BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Now Available: Retina Unlimited – $1,200 Unlimited IP Addresses

Posted October 8, 2013    Marc Maiffret

It has been over 15 years since we first introduced Retina, the Network Security Scanner, to the world. In those early days the vulnerability assessment space was still in its infancy with much of the focus being around scanning network based services for remotely exploitable vulnerabilities. Back then there were no compliance mandates or policies that created awareness or a must-have reason to use vulnerability assessment. Rather, those early adopters understood that while attacks and threats might evolve they would still largely rely on leveraging unpatched vulnerabilities and misconfigured software. If one thing is clear in the last 15 years it is that indeed organizations are still most commonly hacked via unpatched and misconfigured systems, as malware based threats continue to explode in a way that is clearly untenable.

Just as the threats have advanced so too has the technology for assessing systems for vulnerabilities. What 15 years ago was more of a tools based approach used by pioneering IT administrators has today become a corner stone for most enterprise security processes. The evolution of vulnerability assessment into vulnerability management has come both because of new technological and business requirements. Vulnerability management has become an important tool in meeting the compliance mandates of different industries. It has also been critical in helping organizations prioritize vulnerabilities enterprise-wide based on exploit and threat analytics.

BeyondTrust (and formerly eEye Digital Security) has been a leading pioneer in the vulnerability management space and over the last several years has built up a robust enterprise platform for meeting both compliance and risk assessment needs. Our Retina CS technology has been a leader in its class, in both reporting and analytics, that allows for an easily customizable risk assessment of an organization’s overall security posture. Part of what makes our enterprise offering so capable is our highly evolved vulnerability scanning engine; Retina Network Security Scanner.

Since its inception more than 15 years ago, Retina Network has continued to be the backbone of our vulnerability assessment capabilities. Retina Network has evolved not only as the engine feeding our enterprise Retina CS solution, but as a great standalone product for any IT toolkit. The art of scanning for vulnerabilities is sometimes taken for granted by those whom look at the world of vulnerabilities through the lens of something like Microsoft’s Patch Tuesday. In fact now more than any time previously our industry needs to be pushing the boundaries of what it means to assess an organizations vulnerabilities.

Retina Network has continued to be a pioneer in pushing the art of vulnerability assessment forward by expanding our thinking of vulnerabilities beyond something as simple as outdated software or a system misconfiguration. We have innovated to be able to do amazing things such as performing a vulnerability assessment against completely powered off virtual machines or assessing how secure a system is based not on its configuration alone but based on the system’s overall network security perimeter and common best practices such as egress filtering or filtering of direct executable downloads.

Just as our technology has evolved so too has our business. As centralized Vulnerability Management solutions, like our Retina CS platform, have continued to flourish and take center stage the dynamics of business and our market has changed. This has resulted in newer robust solutions for customers and tremendous growth for us as a company and our industry overall. Throughout all the iterations of our market, though, one fact has remained constant; a robust standalone vulnerability assessment product is a great tool to have in every IT toolkit regardless of any enterprise wide vulnerability management deployment.

It is to that end that we are extremely excited to be announcing Retina Unlimited. A new licensing model for our standalone Retina Network Security Scanner that allows for vulnerability assessment against an unlimited number of IP addresses for just $1,200. We look forward to hearing from you about the features and ideas you have as we continue to provide not only the best enterprise vulnerability management solutions in the market but also the most cost effective and robust vulnerability assessment solution for any IT toolkit. Learn more about Retina Network Security Scanner Unlimited here.

 

Signed,
Marc Maiffret

Tags:
, , , , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,