Empowering Enterprises to Continuously Monitor IT Compliance and Mitigate Risk Proactively
Over the last decade, networks have become increasingly more complex due to the cumulative demands of user and connectivity requirements, business operations and regulatory compliance mandates. This increased complexity and connectivity leaves IT resources struggling to meet the necessary security standards required to address today s dynamic TCP/IP based environments.
Every year, companies spend billions of dollars on firewalls, proxies, routers and other devices to prevent unauthorized access to their network, and yet security breaches are still common. One of the main reasons why breaches continue to happen is that it is very difficult to visualize and maintain consistent access policy across multiple, disparate IP-based network devices and security controls. In addition, new technologies such as virtualization and unmanaged mobile devices (BYOD) compound the problem of complexity as the methodologies for securing and managing them are still in the process of reaching maturity. A large, complex network equals hundreds of thousands of access rules and it is very difficult to determine which devices and rules are responsible for unwanted access. Unwanted open access paths that contain vulnerabilities running on network devices or hosts will allow an attacker to leapfrog across the network to gain access to critical data systems. Most organizations make rule changes daily, with little assurance of their accuracy other than a manual approval process and an annual IT audit which often leads to network drift and ultimately, the compromise of the network.
RedSeal 6 Platform The RedSeal 6 Platform is a security risk management solution that provides continuous monitoring of the access paths within both corporate and government network environments. In order to support the ever increasing IT workload, new platforms are emerging as a means to help mitigate complexity and reduce the overall risk. Every day, RedSeal gathers the configurations of all the network devices: firewalls, routers, and load balancers, building a virtual model of your network by analyzing how the rules on all of these devices work together to defend business assets. In turn, it can validate these access configurations against governmental and industry-driven regulations as well as internally defined security policies. The result: precise mapping of network access paths and the contextual impact it has on the network as a whole. RedSeal Networks is the leading provider of security risk management solutions that enable enterprises to continuously audit and monitor IT compliance and risk to reduce cyber-theft. The RedSeal 6 Platform has the ability to perform network device best practice checks and correlate network situational awareness with host and system vulnerability data. Using this analysis, IT departments can now identify and remediate vulnerabilities in context of network access, and deprioritize those vulnerabilities that are less critical as they may be shielded by mitigating controls such as firewalls. The RedSeal 6 platform supplements traditional and next generation network infrastructure, SIEM systems, and GRC platforms which are unable to deliver proactive network security. RedSeal delivers the industry s most powerful network and security operational insights using patented network visualization and predictive threat modeling. Backed by Venrock, OVP, Sutter Hill, JAFCO, Leapfrog and In-Q-Tel, RedSeal is used by the world s largest government and commercial organizations to dramatically cut compliance costs and effectively prioritize vulnerability remediation efforts. 2
RedSeal 6 allows organizations to: Pinpoint weaknesses and risk through complete end to end network visibility, with support for all network device and security software vendor solutions via a comprehensive partner ecosystem. Improve productivity with automated, exposure-based remediation prioritization to mitigate cyber risk. Maximize efficacy of existing security investments with predictive threat modeling and metrics for in-depth assurance and situational awareness. Cut compliance costs with automated continuous audit and control monitoring of the entire network device infrastructure. RedSeal Networks provides Best in Class security visualization of the network, cuts compliance costs with automated validation of controls, and is proven in some of the world s largest and most complex IT environments. Using advance network analysis and correlation of host vulnerability data, RedSeal provides unsurpassed visibility into enterprise-wide threats and risks continuously. 3
4 The RedSeal 6 Platform Architecture
