Once a threat is detected in ArcSight ESM, the incident response team begins a thorough investigation into the extent of the breach. They’ll ask five questions:
RedSeal provides all the tools you need to quickly answer these questions. For example, it provides the OS, applications (services), MAC address, the device’s subnet (e.g., Finance, Sales, Engineering) and the policy group it is part of. It also gives you the switch and port number the device is connected to.
Importantly, RedSeal also provides a list of downstream assets that the compromised device can access. This list is prioritized based on the downstream target’s asset value and the severity of known vulnerabilities that can be exploited. RedSeal also shows you detailed host information for each reachable asset. In addition, you’ll be able to see detailed pathways to these downstream assets, including the firewall rule (or ACL) that is allowing access to these devices.
You’ll also want to know if the compromised host can be accessed from an untrusted network. If it can, it might be connecting to a command and control server, which could be exfiltrating confidential information. In this case, containment is a high priority and you can use RedSeal’s detailed path information to locate a firewall or ACL that can block access.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
ABAP-Experts - NCMI GmbH
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox