Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina CS 4.5 – Calendars and Vulnerability Smart Rules

Posted May 21, 2013    Morey Haber

One of the many challenges facing Product Management today is addressing client feature requests. Often times, the request for a specific business problem does not translate to other customers or markets. Other times, the request is so complicated to explain, it takes multiple discussions to figure out the root problem and to figure out if the technology can be adapted to even solve the problem. Once in a while, these two challenges overlap with multiple clients and you can state, “ I can do that!” For the release of Retina CS 4.5, this overlap felt like hitting the lottery and we were able to address a few complex issues that target multiple lines of business.

I would like to share a few with you that will be released very soon.

Audit Groups

First, is the relatively simple concept of audit groups (some of you may refer to them as plug-ins). These are static groups that are manually built by the end user or are automatically updated using a service to include new audits or depreciate obsolete checks. Most clients use groups like “All Audits” to perform their scans or targeted groups based on Report Templates. The problem my clients have been trying to solve is how to automatically build these groups based on business logic. This concept is a challenge for every vulnerability assessment tool on the market; not just for Retina, and no one has found a good solution to recover the wasted time required to do this.  For example, if the Desktop Team wants to target Adobe and Java vulnerabilities every month, they need to create a new audit group (manually in every tool on the market today) that contains just these checks. Next month, they need to update the group with a new set of queries to include any changes and re-save the audit group. Basically, they run a search, select the changes and save out the difference. If they don’t, they will not be including any new updates and may not remove any depreciated checks. This type of targeting extends into every facet of a business. Users that want to check for Zero-Day, Denial of Service, or even CVE vulnerabilities by year would need to manually build and rebuild the group to include changes. Retina CS 4.5 has addressed this problem with Vulnerability Smart Rules.

Vulnerability Smart Rules

Vulnerability Smart Rules allow users to build groups based on any criteria found in a vulnerability audit. This logic can then be used to dynamically build asset groups, asset filters, and even dynamic audit groups and keep them up to date with no user intervention – at all. For example, if I wanted to build an Audit Group that dynamically updated to include only critical vulnerabilities for a specific vendor, it can. The engine will automatically process any audit updates to the database and rebuild the audit group when needed to include only these checks. These can be used for scheduled scans (with no user intervention) or to filter existing data on the fly for viewing and reports. Below is an example of this new powerful dynamic audit group capability:


Consider the possibilities and complexity that can now be automated to look for specific application checks or even database vulnerabilities without manually tweaking your targeting parameters for every scan.


The second feature sounds silly to be discussing but natural to everyone that uses and lives within a calendar for daily conference calls, meetings, and tasks. Traditional vulnerability assessment solutions list scheduled scan jobs and reports in a grid. This is basic job scheduling that includes a sort-able list of what the job name is, when it is scheduled, and other criteria. The problem arises in the enterprise when they have to figure out what to do with hundreds of scan engines, dozens of reports, and a list that covers multiple pages. It is a burden to work with standard filter controls and search dialogue boxes. Furthermore, color coded icons make it difficult to see what runs when and overall their status. To handle more complex jobs clients have been requesting additional metrics and tabs. It took a moment of clarity to reinvent this process the way we do business today and what we came up with is a calendar for scheduling. In Retina CS 4.5, BeyondTrust proudly introduces a brand new calendar view for scheduled scan jobs and reports. This context shows a month at a time, all the jobs scheduled and all the reports completed for each assessment.  This is a simple and effective method to handle an age old problem, how to manage your tasks day by day.

Below is an example of this new perspective:


As a Product Manager, translating a client’s needs to technology requires some creativity, talented programmers, and a little luck. Figuring out common problems, sorting through endless feature enhancement requests, and getting lucky with a solution that solves multiple problems just makes the technology better for everyone. Retina CS 4.5 has dozens of new features like these that help put context around your users and assets, and measures their risk to the organization. Stayed tuned, there is more to come on Retina CS 4.5.

, , , ,

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

, , , , ,

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

, ,

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…