downstream access), so you can address them first. RedSeal makes your compliance initiatives as well as your own policies more efficient and effective. You can set up a policy in RedSeal, then monitor and prove compliance quickly and continuously. RedSeal has key controls for PCI, NIST 800-53. NERC CIP and HIPAA. IMPORTING AND ANALYZING DEVICE CONFIGURATIONS RedSeal uses a variety of communications methods to collect device configurations and security data. The following methods are supported, but may be specific to a particular device or solution: CVS (Concurrent Version System) FTP HTTP(S) Java Database Connector (JCBC) SCP SFTP (Secure FTP) SSH Telnet Windows File Share Configuration Management Databases (CMDB) RedSeal can get information from an existing CMDB to build the model of your network without having to access devices directly. Because RedSeal analyzes configuration settings, it helps identify any network devices not currently known or managed within the CMDB. Network devices (routers, load balancers, firewalls, wireless controllers) RedSeal can also directly access and analyze devices whose configurations are missing or incomplete. It analyzes the configuration files of your network security devices on multiple levels: Finds connected devices or hosts not otherwise known or identified Runs a series of vendor-specific industry best practices on all network devices Verifies the integrity of firewall rulesets, including identifying redundant or unused rules RedSeal can also import configuration data that has been saved to a file, so that direct access on the network is not required. For more information on importing from a file, refer to the RedSeal Plug-ins guide available on the RedSeal Support Portal, which gives more detail on what devices and file formats are available with this option. Cloud infrastructure (public and private) RedSeal enables you to unify your physical and cloud network security. It supports Amazon s popular Virtual Private Cloud (Amazon VPC), through either the AWS SDK or AWS Config. This integration with AWS allows RedSeal to analyze your 4 4/7/2015
cloud infrastructure and its connection to your physical network, including risk, policy compliance, and industry best practices. Virtualized infrastructure and datacenters RedSeal provides the ability to include details about virtualized environments in its model of your network. This includes processing ACL settings from virtual environments, modeling those environments, and factoring them into policy compliance and risk analysis. VULNERABILITY MANAGEMENT SOLUTIONS RedSeal incorporates vulnerability scan data from the industry s leading products and calculates every possible access path between all hosts. Using assigned (default or user defined) asset values and potential lateral movement or downstream risk, RedSeal s patented algorithms provide a list of the most critical actions you need to take to improve your network security. GOVERNANCE, RISK, AND COMPLIANCE (GRC) SOLUTIONS RedSeal can access data from GRC solutions, as well as provide data to a GRC solution. Sample integrations include: McAfee epo: RedSeal imports host information from epo. epo collects data from RedSeal including host attack risk, critical asset access and downstream risk which enables improved prioritization and policy setting. RSA Archer: RedSeal imports asset and group values, which are then used in RedSeal s risk metrics calculations and reports. Symantec: Control Compliance Suite (CCS) collects information from RedSeal, including host risk exposure, vulnerability status, and device best practice violations. LockPath: RedSeal enables faster remediation by sending prioritized vulnerability and risk information to LockPath s Keylight Security Manager, which routes it to the appropriate workgroup. RedSeal can also be configured to send data to SIEM solutions that enhances the context of the data these products provide to their customers. SECURITY INFORMATION and EVENT MANAGEMENT SOLUTIONS (SIEM) RedSeal can be configured to send data via syslog to external systems. The information that can be exported includes: Detailed host information, including risk metrics, compromised hosts, hosts reachable from untrusted zones, or hosts that have access to your most critical asses Results from RedSeal device best practice checks Anomalies in the network model (e.g. dangling subnets, duplicate IPs, etc.) Policy status summary for each policy you have defined (e.g. PCI, internal, etc.) Specific SIEM solutions that RedSeal integrates with include: HP ArcSight: RedSeal exports data directly into ArcSight ESM using the standard CEF communication format. Splunk: RedSeal exports data to a Splunk dashboard, including comparisons to industry best practices, vulnerabilities and downstream risk. McAfee ESM: RedSeal exports data via syslog IBM QRadar: RedSeal exports data via syslog 5 4/7/2015