BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

eEye Technology Partnership: RedSeal

Posted September 24, 2010    Morey Haber

A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step, prioritizing the most meaningful threats becomes a top priority for mitigation and protection strategies. In order to determine priorities for your environment, ask yourself the following questions:

  • Is mission critical information at risk because of a vulnerability that is exposed to the Internet or sensitive internal systems?
  • Has a vulnerability already been effectively mitigated with network-level controls such as ACLs when no patch or remediation procedure was available?
  • Do vulnerabilities in minor systems allow a hacker to escalate attacks to more critical systems?
  • Are host configurations being continuously monitored to deliver near real-time risk management as required by FISMA?

Prioritizing remediation efforts according to risk is essential to an effective unified vulnerability management program. If you answered “yes” to any of the questions above, prioritizing these vulnerabilities should start at the infrastructure itself since it can be used to easily leverage other assets in the environment. To do this, security organizations need to take into account the exposure and protection provided by their network infrastructure related to host and application vulnerabilities.

Let’s consider a technology partnership that assists with this prioritization and solves some unique business and technology challenges.

eEye’s Retina solutions offer the industry and government a standard for multi-platform unified vulnerability management, identification of known and zero day vulnerabilities, and provides an accurate discovery all network-connected assets using non-intrusive scanning techniques. eEye delivers a highly comprehensive vulnerability database that is maintained and constantly updated by the eEye Research Team. eEye’s solution is based on an open architecture enabling customized audits, seamless integration with third party platforms and allows users to create custom, corporate-policy driven scans.

RedSeal Vulnerability Advisor software integrates this vulnerability information and analyzes it in the context of network access to determine IT risk. RedSeal Vulnerability Advisor automatically retrieves current scan and asset data from Retina, and uses it to calculate the risk created due to a vulnerability. Therefore, RedSeal provides the ability to evaluate:

  • Direct exposure of a vulnerability to trusted and untrusted networks
  • Indirect exposure of a vulnerability to untrusted networks through other vulnerable hosts
  • The potential for a vulnerability to allow an attacker to escalate an attack deeper into the company network
  • The business value of the vulnerable host and its relationship and communication to other systems
  • The severity of a vulnerability based on the Common Vulnerability Scoring System (CVSS)

As a complete integrated solution, prioritization problems can be managed in a methodical and predictable fashion (as required by regulatory compliancy laws). RedSeal Vulnerability Advisor analyzes the results of eEye’s Retina solutions in the context of the what access is possible through the network, prioritization of vulnerabilities based on network configuration and vulnerability data, and offer network mitigation options when no remediation strategy is available. These integrated technologies not only consider scanned vulnerabilities, but also how they relate to your network infrastructure, configuration of networking devices, and how they all communicate based on your network topology.

If you would like to learn more about our integration and partnership with RedSeal, please contact us.

Tags:

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,