Visualize and Define Policy A default baseline policy can be extracted from the configurations of devices already imbedded within the network. In order to extract that de-facto policy, the RedSeal 6 Platform gathers all the configuration files of all the network devices to create a navigatable topology map, modeling the entire network. This allows organizations to visually understand the relationships between devices, the default access paths, and whether or not the network is compliant against requirements for secure business operations. Changes made to the network can be validated against the model prior to implementation to ensure that inadvertent exposures are kept to a minimum without incurring actual risk. The network topology map is an interactive model of the layer 3 and 4 network security architecture that allows organizations to: Visualize all possible access paths from any source to any destination on any port or protocol. Map the specific topology of all firewalls, routers, mobile device controllers and security devices deployed across the entire network to understand precisely where and how defenses are aligned. Analyze access across all of those devices to model precisely how devices are implemented to permit or deny entrance to the network and sensitive assets. Demarcate specific groups of devices and create zones based on assets business functionality to assess how access is allowed or prevented related to organizational demands. Zones and policies can be as simple or as complex as defined by an organization. Within the RedSeal 6 Platform they are critical in helping to simplify complex networks, allowing a business to perform continuous compliance monitoring of network access controls and segmentation against regulatory or internal information security policies. For instance, companies could map their NERC CIP or SOX controls to a policy, or simply identify critical systems and evaluate all access from the entire network to those systems. 5
Validate Access Controls Validating that the devices and access controls within your network meet a minimum security standard is a challenge for any organization, especially when there are thousands of disparate routers and firewalls dispersed throughout a global infrastructure. Also, the ubiquitous nature of change in enterprise networks, coupled with ever-more-sophisticated threats, causes most organizations to struggle to understand whether the security policies they have implemented are functioning properly. Without the help of automation, the answer is often lost in an unmanageable mountain of configuration data. The RedSeal Platform allows organizations to: Automatically analyze the current deployment of all network security devices in relation to over 130 best practices including those published by NIST, ISO, DISA and individual device vendors. Holistically assess network-wide access within the context of organizational policies to ensure adherence and identify problems proactively. Identify direct access enabled to any critical systems from the internet, internal or other external untrusted networks. RedSeal gives organizations the ability to verify that their investments in network security infrastructure are delivering desired results and aligning to prevent unwanted access. The RedSeal 6 Platform helps organizations normalize, and then analyze device configurations against best practices to ensure that misconfigurations or insecure services do not expose the network infrastructure to increased risk in addition to identifying data access paths running throughout the network. Automation is a requirement. I recently calculated that it would take a super-human network analyst roughly four years to complete the analysis RedSeal performs in a few hours. Doug Dexter, IT Audit Team Leader, Cisco Systems 6
Context-Aware Vulnerability Prioritization Most organizations invest significant resources to discover and remediate host vulnerabilities; however, because these assessments don t consider network access they often incorrectly place the greatest importance on vulnerabilities already mitigated by compensating controls such as firewalls. RedSeal provides security managers with the information and metrics needed to maximize the value of vulnerability management initiatives to: Proactively identify those host vulnerabilities that can be accessed from untrusted networks to isolate weaknesses that represent significant risk for external attacks. Determine how effectively defenses have been aligned to prevent pivot attacks from advancing across infrastructure to give attackers access to exploitable vulnerabilities. Validate existing vulnerability scanning initiatives are focused on those areas of the network that need to be tested most aggressively with planned future scanning efforts. RedSeal streamlines the remediation process by allowing organizations to focus their vulnerability management resources on the most significant elements of risk within a very short timeframe, effectively closing the window of potential compromise. 7
DMZ SUBNET B CRITICAL RESOURCES INTERNET SUBNET A SUBNET C The diagram above depicts how an attacker can gain ground within the network through access misconfigurations and exploiting vulnerabilities down the access path of the network itself. 8
