Security risk management vendor RedSeal Networks wants to shine a light on blind spots in IT networks using big data analytics.
In the latest release of the RedSeal Platform, version 6.5, the vendor addresses "dark space" – a term meant to describe the parts of the network infrastructure that is unmanaged, unmonitored and unseen by security tools because security administrators are unaware of its existence. With RedSeal 6.5, the company looks to solve this issue by enabling users to see a complete map of their infrastructure.
Network security dark space is any network infrastructure that doesn't appear in the "golden store" of configuration data, including firewalls, routers, proxies, load balancers, endpoints and hosts. In a highly complex network with tens of thousands of nodes, this represents a massive challenge for organizations, with as much as 18 percent of enterprise networks existing as network dark space.
"What we do is we look at the configuration repository, the so-called Golden Store and show that, well, in fact it is not golden," said Dr. Mike Lloyd, chief technology officer at RedSeal.
In line with this, the company has expanded the features on its platform to include more than 60 new features such as support for bring-your-own-device (BYOD) initiatives and deeper risk metrics. RedSeal 6.5 also includes integration into three of the leading Security Information and Event Management (SIEM) systems: HP ArcSight, McAfee Enterprise Security Manager and IBM Q1.
RedSeal is also extending its security risk management capabilities to visualize and monitor access policy for wireless network controllers. Support for wireless network controllers extends visibility to constantly changing WiFi endpoints. In addition, RedSeal 6.5 uses analytics for proactive threat mitigation include Common Configuration Enumeration (CCE) scores to identify host configuration risks. It also generates vulnerability scores to identify the highest risk systems.
Security professionals often talk about situational awareness because they rarely have a full understanding of what's happening on the network, said Jon Oltsik, senior principal analyst with Enterprise Strategy Group.
"Issues tend to include the assets accessing the network (i.e. endpoints, mobile devices, printers, etc.), the current configurations of these assets, common behavior of these assets, privileged user access/behavior toward these assets, etc," he said. "Another term you hear more frequently is 'continuous monitoring.' This process is intended to bridge the gaps described above by gathering data about assets, network status and behavior in real-time."
Legacy network discovery tools, he said, do not provide the detail or context needed today.
"For example, when you discover that a rogue asset is on the network and it is communicating with an unknown IP address, you may know very little about the asset, the IP address, who is using it, how long it has been on the network, what internal assets it regularly communicates with, etc.," he said. "It’s not that we don’t have tools for some of these needs. It’s that we don’t have tools for all of these needs."
In an ideal world, organizations should be able to look at their network and close any gaps, but the reality is most organizations have important assets that are out of sight, not properly monitored and are not tracked, said Parveen Jain, president and CEO of RedSeal Networks.
“You can’t protect what you can’t see. RedSeal 6.5 helps our customers find the unknown parts of their network and visualize risk to proactively prevent cyber-attacks," he said in a statement.
The RedSeal 6.5 Platform is available immediately.