Start-up RedSeal Systems makes its debut this week with a security appliance that supports risk management through visualization of a corporate network's exposure to threats.
RedSeal's Security Risk Management 3000, expected to ship by the end of next month, works by aggregating information about access-control lists from firewalls and routers, as well as holes found by vulnerability-assessment scanners. SRM 3000, which also suggests mitigation procedures, competes with Skybox Security's Skybox View product.
"Through SRM 3000, you learn how threats might flow through your network, and you can see the hotspots," said Johnnie Konstantas, senior director of marketing at RedSeal, which was founded by Chief Technology Officer Alain Mayer and Chief Security Officer Brian Laing with US$14 million in venture-capital backing.
Blue Cross Blue Shield of Hawaii and the Europe-based IT services firm Atos Euronext Market Solutions are among the organizations planning to test and evaluate SRM 3000.
"It looks like it should prove useful in giving us visibility of network security issues," said Jon McClelland, information security specialist in Atos Euronext Market Solutions' London office. "We're hoping it will allow us to aggregate router and firewall configurations to see whether data flows are working as expected. Ideally, it will also reflect what would happen if we made changes to the existing network, to help us predict whether changes are safe to make."
Allen Zhang, security specialist for Blue Cross Blue Shield of Hawaii, said he couldn't disclose how his company might use the RedSeal security risk appliance. But Zhang said the appliance promises to provide a model for quantification of risk from the network security perspective in a way that's relevant to the technical staff managing systems daily.
The first release of SRM 3000 will be limited to supporting Cisco' IOS-based router and PIX versions 5, 6, and 7; Check Point's SmartCenter; and vulnerability-assessment scanners from Qualys and Nessus.
The SMS 3000 appliance starts at US$50,000 for use with 25 network devices.