FAST FORWARD YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE VISUALIZE COMPLY PROTECT RedSeal Networks, Inc. 3965 Freedom Circle, 8th Floor, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888) 845-8169 www.redsealnetworks.com
REDSEAL NETWORK ADVISOR 5 Continuous Network Security Monitoring KEY BENEFITS CONTINUOUS NETWORK SECURITY MONITORING RedSeal continuously verifies that your network is enforcing the security that you need. IMPROVED NETWORK SECURITY OPERATIONS RedSeal automatically isolates the firewall changes needed to open or close access and cleans up complex rule bases. REDUCED AUDIT RISK & EFFORT RedSeal automates control testing and demonstrates that your network security complies with regulations and internal policies. The network. It s the first line of defense for your organization s information. Every year, companies spend billions of dollars on firewalls, proxies, routers and other devices to prevent unauthorized access to their network. And yet security breaches are still depressingly routine. Why? In most large organizations, firewall rulesets and ACLs have grown far too complex for a single human to understand. In fact, 91 percent of firewall administrators believe an error has been introduced into their ruleset in the last month. And unlike errors that provide too little access, the phone doesn t ring when an error results in too much access until it is too late. Even so, most organizations make rule changes weekly, with little assurance of their accuracy other than a manual approval and an annual audit. RedSeal Network Advisor is security posture management software for your enterprise network. Every day, it gathers the configurations of all your network devices: firewalls, routers, load balancers, and more. It analyzes how the rules on all of these devices work together to defend business assets on your network. And it validates this access control against both regulations and your own security policies. The result: you get the security you expected when you invested in all those devices in the first place. With RedSeal, you ll know precisely what access is allowed from the internet and extranet, between security zones, and to all of your critical systems. Spot inadvertent or malicious exposure in minutes not when you have your next audit or breach. Demonstrate your security to auditors, customers and management. And, most importantly, ensure the safety of your critical business information and systems. PRODUCT OVERVIEW RedSeal Network Advisor & Vulnerability Advisor 5 2
CONTINUOUSLY MONITOR NETWORK SECURITY COMPREHENSIVELY ANALYZE NETWORK-WIDE ACCESS To be confident in your network security, you need to know exactly what access is and is not allowed throughout you infrastructure. RedSeal automatically collects the configuration files for all of your network devices and analyzes how they all work together. First, it creates an accurate map of your network so you know how everything is connected. Then RedSeal calculates the access permitted between every two points in your infrastructure. By clicking anywhere on the map, you ll instantly see what access is permitted to and from that point to every other point in your network. MEASURE NETWORK SECURITY PERFORMANCE Proper management of network security performance requires accurate measurement of its effectiveness. RedSeal automatically calculates network security metrics as part of every analysis. Each metric is tracked over time making it easy to demonstrate return on investment and quickly detect changes that create new risks. Users can also drill into each metric to determine the root cause of any changes. RedSeal provides a series of metrics and dashboards out-of-the-box and you can create your own. In this screen shot, RedSeal shows every subnet that can access the datacenter. Click on a line for details of the allowed flows. UNDERSTAND ACCESS BETWEEN SECURITY ZONES To deliver defense-in-depth, many organizations architect their network into security zones and control access between them. RedSeal allows you to group subnets and systems into zones and automatically calculates the access enabled between them. With this capability, you can instantly identify if their is unwanted access between security zones. CONTINUOUSLY VALIDATE ACCESS CONTROL POLICIES Regulatory mandates, such as PCI DSS, SOX, FISMA, HIPAA and NERC CIP, incorporate specific requirements for network security. Internal security policies supplement these external mandates with additional restrictions on network-level access. With RedSeal, you can define policies for what traffic should be permitted or denied