RedSeal automatically prioritizes vulnerabilities by analyzing them in the context of network access. To identify the most critical vulnerabilities, RedSeal evaluates: Direct exposure of a vulnerability to untrusted networks Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts The potential for a vulnerability to allow an attacker to leap-frog deeper into the network The business value of the vulnerable host The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS) Organizations will know which vulnerabilities require immediate action and will be able to justify this action to the operations group. Companies will have access to comprehensive reports of all of their vulnerabilities prioritized by upstream exposure, downstream risk and overall risk to the business. Before RedSeal, it was challenging to give a true assessment of IT risk. With RedSeal, we now have a clear picture of risk and continuously know where we stand. Kanon Cozad, Senior Vice President and Director of Enterprise Architecture, UMB Financial Corporation 9
Reduce the Network Attack Surface Most large enterprises identify thousands of vulnerabilities every time they conduct a vulnerability assessment. Prioritizing remediation efforts is key to an effective security management program. Unfortunately, the prioritization offered by scanners doesn t take into account the exposure and protection provided by the network infrastructure, so figuring out which vulnerabilities need to be remediated or shielded by a compensating control is the real challenge. In addition to best practice, device-specific standards, the RedSeal 6 Platform can help organizations prioritize their host and device vulnerability data in context to network access. RedSeal helps to highlight which vulnerabilities down the access path really are critical to remediate immediately, rather than the time and resource intensive approach of fixing all vulnerabilities over time wherever they may reside. Visualize risk, attack paths, compliance and vulnerabilities. 10
Prevent Incidents with Proactive Management At an average cost of $7.2 million dollars, security breaches can have a significant negative impact on an organization including lost productivity and profitability. In addition, incidents take time, budget and resources away from other projects that are needed to expand business operations. Therefore, identifying and preventing risk to protect the enterprise from imminent attack requires a more proactive approach to network security. The adage of prevention is better than the cure continues to be true and will always yield the most return on investment (ROI) versus a reactive security approach using less effective, incident-based solutions. Using RedSeal reports and interactive analysis such as the heat map, organizations can quickly identify the sources that induce the most risk across the entire network. The data could span tens of thousands of network devices and hundreds of thousands of hosts, but visually quantified in a single screen. The key is to analyze the data in context to the network access paths and whether or not the vulnerabilities are directly or indirectly exposed, helping to narrow the focus on the most critical and immediate systems posing risk. Quantify and qualify risk. 11
Continuous Monitoring For Compliance While industry and governmental compliance mandates go a long way to address the issue of security breaches to sensitive data using a non-bias, third-party audit, it is only a basic guideline of security needed to ensure a minimum standard of protection. Unfortunately, these audits happen infrequently and rarely reflect the true operational security posture of the network. The lack of accurate, traceable access control data can still leave organizations open to attack, even if they have complied with an audit just a few days prior. Change is constant in a large complex network in order to keep up with changing business requirements, and if not properly tracked incurs significant risk. What is needed is a continuous program to audit and monitor network and security controls to ensure that compliance is effective on an on-going basis. Continuous monitoring offers an additional layer of visibility that can effectively attest to the effectiveness of internal controls. This approach greatly lessens the workload on IT departments when an actual audit approaches, as a historical record of change control and validation is available to prove ongoing compliance with the required regulations. Questions every organization needs to ask and answer include Was I compliant last week? and Am I compliant now, six months after the audit? with supporting analytics to prove the response. The RedSeal platform effectively addresses both the continuous audit and continuous control monitoring disciplines to ensure the ongoing configuration and operational integrity of network devices deployed within the enterprise infrastructure. Continuous monitoring technologies such as RedSeal will enable the U.S. Intelligence Community to effectively operate the complex, dynamic network defenses that protect critical information and systems. We believe RedSeal s capabilities have widespread applicability throughout the federal government as agencies strive to improve their security posture. William Strecker, Executive Vice President of Architecture and Engineering and CTO of In-Q-Tel 12
