BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

A Snapshot in Time: Looking at the Bigger Picture Around Vulnerability Assessment Data

Posted June 2, 2011    Jerome Diggs

Recently I had the pleasure of exhibiting at the Secure World conference in both the Atlanta and Philadelphia venues and had many interesting conversations with various CISO, CIO’s, Security Managers, Information Assurance Engineers and Auditors.  We talked about various subjects from some of the latest threats (i.e. the Playstation Network debacle) to vulnerability assessment.  One common challenge and topic raised by almost all of the folks I spoke with was how to measure/understand the affects of a Unified Vulnerability Management strategy. 

While it is great to be able to perform thorough and efficient scanning of an enterprise for vulnerabilities and undesirable configuration for regulatory and/or security best practice initiatives, the question lingers…how do I measure the results of the efforts I’ve undertaken?  Can I map out areas of my network that may need more care and feeding over another area?  Can I map to regulatory requirements and generate a score card to see in which areas I am lacking and how long are these vulnerabilities have been outstanding?  When I roll out a new enterprise platform do I see a general upward trend in vulnerabilities and/or possible security threats? If so, how quickly do my vulnerability management initiatives counteract the effects?  These are just a few of the questions/scenarios that I had discussed with various security professionals over the last couple of weeks.  I’m sure most folks reading this can think of quite a few more.

eEye’s Unified Vulnerability Manage solution, Retina CS, ships with a data warehouse component aptly named Retina Insight (or simply Insight).  Insight gives CISO, CIO, Technical Managers, and/or auditors a simple, interactive view of vulnerability assessment data using standard technologies (i.e. MS SQL Server, MS SQL Anaysis Services and MS SQL Reporting Services).  The reports are designed to allow a user to easily determine trends in vulnerabilities and attack related data while giving them the flexibility in determining:  timeframe (how far back they want to go) and scope (which segments of their enterprise they are interested in reporting on).  Because we are using standard technology found in most enterprises, data can be made available via PDF, XLS, CSV formats (to name a few) as well as easy integration into a SharePoint portal  via business intelligence engines for cross team access.  Reports can be automated so that data consumers can receive reports on a recurring basis thus freeing up valuable staffing resources.

As I mentioned earlier reports are designed to be interactive allowing users the ability to look at a graph or summary table and then delve deeper into the data to see which operating system, domain or assets are vulnerable.  In addition we’ve provided the ability to browse down to the vulnerability details themselves.

Figure 1: Running the ‘New Vulnerabilities by Severity’ report.

The above graphic shows a sample report generated in Retina Insight.  Notice on the left side of the screen there are numerous built in reports broken out by category (including regulatory specific reports).  Reports are interactive and provide links within the data to drill down in to the details (see figures 2 & 3, below).  Also, the parameters at the top of the screen allow user’s to determine time segments, asset scope (smart groups), chart type, export format and whether they want to subscribe to the report for automatic report generation or to view the report.

Figure 2: Interactive clicking on the report in the first screen yields more details.

Clicking on data in the grid from the first screen allows the user to see details for the list of vulnerability (including domain, hostname/IP and operating system of the assets).

Figure 3: Interactively clicking on vulnerability in the list from figure 2 will show more details on the vulnerability including PCI Severity, CVSS and reference information.

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,