between security zones. RedSeal automatically validates that your network configuration actually enforces these policies, enabling you to continuously maintain compliance. Plus, RedSeal s policy engine documents justifications for access and supports time-limited exceptions, ensuring that temporarily authorized access does not inadvertently become permanent. RedSeal trends network security metrics over time. Click any of the links at the bottom to see details. VERIFY DEVICE CONFIGURATION POLICIES In addition to access rules, many other configuration parameters of network devices can impact your security. By comparing each device configuration against over 100 best practices, RedSeal automatically verifies that all of your devices are configured to meet industry best practices. In addition, RedSeal enforces your internal policies by verifying that configurations comply with custom criteria. In this screen shot, RedSeal shows every subnet that can access the datacenter. Click on a line for details of the allowed flows. 3
IMPROVE NETWORK SECURITY OPERATIONS OPTIMIZE THE RULEBASE ON FIREWALLS & ROUTERS Over time, firewall rules often become obsolete. As these unused rules accumulate, they increase the complexity of managing the firewall and pose potential security risks. RedSeal automatically evaluates firewalls and routers to determine rules that are unneeded and unused. It identifies rules that can be removed without changing the security function because they are disabled, time inactive or redundant. For rules that are active, RedSeal reports on the frequency and timeframe of each rule s use. This makes it easy to identify rules that are no longer being used, as well as improve performance by reordering the rulebase. RELIABLY ENABLE ACCESS TO APPLICATIONS Requests to enable end-to-end access often require changes in multiple network devices. RedSeal analyzes each access request to determine the devices required to provide that access. It then identifies which devices (if any) are currently blocking the desired access and pinpoints the specific rules and ACLs that require change. This reduces fire drills during the change window and ensures that the requested access will be reliably enabled. RedSeal identifies configurations that violate policy. Select a violation and RedSeal will highlight its location in the configuration. ISOLATE CAUSES OF UNWANTED ACCESS In a complex network, it is very difficult to determine what devices and rules are responsible for unwanted access. RedSeal automatically identifies the set of devices that collectively enable access between any two points in your network. Within the devices, it even pinpoints the exact rules that enable the traffic flow. INITIATE, TRACK AND VERIFY TROUBLE TICKETS Once you have decided to take action, RedSeal makes it easy to assign a task and ensure that it is correctly completed. By clicking on any policy violation, RedSeal automatically opens a trouble ticket in the BMC Remedy Action Request System. From within RedSeal, you can view and track the status of the ticket as it is assigned and resolved. And, once the ticket is closed in Remedy, RedSeal will verify that the policy violation has actually been addressed before marking it complete. RedSeal identifies rules that are never or infrequently used to reduce rulebase complexity. ADDRESS AUDITOR CONCERNS & AVOID FINDINGS Demonstrating compliance to the never-ending stream of security auditors consumes significant time and resources from your team. RedSeal s policy validation capabilities automate control testing, reducing the risk of findings in your audits. In addition, RedSeal s reports detail your controls and validate that they are operating as intended. And because RedSeal software itself is an automated control, auditors often require significantly less sampling to sign off on your security, saving your organization time and expense. RedSeal pinpoints the devices and rules that both enable and block access between any two points on your network. PRODUCT OVERVIEW RedSeal Network Advisor & Vulnerability Advisor 5 4
REDSEAL VULNERABILITY ADVISOR 5 Vulnerability Risk Management KEY BENEFITS Most large enterprises identify thousands of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is the easy part figuring out which vulnerabilities truly matter is the real challenge: IDENTIFY VULNERABILITIES REQUIRING IMMEDIATE ACTION RedSeal automatically prioritizes all vulnerabilities based on risk posed to the enterprise. SPECIFY NETWORK MITIGATION OPTIONS RedSeal automatically discovers the exact network path, devices and rules that expose a vulnerable host. ASSESS THE RISK OF CHANGE REQUESTS RedSeal evaluates the security impact of a requested change, before the change is implemented. PINPOINT AREAS TO SCAN RedSeal identifies the areas of your network that require scanning because of exposure to untrusted networks. KNOW WHEN TO SCAN RedSeal identifies applications and services that require scanning because of new vulnerabilities. Is critical financial information at risk because a vulnerability is exposed to the Internet or extranet? Has a vulnerability already been effectively mitigated with net work level controls? Do vulnerabilities in minor systems allow a hacker to leapfrog to more critical systems? Prioritizing remediation efforts is key to effective vulnerability management. Unfortunately, the prioritization offered by scanners doesn t take into account the exposure and protection provided by your network infrastructure. RedSeal Vulnerability Advisor transforms scanning into actionable vulnerability management. It gathers the configurations of all your network devices firwalls, routers, load balancers, wireless access points, and more and combines this information with your vulnerability scans. It identifies where vulnerabilities are exposed to untrusted networks and generates a prioritized list of the vulnerabilities that cause the greatest business risk. Finally, RedSeal identifies gaps in your scanning so you know where to extend coverage to be secure. With RedSeal Vulnerability Advisor, you ll know exactly which vulnerabilities require immediate action and what action to take. You ll gain assurance that your scanning activities are comprehensive enough to truly identify the risks to your business. You ll demonstrate to your auditors and management team that your vulnerability management process complies with regulations and policy. And, most importantly, you ll be confident that you are effectively protecting your critical systems and information. 5
ACT ON EXPOSED VULNERABILITIES QUICKLY AUTOMATICALLY PRIORITIZE REMEDIATION EFFORTS The most daunting challenge facing your security team is not executing a vulnerability scan, but knowing what to do with the scan results. Where do you start when faced with thousands of vulnerabilities? How do you determine which vulnerabilities present enough business risk that they require remediation outside your normal patch process? RedSeal automatically prioritizes vulnerabilities by analyzing them in the context of your network access. To identify the most critical vulnerabilities, RedSeal evaluates: Direct exposure of a vulnerability to untrusted networks Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts The potential for a vulnerability to allow an attacker to leapfrog deeper into the network RedSeal shows every subnet that can be attacked from the Internet or extranet. Click on a threat vector for details of the exposed vulnerability. The business value of the vulnerable host The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS) With RedSeal, you ll know which vulnerabilities require immediate action and will be able to justify this action to your operations group. You ll have comprehensive reports of all of your vulnerabilities prioritized by upstream exposure, downstream risk and overall risk to your business. MEASURE VULNERABILITY RISK MANAGEMENT PERFORMANCE Ensuring risk reduction efforts are effective requires constant measurement. RedSeal automatically calculates vulnerability risk metrics as part of every analysis. Each metric is tracked over time making it easy to demonstrate return on investment and quickly detect changes that create new risks. Users can also drill into each metric to determine the root cause of any changes. RedSeal provides a series of metrics and dashboards out-of-the-box and you can create your own. RedSeal provides dashboards for tracking risk metrics. Select a metric to drill-down into the details. ASSESS THE RISK OF CHANGE REQUESTS Change requests often require network operators to open new access holes through the network security infrastructure. RedSeal allows the operations team to evaluate the security impact of the request before implementing it. RedSeal identifies if the change will expose any vulnerabilities as well as if newly exposed systems could act as launching points for attacks deeper into the network. IDENTIFY NETWORK MITIGATION OPTIONS Frequently, vulnerable systems cannot be taken offline for patching due to business availability requirements. With RedSeal you can eliminate unnecessary network exposure of a vulnerability, reducing risk until the vulnerability can be remediated during the next patch window. RedSeal automatically identifies every device and rule that expose the vulnerability to untrusted networks. In addition to patching options, your security team can easily mitigate the vulnerability by changing these rules to eliminate the exposure. RedSeal assesses the risk of change requests before the change is made, highlighting both potential direct vulnerability exposure and downstream risk. PRODUCT OVERVIEW RedSeal Network Advisor & Vulnerability Advisor 5 6
