BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reporting Snapshots and Saved Views

Posted June 7, 2011    Morey Haber

I would like to tell you about a new feature recently added to Retina Insight. It may sound so simple but it solves a huge problem for businesses that like to perform ad-hoc reports.  If your one of those companies that likes to run reports ad-hoc, when you want, and review it compared to older reports saved electronically the same way, read on.

So here is the problem. Often users run ad-hoc reports on a data set that is constantly changing due to new events and identified vulnerabilities. When they run the report one day, the output may have a given number of vulnerabilities and running it the next day, a new and different tally. Users can traditionally fix this by specifically choosing the scan job to generate the report and save the results. This does not however allow reports to be generated with relative dates (last 30 days for PCI) since this is a moving relative date range. Reports will inherently change day after day as they are executed and ad-hoc reports become relative to the date they where executed. So how do you run a report with a relative period and save them in context with only the data available for that date? This is where the new feature comes in – Saved Views and Save Snapshots. First, let me define each of them:

Saved Views – When setting up a report, a user can selected various criteria including the chart type, relative date range, and devices in scope (Smart Groups) to include in the report. Once they have made all the selections, just the way they like them, a Save button is available to store the reporting filters exactly the way they like them for future reports. This is a Saved View.

Saved Snapshots – After a report is generated, a Saved Snapshot stores the data permanently “as is” into the database. The report is now electronically stored in its original format (not downloaded as a PDF) for retrieval and interaction using data specifically generated from the relative dates and scans selected with full drill down capabilities. Essentially, it is a snapshot of the report stored in the database from the date and time it was run and never changes based on any new or purged data for its rendering.

So why is this so important for ad-hoc report users?  First, when generating a report, you can setup it up to run every time the way you like it. Second, once you generate it, the report can be can stored electronically in its native format for future viewing or even exporting later into a different format. After you store several Saved Snapshots, you will a have running library to reference old reports and a guide to where you have been, and where you are potentially going. Having them all stored online, or even published to MS SharePoint using the “Subscribe” button provides the historical transparency  you need to meet many regulatory initiatives and best practices for data security. It answers that question, “didn’t we see that before?” or even “do you have that old report?”

For more information on Retina Insight, please click here. This new feature can save you endless hours thumbing through old reports (PDFs) and track historical data from the date it was generated. Any clients that need to be able to provide historical reporting on the fly, especially from ad-hoc reports, will benefit from these new features.

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,