Network Advisor is in its glory when you need to use it to manage tens or hundreds of thousands of rules and access control lists (ACLs) on large, complicated networks. These networks have multiple paths between secure segments and between public networks and secure segments.
Back channel connections from inside the protected network to the public internet pose a serious risk to the enterprise. These back channels can develop due to someone configuring a device contrary to policy on purpose - usually for some perceived personal convenience, such as remote access to the user's work computer - or due to an erroneous configuration. Given the number of rules and ACLs that must be analyzed in order to ferret out these erroneous configurations, some centralized form of correlation and analysis is necessary. That is where Network Advisor comes into the picture.
In addition to evaluating the intranetwork paths and the rule sets and ACLs that manage them, Network Advisor evaluates both ingress and egress paths to and from the enterprise, as well as to and from external, untrusted networks, such as the internet. The egress analysis is extremely important when evaluating the potential for data leakage and possible sources within the enterprise.
Product: Network Advisor v4.0
Company: RedSeal Systems
Price: starts at $30,000
What it does: Provides analysis of all of the rules and access control lists on the network and ensures that they are configured to the appropriate policies.
What we liked: This product solves a major problem for large enterprises: visibility of the enterprise's actual security configuration.
What we didn't like: I would have liked to see some level of support resources available to all users and potential users.