INITIATE, TRACK AND VERIFY TROUBLE TICKETS Once you have decided to take action, RedSeal makes it easy to assign tasks and ensure they are correctly completed. By clicking on any vulnerability, you can open a trouble ticket in the BMC Remedy Action Request System. Within RedSeal, you can view and track the status of the ticket as it is assigned and resolved. And, once the ticket is closed in Remedy, RedSeal will verify that the vulnerability has actually been remediated. IMPROVE YOUR VULNERABILITY MANAGEMENT VALIDATE COMPLETE SCAN COVERAGE Given the size and complexity of networks, identifying network segments that require vulnerability scanning is a daunting challenge. RedSeal automatically assures that your scan coverage is comprehensive enough to find high risk vulnerabilities. RedSeal pinpoints areas of your network that are exposed to untrusted networks but that have not been scanned. RedSeal will also prioritize those unscanned areas that could enable attacks deeper into your infrastructure. RedSeal identifies the exact devices and rules that expose a vulnerability making it easy to mitigate with a network control. VERIFY VULNERABILITY ASSESSMENT IS UP-TO-DATE Vulnerability scanning is an intrusive process that can cause system outages, so security teams usually scan only when absolutely necessary. With RedSeal, you ll be able to minimize scanning and still keep your systems secure. RedSeal automatically identifies hosts where scanning may be out-of-date. When a new application vulnerability is added to the National Vulnerability Database, RedSeal pinpoints systems where that application is exposed and flags those hosts for re-scanning. The RedSeal risk map highlights exposed, un-scanned subnets in red. The risk map is a dynamic heat map for analyzing threat and risk data. ADDRESS AUDITOR CONCERNS & AVOID FINDINGS Demonstrating compliance to the never-ending stream of security audits consumes significant time and effort from security teams. RedSeal s automated control testing enables defensible decision making by your organization, which will reduce findings. Additionally, RedSeal s reports demonstrate effective management of business risk and prove that compensating controls effectively mitigate vulnerabilities. 7
HARDWARE REQUIREMENTS You can purchase RedSeal software pre-loaded on a hardened RedSeal appliance or install the software on your own hardware that meets these requirements. SERVER REQUIREMENTS Windows 2003 or 2008 Enterprise Server 64 bit Sun JRE 6 CPU: 2 cores 16 cores, depending on network complexity RAM: 8 GB 128 GB, depending on network complexity Disk: 250 GB minimum CLIENT REQUIREMENTS Microsoft Windows 7 or Windows XP SP3 Sun JRE 6 update 17 RAM: 2 GB DEVICE & SYSTEM SUPPORT RedSeal has built-in support for the following network devices, vulnerability scanners and other systems. RedSeal Professional Services can provide additional support. NETWORK DEVICES Arista EOS v4.7 Brocade BigIron/FastIron v8 Brocade ServerIron XL v7.5 Check Point Provider-1 R75, R71, R70, R65 Check Point VPN-1 Power & VPN-1 UTM R75, R71, R70, R65 Check Point VPN-1 Power VSX R75, R71, R70, R65 Cisco ACE va4 Cisco ASA 8.4 Cisco FWSM v3-4 Cisco IOS v11.0-15.0 Cisco NX-OS v5.1 Cisco PIX v7-8 Cisco VPN3000 v4 Cisco Aironet v12.3 and v12.4t(5) Citrix NetScaler v9.2 F5 BigIP v10.2 Fortinet FortiOS v4.0 Juniper Netscreen ScreenOS v6 Juniper JunOS v8.5, 9.3, 10.0, 10.1, 10.4 McAfee Enterprise Firewall v7 (Sidewinder) VULNERABILITY SCANNERS eeye REM v3.7.9 McAfee Vulnerability Manager v7.0.1 ncircle IP360 v6.8.9 Qualys QualysGuard v6.15 Rapid7 NeXpose v4.12 Tenable Nessus v4.2 TROUBLE TICKET SYSTEMS BMC Remedy Action Request System v7.5 BMC Remedy Service Desk Problem Management v7.0.3 CONFIGURATION MANAGEMENT SYSTEMS HP Network Automation v9.0 Solarwinds Orion NCM v6.0 Tripwire Enterprise v8.0 SECURITY MANAGEMENT SYSTEMS McAfee epolicy Orchestrator v4.5 Copyright 2011 RedSeal Systems, Inc. All rights reserved. RedSeal and the RedSeal logo are trademarks of RedSeal Networks, Inc. RedSeal Networks, Inc. 3965 Freedom Circle, 8th Floor, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888) 845-8169 www.redsealnetworks.com