RedSeal Systems RedSeal Security Risk Manager
- SRM creates a visualisation of high-value, at-risk assets; it adds critical security management functions to a business's administration suite
- RedSeal SRM licence request system is a bit awkward to obtain; it only runs on Windows; expensive
RedSeal's Security Risk Manager performs rapid and accurate analysis of network risk. Combining device configuration data with vulnerability data and other information, SRM creates a visual map of high-value, high-risk assets, and provides a collection of views and reports that help you zero in on the most effective path to mitigation. RedSeal SRM isn't cheap, but any organisation with valuable network assets would be well served to implement it.
Price$ 25,000.00 (AUD)
Just this week while we were on-site, an IT services company serving a client of ours asked for our help. They needed to know where to put their efforts in securing information. Their customers are varied, with a range of systems and connectivity. For each infrastructure, they wanted to know, where are the highest risks? In one case, there are two connections to the Internet, remote access, mobile users, and a complex web of systems and networks, some with external data sharing.
Where should they focus first?
Fortunately, tools are emerging to automate the analysis. Recently, we tested RedSeal Systems' Security Risk Manager (SRM), which gives analysts and IT managers visual access to the risk state of their information technology.
Originally an appliance-based solution, SRM has become software-only. One version is available on a USB flash drive, allowing consultants and others who require a fully portable analysis system access to all of the benefits of the system – and there are many.
With the growth of both the importance and the complexity of information technology within an enterprise, the implications for protecting and then managing the security of those systems are great. The challenge in doing that is very high, as well.
For example, the ACLs (access control lists) on a router will determine the kind of traffic that can flow through it to a system. A change in those ACLs will alter the risk profile of all systems connected to the networks that the router joins. Multiply this kind of issue across all of the routers, switches, and wireless LAN access points, together with the client and server operating systems, applications, and their patch levels, and the task seems overwhelming.
Managing risk information
Security Risk Manager takes the configuration information from your infrastructure either by capturing it via SNMP from the devices themselves or by having the configuration files fed to the system. Then, using risk analysis that adjusts to the overall configuration (an approach that RedSeal has trademarked as "Adaptive Risk Analysis"), SRM analyses the interplay and creates a unified network view similar to what a network management system would show. Expanding on the information in that network map, it augments it with analysis of the best devices to remediate together with suggested solutions for each device.
Beyond the logical network view of the situation, SRM further creates a visualisation of high-value, at-risk assets. Using a matrix of values such as the exposure of the asset, the vulnerability, the severity of the vulnerability, confirmation of the vulnerability, impact, and whether or not a patch is available, standard and customised views of the risk profile of the complete infrastructure emerge quickly. Using size, shape, and clustering, the network risk overview provides a ready reference for the areas of necessary focus for IT staff.
When we first saw the system in its early development, we were intrigued and excited by the potential, both for internal IT organisations and for consultants and services companies. The appliance-based product was less attractive for services organisations, so the shift in the product delivery strategy was welcome. Furthermore, RedSeal has continued to refine the system and add support for additional devices.
Testing in two environments
We tested Security Risk Manager in two environments. The first was a small test infrastructure in our lab. The second used a large test database that RedSeal provided at our request from its test lab. Our purpose in testing this second database was to review the impact of size and complexity on SRM's ability to deliver its benefits.
We ran SRM on our 2.33GHz Intel Core 2 Duo MacBook Pro with 3GB of memory under a Windows XP guest operating system using Parallels with 1GB of memory allocated to it. Although SRM is a Java application, it is currently available only for Windows XP and Vista.
When you first launch RedSeal SRM, you capture a licence request file that you then send to RedSeal. By return e-mail, you receive a licence text file that you input into the SRM. Given all of the options available for licensing software, this was one of the more awkward methods that we have seen. Systems like The Blue Technologies Group's licence or other Internet-based interactive licensing systems are much more user-friendly and easy to move around. This seems especially important for applications such as the SRM.
That said, this licence issue is one of only two complaints we have about the system, and it's a relatively minor one. Our second complaint, also not major, is that SRM runs only on Windows.
Managing large infrastructures
Once licensed, the system is ready for use. We pointed it at devices with our SNMP read-only strings, and it quickly captured the configuration information for all of them. It drew a map of the network, outlined the devices most at risk, gave us a table of the devices, and created the network risk map. The SRM quickly determined which of the devices warranted configuration changes and which related systems were impacted, and it gave us the insights we would need to further protect the environment. It was able to find some implications that we hadn't considered, as well.
The real test was the large database, however. When an infrastructure exceeds more than a handful of devices, the interactions become too complex and dynamic for effective analysis. Using SRM, though, we could quickly see where we need to concentrate our efforts. The different views allowed us to drill in on the most vulnerable, highest-risk zones, and decide our most effective path to reducing the overall risk of the infrastructure. In other words, we could quickly narrow our focus to the area where remediation would have the highest impact. That is one of the biggest challenges in security management, and RedSeal addresses it well.