Demonstrating Compliance Government and industry regulators continue to extend and refine the requirements of their network security standards, forcing organizations to prove that these measures have not only been implemented but are also being validated to ensure continuous compliance. RedSeal gives security and audit management staff the ability to define required policies and analyze compliance network-wide on an ongoing basis to: Confirm that controls are in place and functioning to enforce zone relationships within the specific parameters of regulations including PCI DSS, SOX, FISMA and NERC CIP. Provide auditors with detailed proof demonstrating that compliance is being maintained continuously and validated via automation on a regular basis. Document justification for access and detail on temporary exceptions, including information on who requested the modifications as well as when it was granted, and why. Covers thirty-seven requirements within Sections 1, 2, 6, 10 and 11 of the PCI DSS 2.0 Standard. Comply with requirements from governmental and regulatory compliance mandates. 13
we are subject to numerous regulations for compliance. RedSeal automatically monitors our network controls to assure that they are operating as intended to continuously maintain compliance and streamline security audits. Adam Rice, Chief Security Officer, Tata Communications The RedSeal 6 Platform provides an out of the box policy mapped to PCI DSS and FISMA requirements. By comparing the model of the network security architecture to a predefined PCI or FISMA policy template, RedSeal continuously and automatically identifies problems as they surface and before auditors arrive. A simple graphical representation depicts the defined policy and PCI security zones, and the arrows represent inter-zone compliance status. Red warning arrows indicate strict violations that need to be addressed, and yellow warning arrows represent allowed traffic that requires approval. Custom policies can also be built around other regulatory compliance initiatives. A business level individual such as a CFO or Audit and Compliance Manager can immediately see the business value of the RedSeal predefined and custom reporting options and use them to good effect. In turn, the organization as a whole benefits from the reduced lack of disruption caused to the IT department during the discovery and data collection phase of an IT audit. Identify problems before auditors arrive. 14
Reporting and Metrics Large enterprise networks are typically overseen by a diverse set of management and operational staff, making it extremely difficult to effectively communicate all the information needed by different constituencies to enact change and understand how trends impact their domains. RedSeal empowers security management to distribute key security information and metrics across the entire organization to: Communicate key security performance metrics to business management and operational staff to illustrate trends and highlight the efficacy of ongoing programs. Create heat maps and other visualizations that can be used to demonstrate risk across varied constituencies and illustrate problematic issues clearly to stakeholders. Use the REST API framework to integrate RedSeal data into enterprise reporting systems, SIEM and other applications to enable unified security management. Provide auditors with detailed proof demonstrating that compliance is being maintained continuously and validated via automation on a regular basis. By generating an extensive array of reports and metrics that allow security posture information to be shared more efficiently across the entire organization, RedSeal offers security leaders a common language for proving results and driving more informed risk calculation. Communicate security trends and metrics. 15
Global Support & Services RedSeal Networks Professional Services RedSeal Professional Services offer customized solutions that address fundamental aspects of advancing a RedSeal deployment. If further customization is required from integration to API-based development to optimize day-to-day use, our team of experts can be on hand to quickly support your organization. Each RedSeal Professional Services engagement is designed to deliver a targeted range of deliverables and hands-on best practices. Every offering has been architected to ensure that your implementation of our solution meets specific goals that measurably strengthen network defenses, advance sustainment of continuous compliance and drive down risk exposure. RedSeal Professional Services can help customers advance in the following programs: Device Configuration Management: Gain detailed awareness of every endpoint configuration and its alignment with intended policies, and view changes. Network Security Access Analysis: Understand every factor that affects overall network-wide protection and its role across the larger security infrastructure. Continuous Policy Compliance: Maintain constant visibility into state of compliance via targeted assessment and monitoring of mandated controls. Context for Vulnerabilities and Risk: Location-aware intelligence of real-world exposure and mitigation to prioritize remediation based on access and criticality. Network Security Architecture Review and Assessment: Validate architecture design, controls and device configuration hardening. Health Check Services: Assess RedSeal deployment against best practices. 16
