BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

eEye Technology Partnership: RedSeal

Posted September 24, 2010    Morey Haber

A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step, prioritizing the most meaningful threats becomes a top priority for mitigation and protection strategies. In order to determine priorities for your environment, ask yourself the following questions:

  • Is mission critical information at risk because of a vulnerability that is exposed to the Internet or sensitive internal systems?
  • Has a vulnerability already been effectively mitigated with network-level controls such as ACLs when no patch or remediation procedure was available?
  • Do vulnerabilities in minor systems allow a hacker to escalate attacks to more critical systems?
  • Are host configurations being continuously monitored to deliver near real-time risk management as required by FISMA?

Prioritizing remediation efforts according to risk is essential to an effective unified vulnerability management program. If you answered “yes” to any of the questions above, prioritizing these vulnerabilities should start at the infrastructure itself since it can be used to easily leverage other assets in the environment. To do this, security organizations need to take into account the exposure and protection provided by their network infrastructure related to host and application vulnerabilities.

Let’s consider a technology partnership that assists with this prioritization and solves some unique business and technology challenges.

eEye’s Retina solutions offer the industry and government a standard for multi-platform unified vulnerability management, identification of known and zero day vulnerabilities, and provides an accurate discovery all network-connected assets using non-intrusive scanning techniques. eEye delivers a highly comprehensive vulnerability database that is maintained and constantly updated by the eEye Research Team. eEye’s solution is based on an open architecture enabling customized audits, seamless integration with third party platforms and allows users to create custom, corporate-policy driven scans.

RedSeal Vulnerability Advisor software integrates this vulnerability information and analyzes it in the context of network access to determine IT risk. RedSeal Vulnerability Advisor automatically retrieves current scan and asset data from Retina, and uses it to calculate the risk created due to a vulnerability. Therefore, RedSeal provides the ability to evaluate:

  • Direct exposure of a vulnerability to trusted and untrusted networks
  • Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts
  • The potential for a vulnerability to allow an attacker to escalate an attack deeper into the company network
  • The business value of the vulnerable host and its relationship and communication to other systems
  • The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS)

As a complete integrated solution, prioritization problems can be managed in a methodical and predictable fashion (as required by regulatory compliancy laws). RedSeal Vulnerability Advisor analyzes the results of eEye’s Retina solutions in the context of the what access is possible through the network, prioritization of vulnerabilities based on network configuration and vulnerability data, and offer network mitigation options when no remediation strategy is available. These integrated technologies not only consider scanned vulnerabilities, but also how they relate to your network infrastructure, configuration of networking devices, and how they all communicate based on your network topology.

If you would like to learn more about our integration and partnership with RedSeal, please contact us.

Tags:

Leave a Reply

Additional articles

red-thumbprint

Why big data breaches won’t always be so easy

Posted September 19, 2014    Byron Acohido

This blog post is republished with the permission of ThirdCertainty. See the original post here. – By: Byron Acohido, Editor-In-Chief, ThirdCertainty Some day, perhaps fairly soon, it will be much more difficult for data thieves to pull off capers like the headline-grabbing hacks of Home Depot and Target. That’s not a pipe dream. It’s the projected outcome…

Tags:
, , , , ,
pbps-blog2

8 Reasons Your Privileged Password Management Solution Will Fail

Posted September 18, 2014    Chris Burd

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do two out of three data breaches tie back to poor password management? The fact is that not all privileged password management strategies are created equal, so it’s critical…

Tags:
, , , , , , ,
pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,