A solid service
Business has learned that visualisation tools enable rapid analysis for assessment and decision-making. Applying these technologies to the analysis of security risk and mitigation is a high-return area of technology management, and RedSeal's Security Risk Manager performs the service extremely well. Although the RedSeal product isn't cheap, organisations with networks large enough to take advantage of SRM should find it an affordable way to add critical security management functions to their administration suite. Any organisation with more than a few devices, and sufficient means, would be well served to implement it as a core to its overall security management infrastructure.
Join the newsletter!
Apple iPhone X
SanDisk MicroSDXC™ for Nintendo® Switch™
cloudandco Smart Cane
Panasonic OLED 4K Ultra HD TV - TH-77EZ1000U
Nespresso Creatista Coffee Machine
Panasonic OLED 4K Ultra HD TV - TH-55EZ950U
WD MY PASSPORT™ X Gaming Storage
Bang and Olufsen BeoVision 14
Dyson Supersonic™ Hair Dryer Fuchsia/Iron
WD MY PASSPORT™ Gaming Storage
Toys for Boys
LaCie Rugged USB-C Portable Hard Drive
Onyx Smart Walkie Talkie
Google Daydream View VR Headset
Bose SoundLink Micro
UBTech First Order Stormtrooper Robot
Propel Star Wars T-65 X-Wing Drone
Ubiquiti Network’s Front Row Camera
Leica M10 Digital Rangefinder Camera
Lego Mindstorms EV3
iRobot Roomba 980 Vaccum Cleaning Robot
Toffee Bags Commuter Satchel
Xbox One X
PETKIG Go Smart Dog Leash
Nest Protect Smart Smoke Alarm
Belkin Pocket Power 10,000mAh
Panasonic Hi-Fi - SC-UA7GS-K
WD MY CLOUD™ HOME Personal Cloud Storage
Amazon Echo Bluetooth Speaker
Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K
Dearear Endear In-ear Wireless Earphones
Logitech Doodle Collection Wireless Mouse
Fallout Geeki Tikis
Lexon Flip Alarm Clock
Kogan Bluetooth Soundbar
Urbanworx Full HD Action Camera
3SIXT 3-in-1 Smartphone Lens Kit
Tile Pro Bluetooth Tracker
Razer DeathAdder Expert Ergonomic Gaming Mouse
Panasonic Portable Splashproof Fun - RF-D20U
Ikea NORDMÄRKE Wireless Charging Pad
Raspberry Pi Starter Kit
Most Popular Reviews
- 1 LG 65E7T Ultra HD OLED TV review: The South Korean thoroughbred is still first past the post
- 2 Hisense takes the fight to home entertainment heavyweights with flagship Series 8 and 9 ULED TVs
- 3 Sony's latest Ultra HD OLED debuts in Australia
- 4 Panasonic Ultra HD OLED TV Review
- 5 D-Link Omna 180 Cam HD DSH-C310 review
Latest News Articles
- Amazon Alexa and Echo set for Febuary launch
- Officeworks hops on voice interface bandwagon with Google Assistant integration
- Amazon confirms early 2018 Australian launch for Alexa and Echo
- JBL join smart speaker arena with the portable, waterproof and (Google-powered) JBL Link range
- University of Sydney Signs World-First Agreement with Dropbox
PCW Evaluation Team
I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.
It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.
Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.
The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.
The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.
The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic
- CES 2018: Belkin go big on wearables accessories and wireless charging
- OPPO Load Up A73 Smartphone With Flagship Features
- CES 2018
- Which flagship TV is best? Sony 4K HDR Bravia 2016 versus LG 4K HDR OLED 2016
- 10 Blu-ray movies / Best looking Blu-ray movies
- FTBusiness ConsultantOther
- TPICT Project ManagerWA
- CCProject ManagerNSW
- CCDigital Project Manager - AdobeVIC
- FTFront End DeveloperOther
- CCSenior DevOps ManagerVIC
- FTTM1 Application Management AnalystOther
- FTNetwork Engineers- Transmission, IP Core and ITOther
- CCHadoop DeveloperVIC
- FTDesktop EngineerOther
- CCDynamics CRM Functional Consultant - BrisbaneOther
- FTIntegration SpecialistACT
- FTSenior Java DeveloperOther
- FTSecurity ArchitectNSW
- FTTeam Leader - Service Desk (Internal Customers)SA
- FTFull stack DeveloperOther
- FT.Net Full-stack DeveloperOther
- CCFront-End DeveloperNSW
- FTPHP Developer (Codeigniter / Cake)VIC
- TPQuality ManagerQLD
- CCCyber Security Team/stream LeadVIC
- CCNetwork EngineerNSW
- CCJunior Cyber Security AnalystACT
- FTLead Business AnalystOther
- TPSenior Project Manager - Risk & ComplianceNSW