We just raised a $30M Series A: Read our story

RedSeal OverviewUNIXBusinessApplication

RedSeal is #3 ranked solution in top Network Modeling tools. IT Central Station users give RedSeal an average rating of 8 out of 10. RedSeal is most commonly compared to AlgoSec:RedSeal vs AlgoSec. The top industry researching this solution are professionals from a computer software company, accounting for 23% of all views.
What is RedSeal?

RedSeal’s network modeling and risk scoring platform builds an accurate, up-to-date model of an organization’s entire, as-built network to visualize access paths, prioritize what to fix, so you can target existing cybersecurity resources to protect your most valuable assets. With RedSeal’s Digital Resilience Score, decision makers can see the security status and benchmark progress toward digital resilience.

RedSeal Buyer's Guide

Download the RedSeal Buyer's Guide including reviews and more. Updated: November 2021

RedSeal Customers

United States Postal Service, Pacific Gas and Electric Co., Interval International

RedSeal Video

Pricing Advice

What users are saying about RedSeal pricing:
  • "The pricing is based on the number of endpoints and devices, and we have seen it range from mid-five figures to low six figures."

RedSeal Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AbdulMohsin
Regional Sales Engineer at RedSeal, Inc.
Real User
Top 5Leaderboard
Improves visibility, helps determine risk and compliance, and reliably enhances security

Pros and Cons

  • "This is the only solution in the world that gives you a digital resilience score."
  • "One of the areas of concern is the GUI. It is important to our customers that the GUI looks beautiful. It's a Java Client, so you have a Java dependency."

What is our primary use case?

If you have a product like RedSeal, the main use case is to identify your risk score and your security posture. These are common questions that any CEO will ask a CSO, a CIO, or a CTO, the person who is responsible for the technology in the organization.

According to Gartner, the biggest use cases in today's world among the top three priorities of CIO, on which a CEO of a company can gauge the digital transformation drive. How far the organization has gone in its digital transformation drive and this is how CIOs or CTOs are rated by CEOs.

At the end of the day, a CEO is not a technical person and the only interest is how resilient his infrastructure is, what the risks are, and what is the security posture.

What is most valuable?

This solution is amazing! The most important part is the way it gives access information to the entire infrastructure, the network most importantly.

It is the only platform with vulnerability management that can reduce thousands of vulnerabilities to 100 or less based on your network model.

Risk compliance governance is very valuable. This is the only solution in the world that gives you a digital resilience score. This is something that is unique and not found with any other vendor. RedSeal can measure your digital resilience, your risk, your compliance, and your governance. Importantly, it can help you to identify why your score is what it is.

RedSeal also has a very good feature which is Auto Populating the configs. You can give a file any name and when you do a bulk import, it can read the file and look at each and every config the device can identify. 

What needs improvement?

There are some areas that have been mentioned to the engineering team.

One of the areas of concern is the GUI. It is important to our customers that the GUI looks beautiful. It's a Java Client, so you have a Java dependency.

In the next release, the dashboard will eventually be Java-dependant on the platform.

Some other drawbacks are ingesting threat intelligence coming from different vendors. They create a network map and they laser-focus all of the vulnerabilities from the data that has come from the vulnerability scanners to the network map. It can tell you which vulnerabilities you should address first, as not all have to be addressed. You have to address the ones that are exposed to your network context. Your firewall is allowing or the router is providing access to it.

I would like to see the visibility of the containerization environment. Everyone is talking about Kubernetes, containers, and spinning up applications in the DevOps environment. 

RedSeal already has a basic capability, but they're improvising their capability of network modeling the DevOps environment. This is a very important inclusion. In tech management, having tech intel feed information and DevOps is crucial. The Java section is just cosmetic and can be ignored for a person like me, who's more technical than commercial or who is looking at the beauty part of it. DevOps visibility is going to be a game-changer.

For how long have I used the solution?

I have been working with RedSeal for more than one year.

We are using the latest version.

What do I think about the stability of the solution?

Stability is a key differentiator. I have not heard from any of my customers that we have hit a bug, and the system has crashed, or that it has stopped working.

This product is very stable, as long as you size the needed compute, which is the CPU, memory, hard disk, and the database, and if the system engineering team is sizing it correctly.

How was the initial setup?

The initial setup is straightforward. It's very simple as long as there are not many prerequisites given by the customer. It doesn't take a lot.

You can directly onboard a device and connect it. If you don't want to integrate your routers, switches, and load balancers, it can be integrated with your monitoring system. 

We know that the monitoring system is going to monitor each and every device. We can take all of the configurations from the monitoring system and with that, we will know how long it will take. Then you can do the same with the vulnerability scanner. 

What other advice do I have?

With RedSeal, you can have an application installed on the mobile device that gives you the live data, live information about your resilience score, your risk score, and tells you exactly where you are standing.

In order to achieve digital transformation, and not only to achieve but to scale and harvest the advantages of digital transformation, you have run security transformation in parallel. Without that, you cannot achieve digital transformation.

