Associate Director Security at a outsourcing company with 10,001+ employees
Real User
Top 10
2021-04-03T15:35:28Z
Apr 3, 2021
Sometimes, it required us to refresh the configuration. When we integrated any of the configurations into the device, sometimes, it could not detect the exact picture of that device. So, we had to reset the device to see that if it was giving true-positive results or false-positive results. In some cases, we were not able to get true-positive results. There was some kind of bug in that version. Its interface is not user-friendly and needs to be improved. It takes time to understand the interface and various options. Skybox has quite a user-friendly interface. They could provide a feature for compliance audit policy if it is already not there. A compliance audit policy ensures that all configurations are based on the best practices standards, such as CIS benchmarks standard or other similar standards. It provides visibility about whether your device configuration is based on best practices or not. Usually, such a feature is provided by other solutions such as Meteor or Tenable Nessus.
There are some areas that have been mentioned to the engineering team. One of the areas of concern is the GUI. It is important to our customers that the GUI looks beautiful. It's a Java Client, so you have a Java dependency. In the next release, the dashboard will eventually be Java-dependant on the platform. Some other drawbacks are ingesting threat intelligence coming from different vendors. They create a network map and they laser-focus all of the vulnerabilities from the data that has come from the vulnerability scanners to the network map. It can tell you which vulnerabilities you should address first, as not all have to be addressed. You have to address the ones that are exposed to your network context. Your firewall is allowing or the router is providing access to it. I would like to see the visibility of the containerization environment. Everyone is talking about Kubernetes, containers, and spinning up applications in the DevOps environment. RedSeal already has a basic capability, but they're improvising their capability of network modeling the DevOps environment. This is a very important inclusion. In tech management, having tech intel feed information and DevOps is crucial. The Java section is just cosmetic and can be ignored for a person like me, who's more technical than commercial or who is looking at the beauty part of it. DevOps visibility is going to be a game-changer.
Vice President at a government with 201-500 employees
Real User
2020-08-20T07:50:17Z
Aug 20, 2020
The dashboard should be improved to make correlating data easier to do. As it is now, if I go into RedSeal then I may have to look at six or seven practices, plus go to a configuration tab and then look at the mapping to identify one security practice that's been defined within the CMMC model. It would like to see a feature that gives specifics about different types of compliance. For example, different tabs for SCADA, HIPAA, CMMC, 800-53, and PCI, would be helpful for having everything available in one location. As it is now, I have to view Excel spreadsheets to get that answer. Also, these things change depending on whether you are dealing with a DOD compliance effort versus medical compliance.
RedSeal’s network modeling and risk scoring platform builds an accurate, up-to-date model of an organization’s entire, as-built network to visualize access paths, prioritize what to fix, so you can target existing cybersecurity resources to protect your most valuable assets. With RedSeal’s Digital Resilience Score, decision makers can see the security status and benchmark progress toward digital resilience.
There is room for improvement in integrating the OT security part and the private 5G security part in RedSeal.
Sometimes, it required us to refresh the configuration. When we integrated any of the configurations into the device, sometimes, it could not detect the exact picture of that device. So, we had to reset the device to see that if it was giving true-positive results or false-positive results. In some cases, we were not able to get true-positive results. There was some kind of bug in that version. Its interface is not user-friendly and needs to be improved. It takes time to understand the interface and various options. Skybox has quite a user-friendly interface. They could provide a feature for compliance audit policy if it is already not there. A compliance audit policy ensures that all configurations are based on the best practices standards, such as CIS benchmarks standard or other similar standards. It provides visibility about whether your device configuration is based on best practices or not. Usually, such a feature is provided by other solutions such as Meteor or Tenable Nessus.
There are some areas that have been mentioned to the engineering team. One of the areas of concern is the GUI. It is important to our customers that the GUI looks beautiful. It's a Java Client, so you have a Java dependency. In the next release, the dashboard will eventually be Java-dependant on the platform. Some other drawbacks are ingesting threat intelligence coming from different vendors. They create a network map and they laser-focus all of the vulnerabilities from the data that has come from the vulnerability scanners to the network map. It can tell you which vulnerabilities you should address first, as not all have to be addressed. You have to address the ones that are exposed to your network context. Your firewall is allowing or the router is providing access to it. I would like to see the visibility of the containerization environment. Everyone is talking about Kubernetes, containers, and spinning up applications in the DevOps environment. RedSeal already has a basic capability, but they're improvising their capability of network modeling the DevOps environment. This is a very important inclusion. In tech management, having tech intel feed information and DevOps is crucial. The Java section is just cosmetic and can be ignored for a person like me, who's more technical than commercial or who is looking at the beauty part of it. DevOps visibility is going to be a game-changer.
The dashboard should be improved to make correlating data easier to do. As it is now, if I go into RedSeal then I may have to look at six or seven practices, plus go to a configuration tab and then look at the mapping to identify one security practice that's been defined within the CMMC model. It would like to see a feature that gives specifics about different types of compliance. For example, different tabs for SCADA, HIPAA, CMMC, 800-53, and PCI, would be helpful for having everything available in one location. As it is now, I have to view Excel spreadsheets to get that answer. Also, these things change depending on whether you are dealing with a DOD compliance effort versus medical compliance.