BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Plugging Into Your Remediation Process

Posted June 21, 2011    Morey Haber

My team and I have spoken with a number of analysts and have confirmed that the plethora of vulnerability assessment solutions on the market share a common trait and a common flaw, the shear volume of reports that can be created based on a vulnerability assessment. Every scan can lead to a myriad of hosts and vulnerabilities that need remediation and pages upon pages of work for another team to execute upon. This is where Unified Vulnerability Management plugs into a remediation process. In some organizations, this process is a paper based report (or PDF) forwarded to the server or desktop administration team to apply security patches or a process of opening help desk tickets to various team members to perform remediation. Both of which is very labor intensive. Some organizations have embarked on patch management integration to streamline the process and others believe in a separate and distinct separation of duties.

The process regardless of the internal procedures to pass data generally looks like this:

An assessment finds the vulnerability, something or someone mitigates the security risk, the risk is verified remediated, and final reports trend the progress over time. The labor intensive process occurs between the first two steps as volumes of reports are produced and an administrator must decipher them to apply the appropriate patch and ultimately deploy it using tools or even “sneaknet” for all affected systems.

This is where eEye can help. eEye’s Unified Vulnerability Management approach considers the vulnerability assessment and patch mitigation as in an integrated step in the process. Users can go from vulnerability identification to patch deployment in one easy step with complete role based access and without the need for lengthy reports and manual procedures.  In fact, this integrated process also includes protection against threats even if the patch is not deployed. Below is a screenshot directly from the Retina CS management console that highlights this functionality:

Essentially, eEye has plugged the remediation process directly into vulnerability assessment. This removes the burden that analysts and users agree upon. How to shorten the time from vulnerability identification, report generation, and patch mitigation to nearly day zero with out the need for tons of reports and manual intervention. Environments with strict segregation of responsibilities can also benefit from this approach due to the unique role based capabilities built into the solution.

For more information on how eEye can help integrate your remediation process directly into vulnerability assessment, please click here.

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,