BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

eEye Technology Partnership: RedSeal

Posted September 24, 2010    Morey Haber

A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step, prioritizing the most meaningful threats becomes a top priority for mitigation and protection strategies. In order to determine priorities for your environment, ask yourself the following questions:

  • Is mission critical information at risk because of a vulnerability that is exposed to the Internet or sensitive internal systems?
  • Has a vulnerability already been effectively mitigated with network-level controls such as ACLs when no patch or remediation procedure was available?
  • Do vulnerabilities in minor systems allow a hacker to escalate attacks to more critical systems?
  • Are host configurations being continuously monitored to deliver near real-time risk management as required by FISMA?

Prioritizing remediation efforts according to risk is essential to an effective unified vulnerability management program. If you answered “yes” to any of the questions above, prioritizing these vulnerabilities should start at the infrastructure itself since it can be used to easily leverage other assets in the environment. To do this, security organizations need to take into account the exposure and protection provided by their network infrastructure related to host and application vulnerabilities.

Let’s consider a technology partnership that assists with this prioritization and solves some unique business and technology challenges.

eEye’s Retina solutions offer the industry and government a standard for multi-platform unified vulnerability management, identification of known and zero day vulnerabilities, and provides an accurate discovery all network-connected assets using non-intrusive scanning techniques. eEye delivers a highly comprehensive vulnerability database that is maintained and constantly updated by the eEye Research Team. eEye’s solution is based on an open architecture enabling customized audits, seamless integration with third party platforms and allows users to create custom, corporate-policy driven scans.

RedSeal Vulnerability Advisor software integrates this vulnerability information and analyzes it in the context of network access to determine IT risk. RedSeal Vulnerability Advisor automatically retrieves current scan and asset data from Retina, and uses it to calculate the risk created due to a vulnerability. Therefore, RedSeal provides the ability to evaluate:

  • Direct exposure of a vulnerability to trusted and untrusted networks
  • Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts
  • The potential for a vulnerability to allow an attacker to escalate an attack deeper into the company network
  • The business value of the vulnerable host and its relationship and communication to other systems
  • The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS)

As a complete integrated solution, prioritization problems can be managed in a methodical and predictable fashion (as required by regulatory compliancy laws). RedSeal Vulnerability Advisor analyzes the results of eEye’s Retina solutions in the context of the what access is possible through the network, prioritization of vulnerabilities based on network configuration and vulnerability data, and offer network mitigation options when no remediation strategy is available. These integrated technologies not only consider scanned vulnerabilities, but also how they relate to your network infrastructure, configuration of networking devices, and how they all communicate based on your network topology.

If you would like to learn more about our integration and partnership with RedSeal, please contact us.

Tags:

Leave a Reply

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,