RedSeal offers powerful, passive network protection

The RedSeal appliance doesn't actually fix anything on its own, but it does act as a force multiplier for every other security device within a network.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

When CSO's sister site Network World conducted its firewall manager review, the original plan was to invite RedSeal to participate. The problem was that while RedSeal originally did manage firewalls, their product has now evolved into something else. RedSeal shares some similarities to firewall managers, but is now in a separate, unique product group. We tested the RedSeal appliance to see where it fits into cybersecurity defenses.

RedSeal today is a digital resilience platform designed to discover all network vulnerabilities, including those that go around firewalls, and map attack vectors so they can be fixed. It also tracks network health and provides an overall vulnerability score that can be monitored by either executives or IT staff.

Deployed as a physical or virtual appliance, it’s unique in cybersecurity in that it is designed to work completely offline, with technicians either feeding it information physically at regular intervals, or by allowing it to collect data from other security appliances at regular intervals, and remain offline and disconnected at all other times. This is done as much as a security precaution as anything else, though you do get the advantage of not having RedSeal take up network bandwidth and resources.

In terms of security, users are basically giving RedSeal the keys to their kingdom, allowing an internal device to accurately plot all possible attack vectors through a network from the inside. If an attacker could compromise a RedSeal box, they would have a perfect roadmap not only telling them how to attack, but where to go to get the exact data they want. So, it’s best to keep the appliance out of line with regular traffic, or air gaped and not connected at all.

Network mapping

RedSeal can accept configurations and reports from firewalls – including their rule sets, routers and switches, software-defined networking rules and cloud configurations, information from network load balancers, mobile device controllers and any vulnerability data collected by other appliances such as scanners and the SOC.

Once collected, RedSeal maps out the entire network architecture including every path and possible path between devices. This map can be extremely extensive. On our test network, it mapped about 100 systems, but the company provided maps it has made of global networks with thousands of devices.

To continue reading this article register now