BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Call it Genius. Our Smart Groups Make Vulnerability Management Simple for Security Teams

Post by Morey Haber April 20, 2012

eEye R&D has been hard at work on optimizing how our enterprise clients can manage and schedule assessments within Retina CS. These efforts will increase the efficiency of how our clients perform assessments across their IT infrastructure – be it their traditional server or desktop assets, or new technologies like mobile, virtual and cloud.

In a typical environment, regardless of vulnerability management tool, scan jobs are typically performed against a range of assets, address groups, or some other type of device collection or site location. If assessments are required across multiple groups, typically the user has to schedule multiple jobs or build containers that contain all of the corporate assets. Scanning these large groups can take a long time, be potentially too large for a single scan engine to process in one job, and produce a report (if it doesn’t time-out or crash first) that is tens of thousands of pages long. It is not common for a company with over 100,000 assets to truly scan all their devices. They just do not have the scanning infrastructure, manpower to schedule all the jobs, and personnel to handle the plethora of data. This is where eEye differs and excels in meeting enterprise vulnerability and threat management.

Retina CS employs called Smart Groups to build a collection of assets. These can be anything from address groups, to patterns contained in host-names, Active Directory queries, and even what software was detected on a host during previous scans. Smart Groups can also be built as parent objects referencing Child Groups. That is, the parent group can reference other Smart Groups and build a super set of all the data for role based access, alerting, and now job scheduling and reporting. If you’ve ever used the Smart Playlist function in iTunes, you’re already trained on how to build Smart Groups within Retina CS.

Consider an environment that has Smart Groups for locations or even business units. These are typically deployed as Smart Groups referencing the city, building, or business function. If you build a new group at the higher level that references all of these children by state, campus, or even business division then you have create a new logical parent. In Retina CS, you can now schedule a job at the parent level that will automatically be distributed to all children and honor key Smart Group settings like Scanner Locking or round robin scanner pooling for load balancing and rapid assessment of large IP ranges using multiple scanners simultaneously.

In terms of enterprise job scheduling, once the parent is built, it only takes 4 mouse clicks (yes, 4) in the Retina CS UI to perform and assess across the entire enterprise using distributed scan engines, scan pools, and fixed scanners that are dedicate to specific address spaces or locations! And, using Retina Insight, our unique Heat Maps can reduce the report into a few pages that can tell you which vulnerabilities are causing the highest risks and if mitigated, how your environment would change for the better!

No other solution is taking this approach to enterprise vulnerability management. eEye is the only vendor working to make  job scheduling, reporting, and threat intelligence simple for the IT security team, as well as for executives,  to understand the risks they face.

For more information on how Retina CS can help you today, please contact our sales team at sales@eeye.com. Our customer success engineers would love to show you how the next generation of Threat Management Solutions can solve problems with your enterprise scanning requirements.

Tags:
, , , , , ,

Additional articles

insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,

Vulnerability Expert Forum Highlights: April 2014

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Post by Chris Burd April 16, 2014
Tags:
, , , , ,