Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Mid-Market Security and Risk Management

Posted August 30, 2011    Morey Haber

I find it utterly amazing that security vendors believe that one size of product and solution can fit in any size organization. Some have had even major summer releases that address scalability and performance in this one-product- fits-all approach. Point and shoot scanners as standalone products can operate in any size environment, but without a dedicated management console, historical reporting, and data warehouse, the solutions fall flat on their faces for mid-size and enterprise clients. Clients in the mid market need a dynamic solution that can scale down to the desktop for ad-hoc assessment and also scale up to meet any regulatory vulnerability management requirements that may be knocking at the door, just like an enterprise client. In addition, for companies of any size, cost is a major factor. Having a single solution that can solve multiple business problems from vulnerability assessment to patch management and endpoint platform protection not only produces a higher return on investment, but also correlates critical security data from attacks, malware, vulnerabilities, and security logs. Outside of using a SIM solution, vulnerability assessment data and attack / malware data generally operate in independent silos and do not have any correlation natively to indicate the true state of an asset.

This approach uses a full n-tier architecture and is illustrated below:


Tier 1: Is a comprehensive unified vulnerability management data warehouse called Retina Insight. It allows reporting over long periods of time for virtually any data collected by the Retina solution. Reports can be generated ad-hoc, scheduled, emailed, posted to a portal and even manually designed to meet virtually any business requirement.

Tier 2: Retina CS is a next generation unified vulnerability management console design to meet the business requirements of virtually any unified vulnerability management needs. With complete command and control of distributed scan agents, the ability to manage patches, endpoint protection agents, role-based access, and dynamic reporting, Retina CS exceeds in meeting the challenges clients need for centralized vulnerability management. In addition, Retina CS can replicate events to other tier 2 Retina CS servers to create a multi-tier architecture that scales to hundreds of thousands of assets.

Tier 3: Retina is a vulnerability assessment scanner that is available as a network scanner or local agent. Blink is an Endpoint Protection Platform (EPP) that performs everything from anti-virus to a localized copy of Retina for agent- based assessment. These solutions can be run standalone or connected to Retina CS for complete policy, assessment, and reporting.

For a mid-size company, this flexibility provides the foundation for a solid vulnerability management implementation. Unfortunately, this is still not enough. Knowing what assets are at risk is critical for any size organization, but even more so for mid-sized markets as the separation of duties between security personal and system administrators may not be fully defined or mature within an organization. Retina CS (tier 2) provides advanced asset risk scoring capabilities above and beyond the correlation of data that is unique to Retina. This information goes beyond what CVSS is considering for version 3.0+ and is already generally available.

Consider the following: Retina CS contains a next-generation methodology for expressing the risk of an asset in Retina CS. The solution takes into consideration multiple security vectors and calculates a single risk score for an asset (in addition to all the other scores for vulnerabilities and attacks at a lower level). In addition, this Risk can be expressed in terms of a logical Smart Group within the solution such that the overall assessment of a business unit, geography, or custom container can be compared to other entities within your environment. The overall expression of Risk is calculated based on four high-level vectors (Vulnerability, Attacks, Exposure, or Threat) and is defined within the solutions as:

  • Vulnerability – The quantity and severity of vulnerability audits identified by Retina or Blink.
  • Attacks – A direct measure of actual attacks identified by Blink and their severity including malware from other agents installed on the endpoint.
  • Exposure – A measure of how open a system is to an attack. This is based on how open a system is based on the number of open ports, shares, services, and users a host contains and the lack of protection such as a firewall or anti-virus solution.
  • Threat – A measure of potential danger to an asset based on user-defined criteria and/or system role.

The technical presentation of these vectors translates into operational measurements for the business. These values can be related to:

  • Vulnerability – The lack of proper patch maintenance on a host and compliance issues to current corporate security policy and best practices.
  • Attacks – How are assets in the corporate environment being exposed to threats and what type of threats challenge the asset’s integrity to perform business functions and protect data.
  • Exposure – Are the assets within the environment properly protected from inappropriate behavior. This includes any protection and verification that illegal or unnecessary solutions have been installed.
  • Threat – A measure of potential danger to an asset from sources that may regard the asset as a worthy target.

Based on the technical translation to business terms, mid-size organizations can have a direct method for understanding the asset’s security posture from raw technical data to business impact. This allows teams to identify systems that pose the biggest risk, prioritize remediation efforts, and summarize findings to executives and other teams in terms that justify business actions.

Mid-size businesses need more than just a point and shoot vulnerability assessment solution. They need a solution that can scale and grow to meet their needs and provide meaningful output for executives and technicians. Providing reporting from a data warehouse to risk scoring for engineers provides an approach mid-size business can embrace to solve their vulnerability management needs.

For more information on Retina, please click here.  eEye is paving the way for next-generation vulnerability management.

Leave a Reply

Additional articles


The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

, , ,

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

, , , ,