RedSeal Networks Global Customer Support RedSeal Global Customer Support offers a variety of programs to assist customers in driving optimal ROI in their use of our solution. Our worldwide support team is available around the clock to offer in-depth guidance and expertise in the effective use of everything from basic features to advanced customization, including design, integration and troubleshooting. Our multi-tiered approach to support offers a plan for every budget with consistent worldwide delivery. Featuring 24x7x365 assistance for all customers and even the option to have your very own RedSeal customer support expert on site for six months or as long as one year, our Premium Plus, Premium 24x7 and Basic 24x7 Support Programs enable customers to select the appropriate level of expertise needed to meet their specific requirements. Basic 24x7 Support Premium 24x7 Support Premium Plus Support Access to RedSeal Customer Support with four hour initial response Five business day RMA appliance replacement Access to training material on the RedSeal customer support portal Monthly RedSeal Straight Talk Customer Newsletter Access to RedSeal Customer Support with one hour initial response An assigned Customer Support Engineer & bi-monthly review calls Two business day RMA appliance replacement Defined escalation plan with proactive resolution Six or twelve month engagements with full-time on-premises support expertise Premium 24x7 response and service available whenever requested 17
HARDWARE REQUIREMENTS The RedSeal 6 Platform is available either as a hardened RedSeal appliance or as a software package that meets the following hardware requirements: OS Server Requirements Windows 2003 or 2008 Enterprise Server 64 bit; Oracle JRE 7 update 6 Client Requirements Microsoft Windows 7 or Windows XP SP3; Oracle JRE 7 update 6 RAM 8 GB 128 GB+, depending on network complexity 2 GB+ CPU 2 cores 16 cores, depending on network complexity Disk 500 GB to 1 TB+ 18
Configuration Management Systems BMC Network Automation v8.2.0 F5 Enterprise Manager v2.1.0, 2.2.0, 2.3.0 Network Devices Aruba Mobile Controller Brocade BigIron/FastIron v8.0 Brocade ServerIron XL v7.5 Check Point Provider-1 R65, R70, R71, R75 Check Point VPN-1 Power & VPN-1 UTM R65, R70, R71, R75 Cisco ACE A4 (2.1) Cisco ASA v8.x HP Network Automation v7.6, 9.0, 9.1 Solarwinds Orion NCM v6.0 Cisco FWSM v2-4 Cisco IOS v11.0-15.0 Cisco NX-OS v5.1 Cisco PIX v6.3 and v7-8 Cisco VPN3000 v4 Cisco Aironet v12.3 and v12.4t(5) Citrix NetScaler v9.2 F5 BigIP v10.2 Tripwire Enterprise v8.0 Fortinet FortiOS v4.0 Juniper Netscreen ScreenOS v6 Juniper JunOS v8.5, 9.3, 10.0, 10.1, 10.4, 11, 12 McAfee Firewall Enterprise (Sidewinder) v7.0.1, 8.1.2, 8.2.0, 8.2.1 Palo Alto Networks v4.5, 4.7, 4.10, 4.11 Radware Alteon v26.x, 28.x Security Information Event Management Systems Cisco Security Manager v4.1 McAfee epolicy Orchestrator v4.5 HP ArcSight ESM McAfee NitroSecurity SIEM Vulnerability Assessment Scanners Symantec Control Compliance Suite eeye REM v3.7.9 McAfee Vulnerability Manager v7.01 ncircle IP360 v6.8.9 Qualys QualysGuard v6.15 Rapid7 NeXpose v4.12 Tenable Nessus v4.2, 4.4, 5.0 To see the latest list, please go to www.redsealnetworks.com/products/plugins. 19
The RedSeal 6 Platform solves many important IT and security challenges, including: Complete end-to-end network visibility including wireless networks Automation of device infrastructure audit & validation Cost-effective continuous compliance Context aware vulnerability remediation prioritization Automated assessment of change Predictive threat modeling Security effectiveness metrics with trending Simplifies the determination and acceptance of risk
About RedSeal Networks, Inc. RedSeal Networks is the leading provider of security risk management solutions for cyber attack prevention. Using patented network visualization and predictive threat modeling, RedSeal provides the most complete picture of risk from cyber attacks. The RedSeal Platform delivers the industry s most powerful network security insights, illuminates network security dark space and enables enterprises to continuously monitor controls. The world s largest government and commercial organizations use RedSeal to prioritize vulnerability remediation efforts, dramatically cut compliance costs and optimize their security architectures. For more information visit www.redsealnetworks.com.
For more information visit www.redsealnetworks.com. RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa Clara, 95054 (888) 845-8169 info@redsealnetworks.com www.redsealnetworks.com 2013 RedSeal Networks, Inc. All rights reserved. RedSeal and the RedSeal logo are trademarks of RedSeal Networks, Inc. RS-BR001-073012-23