Security, et al

Randy's Blog on Infosec and Other Stuff

«  Live with SecureAuth at R... | Finally, a new and differ... »

Live at RSA: Visualize Your Network and Access Paths Correlated with Relevant Vulnerabilities

Thu, 23 Apr 2015 15:02:44 GMT

Here’s another cool thing I found, this time at Redseal’s South Booth 1107.  Their software collects configuration and state data from all your routers, firewalls and switches and builds an incredible visualization of your network and its structure.  But that’s only the beginning.  It makes it easy to color code different segments of network with classifications like DMZ, Internet and various internal zones.  Then it shows you the paths different protocols and applications can take throughout your network.  You can select any device or host and instantly trace out all possible paths that data can take to or from that node.  I wish I’d had that recently when I re-designing our 2 data centers to provide better isolation of our virtualization hosts and some labs that outsiders need to access.  It was such a nightmare to test and validate that the policies I’d architected were configured correctly and that the wrong traffic was blocked and the right traffic permitted.  For instance we needed the 2 virtualization infrastructure networks to communicate over the site-to-site VPN with each other but only allow admin access from our jumpbox.  But Redseal goes beyond this by consuming the results from any vulnerability scanner.  Redseal doesn’t just plot those vulnerabilities on your network visualization – that’s not really that hard.  Instead they analyze the vulnerabilities found by your scanner against the known access paths on your network and surface the vulnerabilities that really count = those that are accessible via the actual access paths open on your network.  Pretty cool stuff.

email this digg reddit dzone
comments (0)references (0)

Related:
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Comments disabled

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Additional Resources