How to Identify Your Most Urgent Security Network Vulnerabilities and Move Beyond a Host Centric Approach to Remediation
WHAT IS THIS TECHNOLOGY?
The necessity for an effective vulnerability management solution has grown ever greater over the last few years. Not only has the number of known vulnerabilities grown significantly over the years, but the severity and complexity has also. Companies cannot afford to neglect vulnerability management and still expect to successfully maintain system availability and protect sensitive data. As part of a defense-in-depth security strategy, it is necessary to take a proactive approach. Vulnerabilities and weaknesses need to be identified and addressed before they cause a security issue.
RedSeal Systems has taken an innovative approach to vulnerability management with its RedSeal SRM solution. Using RedSeal SRM’s advanced analysis engine, enterprises can quickly prioritize the results of a network vulnerability assessment scan, identify the hosts that are exposed to all untrusted networks, and determine the remediation steps that will provide the most impact to the security of the enterprise. RedSeal SRM’s analysis engine has two major components, the Network Map Analysis™, which analyzes all possible network traffic that is allowed and denied between all known points in the network, and the Threat Map Analysis™ which puts host and vulnerability data on top of the network to determine all of the possible attack (threat) paths from untrusted network to anywhere in the network.
Analyze Vulnerabilities in the Context of the Network
Network Map Analysis
Understanding the interconnectedness of an enterprise’s assets is extremely important to vulnerability management. Analyzing the network access policies across the network provides the network context that enables effective vulnerability prioritization. The Network Map Analysis engine analyzes configuration data from network devices to determine what traffic is allowed between any two points in the network and iterates on each and every node on the network to
build a complete map of the network, including trusted and untrusted networks. The following steps accomplish this:
RedSeal SRM automatically collects the configuration data of network devices either directly from the network device or from a centralized repository or management system.
Network Map Analysis then connects all of the network devices by analyzing each network device’s interface definition.
Once all of the network devices are connected, Network Map Analysis starts at each untrusted network and analyzes the network device configuration data to determine the traffic flows-the traffic allowed and denied.
The network is “virtually” traversed by the Network Map Analysis to determine what traffic is allowed between any two possible points in the network.
This can be repeated for any network change or at regular intervals.
The results of the Network Map Analysis are recorded and end-users can query it to understand how their network is architected and determine what traffic is allowed between any two points. This can be done on-demand or at regular intervals.
Threat Map Analysis
Threat Map Analysis helps security teams tackle the first challenge of vulnerability management-determining which hosts are directly exposed to untrusted networks. By utilizing the results from Network Map Analysis, Threat Map Analysis can overlay the network with host and vulnerability data from your network vulnerability assessment scanner. The results of the Threat Map Analysis are recorded and end-users can choose any point in their network and review all threat links from that source or to that source.
Prioritize Remediation by Identifying Hosts That Are Directly Exposed To Untrusted Networks
Identifying the hosts directly exposed to untrusted networks is the most important step in prioritizing remediation efforts. End-users can query the RedSeal Threat Map to review all threats that originate from all of their untrusted networks or they can use the RedSeal SRM downstream risk metric to identify and prioritize the directly exposed hosts. The hosts with the greatest downstream risk present the greatest risk to the enterprise based on of the severity of the vulnerabilities present and the network access allowed from the host to other hosts within the network.
Determine Which Actions Will Provide The Greatest Impact to Improving Security
Once security teams have used RedSeal SRM to prioritize their remediation, they can use the solution’s Network Path Explorer™ and Threat Map™ to identify the most impactful remediation actions. The Network Path Explorer provides users with the ability to review all traffic between any two points in the network. Users specify source and destination in the network and the Network Path Explorer returns the traffic allowed between the source and destination. The results are returned as a 5-tuple: protocol, source IP address, source port, destination IP address, and destination port.
This powerful tool can help a security team consider a variety of remediation options and also identify huge security architectural flaws in their network. By reviewing the allowed network traffic, security teams can determine whether the access granted exceeds their business needs.
The Threat Map enables security teams to review all threats to any host in the network including threats from untrusted networks. This feature enables security teams to consider a number of remediation options for a host including changing the access policies on an upstream network device or identifying other hosts that if remediated would eliminate the exposure.
Conclusion: RedSeal SRM enables organizations to overcome challenges to protecting their most valuable assets via
• Network architecture and access policy analysis
• Identification of threat paths into the network, by correlating network and vulnerability data
• The Network Path Explorer and Threat Map for identifying remediation options and determining which approach will provide the greatest increase in security
RedSeal Systems, Inc.
One Lagoon Drive Suite 375
Redwood City, CA 94065
Tel: +1-(650) 413-4160