BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

eEye Technology Partnership: RedSeal

Post by Morey Haber September 24, 2010

A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step, prioritizing the most meaningful threats becomes a top priority for mitigation and protection strategies. In order to determine priorities for your environment, ask yourself the following questions:

  • Is mission critical information at risk because of a vulnerability that is exposed to the Internet or sensitive internal systems?
  • Has a vulnerability already been effectively mitigated with network-level controls such as ACLs when no patch or remediation procedure was available?
  • Do vulnerabilities in minor systems allow a hacker to escalate attacks to more critical systems?
  • Are host configurations being continuously monitored to deliver near real-time risk management as required by FISMA?

Prioritizing remediation efforts according to risk is essential to an effective unified vulnerability management program. If you answered “yes” to any of the questions above, prioritizing these vulnerabilities should start at the infrastructure itself since it can be used to easily leverage other assets in the environment. To do this, security organizations need to take into account the exposure and protection provided by their network infrastructure related to host and application vulnerabilities.

Let’s consider a technology partnership that assists with this prioritization and solves some unique business and technology challenges.

eEye’s Retina solutions offer the industry and government a standard for multi-platform unified vulnerability management, identification of known and zero day vulnerabilities, and provides an accurate discovery all network-connected assets using non-intrusive scanning techniques. eEye delivers a highly comprehensive vulnerability database that is maintained and constantly updated by the eEye Research Team. eEye’s solution is based on an open architecture enabling customized audits, seamless integration with third party platforms and allows users to create custom, corporate-policy driven scans.

RedSeal Vulnerability Advisor software integrates this vulnerability information and analyzes it in the context of network access to determine IT risk. RedSeal Vulnerability Advisor automatically retrieves current scan and asset data from Retina, and uses it to calculate the risk created due to a vulnerability. Therefore, RedSeal provides the ability to evaluate:

  • Direct exposure of a vulnerability to trusted and untrusted networks
  • Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts
  • The potential for a vulnerability to allow an attacker to escalate an attack deeper into the company network
  • The business value of the vulnerable host and its relationship and communication to other systems
  • The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS)

As a complete integrated solution, prioritization problems can be managed in a methodical and predictable fashion (as required by regulatory compliancy laws). RedSeal Vulnerability Advisor analyzes the results of eEye’s Retina solutions in the context of the what access is possible through the network, prioritization of vulnerabilities based on network configuration and vulnerability data, and offer network mitigation options when no remediation strategy is available. These integrated technologies not only consider scanned vulnerabilities, but also how they relate to your network infrastructure, configuration of networking devices, and how they all communicate based on your network topology.

If you would like to learn more about our integration and partnership with RedSeal, please contact us.

Tags:

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,