BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Mid-Market Security and Risk Management

Post by Morey Haber August 30, 2011

I find it utterly amazing that security vendors believe that one size of product and solution can fit in any size organization. Some have had even major summer releases that address scalability and performance in this one-product- fits-all approach. Point and shoot scanners as standalone products can operate in any size environment, but without a dedicated management console, historical reporting, and data warehouse, the solutions fall flat on their faces for mid-size and enterprise clients. Clients in the mid market need a dynamic solution that can scale down to the desktop for ad-hoc assessment and also scale up to meet any regulatory vulnerability management requirements that may be knocking at the door, just like an enterprise client. In addition, for companies of any size, cost is a major factor. Having a single solution that can solve multiple business problems from vulnerability assessment to patch management and endpoint platform protection not only produces a higher return on investment, but also correlates critical security data from attacks, malware, vulnerabilities, and security logs. Outside of using a SIM solution, vulnerability assessment data and attack / malware data generally operate in independent silos and do not have any correlation natively to indicate the true state of an asset.

This approach uses a full n-tier architecture and is illustrated below:

 

Tier 1: Is a comprehensive unified vulnerability management data warehouse called Retina Insight. It allows reporting over long periods of time for virtually any data collected by the Retina solution. Reports can be generated ad-hoc, scheduled, emailed, posted to a portal and even manually designed to meet virtually any business requirement.

Tier 2: Retina CS is a next generation unified vulnerability management console design to meet the business requirements of virtually any unified vulnerability management needs. With complete command and control of distributed scan agents, the ability to manage patches, endpoint protection agents, role-based access, and dynamic reporting, Retina CS exceeds in meeting the challenges clients need for centralized vulnerability management. In addition, Retina CS can replicate events to other tier 2 Retina CS servers to create a multi-tier architecture that scales to hundreds of thousands of assets.

Tier 3: Retina is a vulnerability assessment scanner that is available as a network scanner or local agent. Blink is an Endpoint Protection Platform (EPP) that performs everything from anti-virus to a localized copy of Retina for agent- based assessment. These solutions can be run standalone or connected to Retina CS for complete policy, assessment, and reporting.

For a mid-size company, this flexibility provides the foundation for a solid vulnerability management implementation. Unfortunately, this is still not enough. Knowing what assets are at risk is critical for any size organization, but even more so for mid-sized markets as the separation of duties between security personal and system administrators may not be fully defined or mature within an organization. Retina CS (tier 2) provides advanced asset risk scoring capabilities above and beyond the correlation of data that is unique to Retina. This information goes beyond what CVSS is considering for version 3.0+ and is already generally available.

Consider the following: Retina CS contains a next-generation methodology for expressing the risk of an asset in Retina CS. The solution takes into consideration multiple security vectors and calculates a single risk score for an asset (in addition to all the other scores for vulnerabilities and attacks at a lower level). In addition, this Risk can be expressed in terms of a logical Smart Group within the solution such that the overall assessment of a business unit, geography, or custom container can be compared to other entities within your environment. The overall expression of Risk is calculated based on four high-level vectors (Vulnerability, Attacks, Exposure, or Threat) and is defined within the solutions as:

  • Vulnerability – The quantity and severity of vulnerability audits identified by Retina or Blink.
  • Attacks – A direct measure of actual attacks identified by Blink and their severity including malware from other agents installed on the endpoint.
  • Exposure – A measure of how open a system is to an attack. This is based on how open a system is based on the number of open ports, shares, services, and users a host contains and the lack of protection such as a firewall or anti-virus solution.
  • Threat – A measure of potential danger to an asset based on user-defined criteria and/or system role.

The technical presentation of these vectors translates into operational measurements for the business. These values can be related to:

  • Vulnerability – The lack of proper patch maintenance on a host and compliance issues to current corporate security policy and best practices.
  • Attacks – How are assets in the corporate environment being exposed to threats and what type of threats challenge the asset’s integrity to perform business functions and protect data.
  • Exposure – Are the assets within the environment properly protected from inappropriate behavior. This includes any protection and verification that illegal or unnecessary solutions have been installed.
  • Threat – A measure of potential danger to an asset from sources that may regard the asset as a worthy target.

Based on the technical translation to business terms, mid-size organizations can have a direct method for understanding the asset’s security posture from raw technical data to business impact. This allows teams to identify systems that pose the biggest risk, prioritize remediation efforts, and summarize findings to executives and other teams in terms that justify business actions.

Mid-size businesses need more than just a point and shoot vulnerability assessment solution. They need a solution that can scale and grow to meet their needs and provide meaningful output for executives and technicians. Providing reporting from a data warehouse to risk scoring for engineers provides an approach mid-size business can embrace to solve their vulnerability management needs.

For more information on Retina, please click here.  eEye is paving the way for next-generation vulnerability management.

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,