BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

A New Way of Looking at Vulnerabilities in Your Environment

Posted April 23, 2014    Morey Haber

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does this and then takes it to the next level.

Taking Prioritization to the Next Level

With version 5.1, BeyondInsight adds Vulnerability-Based Smart Rules to its Asset Smart Rules (which we’ve had for years and other vendors are just beginning to introduce). This is an industry-unique feature because it allows users to pivot and group information based on vulnerability results and findings, rather than solely on groups of assets. As a result, they can better prioritize remediation efforts by filtering vulnerabilities and isolating those currently targeted by known, active exploits.

smart rules manager for vulnerabilities - v2

Focusing on the Vulnerability Data You Care About

Now, BeyondInsight users can easily narrow assessment results down to only those Asset Smart Groups containing vulnerabilities with current exploits – with no data bleed or errant findings. The new Vulnerability Smart Rule also incorporates Boolean logic for additional vulnerability details such as vendor, description, CVE, etc. This allows specific operational teams to tailor vulnerability assessment findings to their specific areas of responsibility. For example, an operations team may only want to view desktops that contain exploitable Microsoft Office applications. The Smart Rule can easily be modified to display only those vulnerabilities relevant to Microsoft Office.

Revealing the Implications of Zero Day Threats  

For another example, consider the recent Microsoft Word zero-day vulnerability recently published and previously discussed in our blog. Given this threat, BeyondInsight can document the following:

  • Which assets the zero-day vulnerability is present on
  • Which assets are exploitable based on the zero day
  • What is the documented vulnerability and proper mitigation until a patch is available
  • Which tools have a published exploit for the zero day
  • Whether the zero day is exploitable from within a common malware framework

BeyondTrust redefines how organizations use vulnerability data. This latest feature helps prioritize vulnerability information by filtering not only the vulnerability list for exploits, but also the asset list. It allows organizations to gain context-aware security intelligence by refining assessment results for the teams that need it most and filtering the risks for dangers that require immediate attention.

> Download the BeyondInsight v5.1 New Features Overview
> Request a free trial
> Learn more about BeyondInsight

Tags:
, , , , ,

Leave a Reply

Additional articles

Are Your Data Security Efforts Focused in the Right Area?

Posted January 28, 2015    Scott Lang

Vormetric Data Security recently released an insider threat report, with research conducted by HarrisPoll and analyzed by Ovum. Based on the survey responses, it is apparent that there is still a great deal of insecurity over data. However, the results also show that there may be misplaced investments to address those insecurities. I will explain…

Tags:
ghost

GHOST Vulnerability…Scary Indeed

Posted January 28, 2015    BeyondTrust Research Team

A vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considering remote, arbitrary code execution can be achieved. In an effort to avoid taxing DNS lookups, glibc developers introduced…

Tags:
,
dave-shackleford-headshot

Your New Years Resolution: Controlling Privileged Users

Posted January 27, 2015    Dave Shackleford

Is 2015 the year you get a better handle on security? The news last year was grim – so much so, in fact, that many in the information security community despaired a bit. Really, the end-of-the-year infosec cocktail parties were a bit glum. OK, let’s be honest, infosec cocktail parties are usually not that wild…

Tags:
, , ,