Risk Management Software identifies threats to network.

Press Release Summary:



Security Risk Manager 3000 (SRM 3000) uses Adaptive Risk Analysis(TM) technology to provide visualization of risk exposure and remediation guidance with subset of router and firewall data. Using RiskMap(TM) visual layout, targeted network areas and business assets are located. Software analyzes and models complex networks and hosts to give actionable information for mitigating exposure of business assets and provides audit trail of security performance.



Original Press Release:



RedSeal Introduces Groundbreaking Security Risk Manager for Visualizing, Quantifying and Mitigating Risk



RedSeal's SRM 3000 Utilizes Adaptive Risk Analysis (ARA(TM)) to Provide Immediate Proactive Security Risk Management Starting with Only Router and Firewall Data

SAN MATEO, Calif., June 12 / -- RedSeal Systems, Inc., a developer of innovative security risk management software, today announced the introduction of its Security Risk Manager 3000 (SRM 3000) system to visualize, measure and proactively mitigate security risk for unified and measurable insight into network security and its effectiveness. With RedSeal's SRM 3000, IT professionals are able to measure security and business risk, pinpoint threats and exposures and gain actionable information to improve the day-to-day security posture of the network, reduce workload and report on compliance.

RedSeal's SRM 3000 is the first security management product to illustrate risk exposure and prioritize remediation using Adaptive Risk Analysis (ARA(TM)). This breakthrough technology generates initial actionable results even with a subset of router and firewall data, and then provides an easy-to-use path for adding more information on the as-built security posture of the environment. The additional information can include application flow data, patch history, and vulnerability scans. RedSeal gives enterprises of any size a never before seen view of their infrastructure -- a visualization of risk exposure and concise guidance on where and when to remediate.

"A typical network and security environment comprises many layers of technology, so maintaining your security posture through threat outbreaks and changes is often complicated when imposed with strict compliance standards," said Ken Pfeil, Coauthor of "Network Security Assessment - From Vulnerability to Patch." "Of the solutions I have evaluated, the RedSeal SRM solution has been unique in automating both network configuration checking, as well as threat mitigation. Within a network, RedSeal can help prioritize where to patch and block and gives the necessary documentation needed as record of your security profile."

RedSeal has taken an open, vendor-agnostic approach to SRM, allowing it to be easily adapted to almost any customer environment regardless of installed technology. It provides organizations of all sizes with a practical, easy to implement way of quantifying network security. RedSeal's SRM 3000 analyzes and models complex networks and hosts to give actionable information for mitigating exposure of high-valued business assets, in most cases within minutes. Additionally, it tracks the security posture of the network over time, providing a thorough audit trail of security performance.

"Managing risk and complexity in large, networked security infrastructure is very difficult. One powerful approach to address this problem is the use of visualization," said Trent Henry, senior security analyst at Burton Group. "By gathering data from disparate architecture components and creating visual processes, dependencies and risk analyses, security teams and network operations groups can better predict and manage their IT infrastructure and trends that impact the business."

At the system's core is RedSeal's Adaptive Risk Analysis (ARA(TM)) engine that models and analyzes the configurations of complex networks and hosts, clearly identifying risk "hot spots." Displaying the ARA engine's modeling and analysis is RedSeal's unique RiskMap(TM) visual layout, designed with functional roles in mind, allowing users to quickly locate their network areas and key business assets that are the targets of threats and get precise guidance on the best places to eliminate exposure. The risk metrics and remediation information from RedSeal can be used daily to maintain security at optimal levels, while the system's reporting and auditing capabilities allow for tracking security efficiency thereby helping guide compliance efforts and future technology investment.

"RedSeal's solution is distinguished by its ease of deployment and use, yielding value in minutes," said Joel Evanier, RedSeal's chief executive officer. "We are very proud to introduce a significant evolution in this rapidly emerging product category and our innovations in risk computation remove technology prerequisites to deployment and allow us to bring SRM to every organization that is using firewalls and routers."

Key features and capabilities of RedSeal's SRM include:

(1) Risk quantification -- measures the network's risk posture based on calculation of the exposure and value of business assets. RedSeal's unique approach employs Adaptive Risk Analysis, a method by which the granularity of the output adjusts based on the amount of input to the system.

(2) Proactive mitigation -- compiles prioritized listing of vulnerabilities and misconfigurations to indicate where to remediate first to gain the greatest reduction in risk.

(3) Threat analysis -- displays graphically, one breach at a time, the multi-step path an exploit may take in penetrating critical business resources. The threat map is based on the traffic analysis, any host patch & vulnerability data, and RedSeal's own knowledge base of vulnerabilities and impacts.

(4) Network configuration checking -- verifies that the configuration details on devices such as routers and firewalls do not have unintended consequences, such as inadvertently allowing too much access, along with highlighting best practices.

(5) Traffic flow analysis -- computes the real-world permitted traffic which can be compared to security policy requirem

All Topics