What is our primary use case?
If you have a product like RedSeal, the main use case is to identify your risk score and your security posture. These are common questions that any CEO will ask a CSO, a CIO, or a CTO, the person who is responsible for the technology in the organization.
According to Gartner, the biggest use cases in today's world among the top three priorities of CIO, on which a CEO of a company can gauge the digital transformation drive. How far the organization has gone in its digital transformation drive and this is how CIOs or CTOs are rated by CEOs.
At the end of the day, a CEO is not a technical person and the only interest is how resilient his infrastructure is, what the risks are, and what is the security posture.
What is most valuable?
This solution is amazing! The most important part is the way it gives access information to the entire infrastructure, the network most importantly.
It is the only platform with vulnerability management that can reduce thousands of vulnerabilities to 100 or less based on your network model.
Risk compliance governance is very valuable. This is the only solution in the world that gives you a digital resilience score. This is something that is unique and not found with any other vendor. RedSeal can measure your digital resilience, your risk, your compliance, and your governance. Importantly, it can help you to identify why your score is what it is.
RedSeal also has a very good feature which is Auto Populating the configs. You can give a file any name and when you do a bulk import, it can read the file and look at each and every config the device can identify.
What needs improvement?
There are some areas that have been mentioned to the engineering team.
One of the areas of concern is the GUI. It is important to our customers that the GUI looks beautiful. It's a Java Client, so you have a Java dependency.
In the next release, the dashboard will eventually be Java-dependant on the platform.
Some other drawbacks are ingesting threat intelligence coming from different vendors. They create a network map and they laser-focus all of the vulnerabilities from the data that has come from the vulnerability scanners to the network map. It can tell you which vulnerabilities you should address first, as not all have to be addressed. You have to address the ones that are exposed to your network context. Your firewall is allowing or the router is providing access to it.
I would like to see the visibility of the containerization environment. Everyone is talking about Kubernetes, containers, and spinning up applications in the DevOps environment.
RedSeal already has a basic capability, but they're improvising their capability of network modeling the DevOps environment. This is a very important inclusion. In tech management, having tech intel feed information and DevOps is crucial. The Java section is just cosmetic and can be ignored for a person like me, who's more technical than commercial or who is looking at the beauty part of it. DevOps visibility is going to be a game-changer.
For how long have I used the solution?
I have been working with RedSeal for more than one year.
We are using the latest version.
What do I think about the stability of the solution?
Stability is a key differentiator. I have not heard from any of my customers that we have hit a bug, and the system has crashed, or that it has stopped working.
This product is very stable, as long as you size the needed compute, which is the CPU, memory, hard disk, and the database, and if the system engineering team is sizing it correctly.
How was the initial setup?
The initial setup is straightforward. It's very simple as long as there are not many prerequisites given by the customer. It doesn't take a lot.
You can directly onboard a device and connect it. If you don't want to integrate your routers, switches, and load balancers, it can be integrated with your monitoring system.
We know that the monitoring system is going to monitor each and every device. We can take all of the configurations from the monitoring system and with that, we will know how long it will take. Then you can do the same with the vulnerability scanner.
What other advice do I have?
With RedSeal, you can have an application installed on the mobile device that gives you the live data, live information about your resilience score, your risk score, and tells you exactly where you are standing.
In order to achieve digital transformation, and not only to achieve but to scale and harvest the advantages of digital transformation, you have run security transformation in parallel. Without that, you cannot achieve digital transformation.
CEOs should be asking if they are able to scale up their digital transformation drive to the maximum potential. Are they able to harvest the benefits of digital transformation? Gartner indicates that 80% of the companies say no.
When you are going through a digital transformation, your applications are talking to each other. You are exposing many services to the outside world and when you do that, you are adding risk to your environment. Security transformation has to run in parallel.
RedSeal can measure your resilience, digital resilience, your risk, your compliance, your governance, and can help you to justify what your risk score is. For example, it can tell you that there are services exposed that were not intended to, or that were mistakenly exposed. Through indirect exposure to your critical asset, there is a possibility of an attack.
It could also be that there were many changes to the application that was newly built as part of the digital transformation drive was actually a part of the network or the security of the infrastructure configurations not being there, as per the best practice.
This could help explain why your risk score is low.
It also tells you how compliant you are. This is in a live feed, it's in real-time which allows you to go back and check to see what your state was at the time of an attack.
This available through a web interface that is available for the administrators and gives them the capability to know and solve the issues.
Through the mobile app, a CEO can view the detail of compliance standards.
I always tell my customers that is not a tool, it's a platform.
Another good part of RedSeal is the engineering team. RedSeal is a young company, and one with less than 200 people. They believe in change, and they believe in delivering features. They are very dynamic and energic when it comes to feature requests. They delve into it immediately and if proves to be a real use case that is useful for multiple customers then the engineering team can deliver it within a few days, not even weeks or months.
If you don't want to integrate with the vulnerability scanner, it has a repository of scan results.
Most of the updates are incremental. So they keep updating their customers and partners on the new releases. The releases are service software updates, so you don't really have to reboot your systems and lose or even skip some live data. It's uninterruptible software upgrades.
In comparing it with Skybox, which is very bulky and has different modules, you have to go to each module that they have in the network. Skybox has network assurance, firewall management, tech management, vulnerability management, and horizon, which is the main platform for which they can get the entire visibility of all the platforms. If you really want to do an update on Skybox, you have to go to individual modules and update them. It's a difficult system to implement and costly as well.
I would rate this platform a nine out of ten.