CEOs should be asking if they are able to scale up their digital transformation drive to the maximum potential. Are they able to harvest the benefits of digital transformation? Gartner indicates that 80% of the companies say no. 

When you are going through a digital transformation, your applications are talking to each other. You are exposing many services to the outside world and when you do that, you are adding risk to your environment. Security transformation has to run in parallel.

RedSeal can measure your resilience, digital resilience, your risk, your compliance, your governance, and can help you to justify what your risk score is. For example, it can tell you that there are services exposed that were not intended to, or that were mistakenly exposed. Through indirect exposure to your critical asset, there is a possibility of an attack.

It could also be that there were many changes to the application that was newly built as part of the digital transformation drive was actually a part of the network or the security of the infrastructure configurations not being there, as per the best practice.

This could help explain why your risk score is low.

It also tells you how compliant you are. This is in a live feed, it's in real-time which allows you to go back and check to see what your state was at the time of an attack.

This available through a web interface that is available for the administrators and gives them the capability to know and solve the issues.

Through the mobile app, a CEO can view the detail of compliance standards.

I always tell my customers that is not a tool, it's a platform.

Another good part of RedSeal is the engineering team. RedSeal is a young company, and one with less than 200 people. They believe in change, and they believe in delivering features. They are very dynamic and energic when it comes to feature requests. They delve into it immediately and if proves to be a real use case that is useful for multiple customers then the engineering team can deliver it within a few days, not even weeks or months. 

If you don't want to integrate with the vulnerability scanner, it has a repository of scan results.

Most of the updates are incremental. So they keep updating their customers and partners on the new releases. The releases are service software updates, so you don't really have to reboot your systems and lose or even skip some live data. It's uninterruptible software upgrades.

In comparing it with Skybox, which is very bulky and has different modules, you have to go to each module that they have in the network. Skybox has network assurance, firewall management, tech management, vulnerability management, and horizon, which is the main platform for which they can get the entire visibility of all the platforms. If you really want to do an update on Skybox, you have to go to individual modules and update them. It's a difficult system to implement and costly as well.

I would rate this platform a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SC
Vice President at a government with 201-500 employees
Real User
Top 5Leaderboard
Saves time in evaluating compliance, and the technical support is helpful

Pros and Cons

  • "The most valuable features are network mapping and configuration."
  • "The dashboard should be improved to make correlating data easier to do."

What is our primary use case?

We run three different networks with multiple VLANs across each of them. We're using it internally but looking at potentially using it to support other companies.

How has it helped my organization?

Because we work a lot of assessments, RedSeal helps us to validate certain security practices that are required. They have 148 best practices that are laid out, and the combination of those best practices along with some of the other capabilities, such as network mapping where it lays out the tracking and identification of devices, supports a lot of the requirements from government or companies that work with government agencies.

RedSeal looks at where you correlate the different practices as it relates to those defined by the assessment requirements put in place by the government contractors. Once they've done that, it will ease the time. While there is a dashboard with all of the information, you've got to go to the right place to find it and validate it. With the consolidation done, you get that as output and it ultimately saves us time when it comes to determining compliance.

What is most valuable?

The most valuable features are network mapping and configuration. It definitely speeds up the identification of mismatches and issues related to configuration and provides a good way ahead for remediation of those deficiencies.

The scorecard in resiliencies is helpful because you can get a snapshot look of it based on taking all of the data in.

From a front-end perspective, it just a superb job. RedSeal brings a lot, but it also brings an understanding that you're adding to it in order to get the full picture.

Once you flush out your layer two and layer three by bringing in scans, you tie in RedSeal with your SIEM. The dashboard makes moving forward very easy as it relates to the operation, which is something that we're very happy with.

When you're pulling in all of the vulnerabilities using the scanning tool that has been used, it is overlaid on the structure and helps to build it within RedSeal. This gives you one entry point to get a pretty good look at a company.

What needs improvement?

The dashboard should be improved to make correlating data easier to do. As it is now, if I go into RedSeal then I may have to look at six or seven practices, plus go to a configuration tab and then look at the mapping to identify one security practice that's been defined within the CMMC model.

It would like to see a feature that gives specifics about different types of compliance. For example, different tabs for SCADA, HIPAA, CMMC, 800-53, and PCI, would be helpful for having everything available in one location. As it is now, I have to view Excel spreadsheets to get that answer. Also, these things change depending on whether you are dealing with a DOD compliance effort versus medical compliance.

For how long have I used the solution?

We have been using RedSeal for more than six months.

What do I think about the stability of the solution?

I am comfortable with the product. We have not seen any issues at all, in terms of stability.

What do I think about the scalability of the solution?

We are currently looking at building relationships with other companies to improve our supply chain, and it is definitely scalable enough to support that.

How are customer service and technical support?

The technical support is really good. They have a personal touch and build a relationship with you that helps with integrating the product. They really help when it comes to having a full understanding of how it works and it makes a big difference because they don't just leave you stranded.

