BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Mid-Market Security and Risk Management

Posted August 30, 2011    Morey Haber

I find it utterly amazing that security vendors believe that one size of product and solution can fit in any size organization. Some have had even major summer releases that address scalability and performance in this one-product- fits-all approach. Point and shoot scanners as standalone products can operate in any size environment, but without a dedicated management console, historical reporting, and data warehouse, the solutions fall flat on their faces for mid-size and enterprise clients. Clients in the mid market need a dynamic solution that can scale down to the desktop for ad-hoc assessment and also scale up to meet any regulatory vulnerability management requirements that may be knocking at the door, just like an enterprise client. In addition, for companies of any size, cost is a major factor. Having a single solution that can solve multiple business problems from vulnerability assessment to patch management and endpoint platform protection not only produces a higher return on investment, but also correlates critical security data from attacks, malware, vulnerabilities, and security logs. Outside of using a SIM solution, vulnerability assessment data and attack / malware data generally operate in independent silos and do not have any correlation natively to indicate the true state of an asset.

This approach uses a full n-tier architecture and is illustrated below:

 

Tier 1: Is a comprehensive unified vulnerability management data warehouse called Retina Insight. It allows reporting over long periods of time for virtually any data collected by the Retina solution. Reports can be generated ad-hoc, scheduled, emailed, posted to a portal and even manually designed to meet virtually any business requirement.

Tier 2: Retina CS is a next generation unified vulnerability management console design to meet the business requirements of virtually any unified vulnerability management needs. With complete command and control of distributed scan agents, the ability to manage patches, endpoint protection agents, role-based access, and dynamic reporting, Retina CS exceeds in meeting the challenges clients need for centralized vulnerability management. In addition, Retina CS can replicate events to other tier 2 Retina CS servers to create a multi-tier architecture that scales to hundreds of thousands of assets.

Tier 3: Retina is a vulnerability assessment scanner that is available as a network scanner or local agent. Blink is an Endpoint Protection Platform (EPP) that performs everything from anti-virus to a localized copy of Retina for agent- based assessment. These solutions can be run standalone or connected to Retina CS for complete policy, assessment, and reporting.

For a mid-size company, this flexibility provides the foundation for a solid vulnerability management implementation. Unfortunately, this is still not enough. Knowing what assets are at risk is critical for any size organization, but even more so for mid-sized markets as the separation of duties between security personal and system administrators may not be fully defined or mature within an organization. Retina CS (tier 2) provides advanced asset risk scoring capabilities above and beyond the correlation of data that is unique to Retina. This information goes beyond what CVSS is considering for version 3.0+ and is already generally available.

Consider the following: Retina CS contains a next-generation methodology for expressing the risk of an asset in Retina CS. The solution takes into consideration multiple security vectors and calculates a single risk score for an asset (in addition to all the other scores for vulnerabilities and attacks at a lower level). In addition, this Risk can be expressed in terms of a logical Smart Group within the solution such that the overall assessment of a business unit, geography, or custom container can be compared to other entities within your environment. The overall expression of Risk is calculated based on four high-level vectors (Vulnerability, Attacks, Exposure, or Threat) and is defined within the solutions as:

  • Vulnerability – The quantity and severity of vulnerability audits identified by Retina or Blink.
  • Attacks – A direct measure of actual attacks identified by Blink and their severity including malware from other agents installed on the endpoint.
  • Exposure – A measure of how open a system is to an attack. This is based on how open a system is based on the number of open ports, shares, services, and users a host contains and the lack of protection such as a firewall or anti-virus solution.
  • Threat – A measure of potential danger to an asset based on user-defined criteria and/or system role.

The technical presentation of these vectors translates into operational measurements for the business. These values can be related to:

  • Vulnerability – The lack of proper patch maintenance on a host and compliance issues to current corporate security policy and best practices.
  • Attacks – How are assets in the corporate environment being exposed to threats and what type of threats challenge the asset’s integrity to perform business functions and protect data.
  • Exposure – Are the assets within the environment properly protected from inappropriate behavior. This includes any protection and verification that illegal or unnecessary solutions have been installed.
  • Threat – A measure of potential danger to an asset from sources that may regard the asset as a worthy target.

Based on the technical translation to business terms, mid-size organizations can have a direct method for understanding the asset’s security posture from raw technical data to business impact. This allows teams to identify systems that pose the biggest risk, prioritize remediation efforts, and summarize findings to executives and other teams in terms that justify business actions.

Mid-size businesses need more than just a point and shoot vulnerability assessment solution. They need a solution that can scale and grow to meet their needs and provide meaningful output for executives and technicians. Providing reporting from a data warehouse to risk scoring for engineers provides an approach mid-size business can embrace to solve their vulnerability management needs.

For more information on Retina, please click here.  eEye is paving the way for next-generation vulnerability management.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,