Tales from the Trenches: Early? It came online early? How do you know?
Today’s Tales from the Trenches is brought to you by Brad Schwab, Senior Security Solutions Consultant.
Regardless of the size of your business, things still happen at the “speed of business.” But what does that really mean? It means that changes do not always happen on the intended schedule, and sometimes they occur before safeguards can be put in place—all in the name of promoting the business.
This exact scenario unfolded for a RedSeal customer. This customer supports a worldwide network that is so big and in such a constant state of flux, that they continually run RedSeal’s Assisted Modeling feature. This feature looks at network device configurations and can determine if there are other missing devices not in the RedSeal Model based on designated Model Issues. Once it has a list of possible missing device targets, RedSeal then performs a data collection against the targets to bring them into the model. This process repeats on the new devices and then again on any other new devices. I like to say “missing devices create missing devices.”
Here is what played out from one nightly Assisted Modeling run:
I received a call from a customer’s Head of Network Security Engineering, who excitedly exclaimed that a new data center had come online early, unannounced, and that RedSeal had discovered it through Assisted Modeling. Only because of RedSeal was his team aware of the data center coming online. As we looked at the new devices that comprised the data center, things got interesting. The RedSeal deployment was set up to check and monitor all network devices for configuration hardening guidelines that had been designed, tested, and verified via RedSeal Secure Configuration Checks and Segmentation checks via RedSeal Zones and Policies. As we reviewed the new devices in the data center, we discovered something concerning: none of the hardening guidelines had been followed, and no segmentation restrictions were in place. This situation could have posed significant security risks. Thankfully, RedSeal’s Assisted Modeling feature had already flagged these issues, giving the team a crucial heads-up before any potential harm could occur.
Sometimes a new branch, or in this case, a data center may be brought online before customer data is present. However, that would be under strict supervision and not just out of the blue. In this case, the customer was rightfully upset and at the same time very thankful for RedSeal’s Assisted Modeling feature keeping a watchful eye on the network and for the heads up on the configuration and segmentation issues.
At RedSeal, we’re committed to helping you fortify your digital infrastructure, for good. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.
