BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Plugging Into Your Remediation Process

Posted June 21, 2011    Morey Haber

My team and I have spoken with a number of analysts and have confirmed that the plethora of vulnerability assessment solutions on the market share a common trait and a common flaw, the shear volume of reports that can be created based on a vulnerability assessment. Every scan can lead to a myriad of hosts and vulnerabilities that need remediation and pages upon pages of work for another team to execute upon. This is where Unified Vulnerability Management plugs into a remediation process. In some organizations, this process is a paper based report (or PDF) forwarded to the server or desktop administration team to apply security patches or a process of opening help desk tickets to various team members to perform remediation. Both of which is very labor intensive. Some organizations have embarked on patch management integration to streamline the process and others believe in a separate and distinct separation of duties.

The process regardless of the internal procedures to pass data generally looks like this:

An assessment finds the vulnerability, something or someone mitigates the security risk, the risk is verified remediated, and final reports trend the progress over time. The labor intensive process occurs between the first two steps as volumes of reports are produced and an administrator must decipher them to apply the appropriate patch and ultimately deploy it using tools or even “sneaknet” for all affected systems.

This is where eEye can help. eEye’s Unified Vulnerability Management approach considers the vulnerability assessment and patch mitigation as in an integrated step in the process. Users can go from vulnerability identification to patch deployment in one easy step with complete role based access and without the need for lengthy reports and manual procedures.  In fact, this integrated process also includes protection against threats even if the patch is not deployed. Below is a screenshot directly from the Retina CS management console that highlights this functionality:

Essentially, eEye has plugged the remediation process directly into vulnerability assessment. This removes the burden that analysts and users agree upon. How to shorten the time from vulnerability identification, report generation, and patch mitigation to nearly day zero with out the need for tons of reports and manual intervention. Environments with strict segregation of responsibilities can also benefit from this approach due to the unique role based capabilities built into the solution.

For more information on how eEye can help integrate your remediation process directly into vulnerability assessment, please click here.

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,