My experience is that the technical support is structured to make sure that you get what RedSeal can provide.

How was the initial setup?

The initial setup is straightforward, although it is a matter of importing all of the other sources of info that really makes it work well. For example, you're getting network layer seven, part of layer three, and all of those things that are associated with them. But, when you want the full picture, it takes the additional step. You need to load the scans and get tie-in to the SIEM, as well as everything else, to get the full utility out of RedSeal.

The technical support provided really eases the setup process.

What's my experience with pricing, setup cost, and licensing?

The pricing is based on the number of endpoints and devices, and we have seen it range from mid-five figures to low six figures.

What other advice do I have?

My advice for anybody who is implementing this solution is to have a good understanding of what RedSeal brings to the table, as well as what it is that you need to bring to the table to get full usage out of it. RedSeal comes in and sets the foundation and gives you the front-end, and then you have to add things like your scanned data. If you don't already have a scanner such as Nessus then you won't get a full picture. The team at RedSeal makes it clear that these plugins are essential to get the full benefit of the product.

Overall, I am very happy with the way the product is working.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about RedSeal. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
SM
Principal IT Security at a outsourcing company with 10,001+ employees
Real User
Top 20Leaderboard
Provides a graphical overview of our network and is easy to deploy, but needs a user-friendly interface and a feature for compliance audit policy

Pros and Cons

  • "RedSeal integrates the network and gives us a visual or graphical overview of our network. If an organization is geographically dispersed, for instance, with one office in Canada and one office in the Philippines, the whole network, including all devices, is integrated into RedSeal, and you can see from where the traffic is going in and out."
  • "Sometimes, it required us to refresh the configuration. When we integrated any of the configurations into the device, sometimes, it could not detect the exact picture of that device. So, we had to reset the device to see that if it was giving true-positive results or false-positive results. In some cases, we were not able to get true-positive results. There was some kind of bug in that version. Its interface is not user-friendly and needs to be improved. It takes time to understand the interface and various options. Skybox has quite a user-friendly interface. They could provide a feature for compliance audit policy if it is already not there. A compliance audit policy ensures that all configurations are based on the best practices standards, such as CIS benchmarks standard or other similar standards. It provides visibility about whether your device configuration is based on best practices or not. Usually, such a feature is provided by other solutions such as Meteor or Tenable Nessus."

What is our primary use case?

We had a distributing environment, and we used RedSeal to look into the gaps in existing network connectivities. We looked into if any of the forbidden accesses are open. We also looked at the points from where the traffic was going in and out and the policies that were configured on the network devices but were not as per compliance.

How has it helped my organization?

We had to provide the configuration of our network, and then we could see the routes that are being used to transfer the traffic from one point to another. Based on that, we could control how specific traffic should be transferred from one point to another. If a device was not declared as a perimeter firewall or a perimeter router but was configured to communicate with the internet or fiber links, we would block it.

What is most valuable?

RedSeal integrates the network and gives us a visual or graphical overview of our network. If an organization is geographically dispersed, for instance, with one office in Canada and one office in the Philippines, the whole network, including all devices, is integrated into RedSeal, and you can see from where the traffic is going in and out.

What needs improvement?

Sometimes, it required us to refresh the configuration. When we integrated any of the configurations into the device, sometimes, it could not detect the exact picture of that device. So, we had to reset the device to see that if it was giving true-positive results or false-positive results. In some cases, we were not able to get true-positive results. There was some kind of bug in that version.

Its interface is not user-friendly and needs to be improved. It takes time to understand the interface and various options. Skybox has quite a user-friendly interface.

They could provide a feature for compliance audit policy if it is already not there. A compliance audit policy ensures that all configurations are based on the best practices standards, such as CIS benchmarks standard or other similar standards. It provides visibility about whether your device configuration is based on best practices or not. Usually, such a feature is provided by other solutions such as Meteor or Tenable Nessus.

For how long have I used the solution?

I have used RedSeal in my previous organization for one year.

How are customer service and technical support?

Their technical support is good.

Which solution did I use previously and why did I switch?

They were already using this solution when I joined that organization.

How was the initial setup?

It is straightforward and not complex. You simply have to apply or provide the configurations of your devices. You can integrate a number of devices based on the running configuration and network configuration, or you can integrate all network devices.

Its implementation took around a month, and the implementation strategy was to first integrate all perimeter devices. We first covered those devices that were public-facing or connected with our clients in the data center. After configuring all of our perimeter devices, we started integrating our internal network at the distribution layer or the core layer. So, our implementation was divided into two phases. In the first phase, we integrated all devices deployed on the front line, and in the second phase, we moved to our distribution layer or the core layer.

What about the implementation team?

We got assistance from the vendor who provided us the solution. In case of any requirement, we got assistance from them.

What other advice do I have?

I would rate RedSeal a seven out of ten. It requires minor improvements in terms of the user interface and new features.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Network Modeling
Buyer's Guide
Download our free RedSeal Report and get advice and tips from experienced pros sharing their opinions.