BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Automating Scanner Updates

Posted September 15, 2011    Morey Haber

Software is written by people and inevitably has mistakes and requires maintenance. This maintenance can be in the form of security updates to patch vulnerabilities, service packs and hot fixes to correct functional problems, and general maintenance to cover required updates for signatures and other time-dependent functions. When working with security solutions, detection methods often rely on signature databases (of some sort) for identification, classification, and correlation of revenant data. As new threats emerge, these signatures need to be updated frequently and applied to the solution. These updates are commonly found in anti-virus tools, intrusion prevention solutions, and audit databases present in vulnerability assessment solutions. Verifying that your security tools have the latest approved releases helps identify emerging threats. Automating this maintenance and verifying the accuracy of the updates can be labor intensive and error prone if not properly managed. Referential integrity problems can occur if multiple deployments of the solution are all running different code bases.

For eEye solutions, Retina has a mature product for managing this problem. The Enterprise Update Server (EUS) is a back office utility for downloading updates (binary and audit) and managing them for distribution to all vulnerability assessment scanners, management consoles, and endpoint agents. This tool has the following enterprise-ready functionality:

  • Notification via email when updates are ready for download or have been applied to the distribution queue.
  • License key management for downloading updates to authorized installations.
  • Role-based access for distribution functions.
  • User auditing of update server features and login attempts.
  • SSL access for management and maintenance update distribution.
  • User selectable version control for updates.
  • Fully automated distribution of updates or manual procedures for integration into existing change control processes.
  • Support for internet proxies and tiering of multiple Enterprise Update Servers.
  • Support for fully or partially deployed air gapped networks (Off Line)

As illustrated above, EUS allows complete control of maintenance updates and versions for all eEye solutions. Users can select “To Always Use The Latest Version” or freeze a product, audit, or signatures at a specific version based on internal change control requirements. In addition, the solution ships as software or preloaded on eEye’s UVM20 Retina CS Management Console appliance for rapid deployment and a quick return on investment.

When it comes to automating and managing vulnerability assessment scanners and endpoint protection solution updates, eEye understands what it is to be enterprise ready. Our solutions have been deployed in installations with millions of assets and businesses with only a few IP addresses. Scaling to meet any requirements is critical and managing the versions of software you have deployed can be made simple using the extensive functionality found in the Enterprise Update Server.

For more information on the Enterprise Update Server and how eEye can help your business, please click here. We can help and have a proven track record in even the most demanding and complex environments.

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,