Product review: RedSeal Systems' RedSeal Security Risk Manager

Your network produces a flood of information that could tell you where your business is at greatest risk. But how do you sort through it all and determine exactly how your critical assets are threatened?

RedSeal's Security Risk Manager (SRM) enables security administrators to model and manage threats to those corporate assets and network infrastructure. The appliance transforms network device configurations, vulnerability data and system value ratings into a graphical view that shows how systems can be compromised.

SRM generates risk and threat maps based on imported device configurations and vulnerability data. SRM supports popular network devices out of the box, including Cisco IOS, Cisco PIX5/6/7, Juniper ScreenOS and Check Point Firewall-1/VPN-1 NGX, as well as vulnerability sources such as Nessus and QualysGuard. Other devices can be imported with the help of RedSeal, or by creating an XML schema. Device and vulnerability data can be imported manually, or SRM can retrieve it directly from the devices or a central repository through a variety of means (FTP, SSH, HTTP/S, Telnet, CVS).

You can assign values (from 1-100) to systems to help determine where your company is at greatest risk. SRM uses this data to generate risk and threat maps.

The threat map is similar to the inventory map, but includes threat calculations based on exposure and business value, modeling how an attacker might get to a system, and through which vulnerabilities. You can pick any point in your network to see which systems can talk to this system, or what systems your selected system can see. A "heat box" style risk map shows which systems are at greatest risks and establishes mitigation priorities.

The threat map showed us systems at risk, such as firewalls allowing improper traffic, or systems that had severe vulnerabilities. After correcting the issues and reloading the data, we could regenerate the maps and see that the issues were mitigated. For instance, SRM showed that a high-value internal database server could be attacked from an FTP vulnerability on an external server. After the issue with the FTP server was mitigated, SRM showed that the database server was no longer threatened.

Testing methodology: We tested the RedSeal SRM appliance using RedSeal-provided data that modeled a network containing a mixture of network devices, and vulnerability data, in addition to data generated in our lab.