BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina CS 4.5 – Calendars and Vulnerability Smart Rules

Posted May 21, 2013    Morey Haber

One of the many challenges facing Product Management today is addressing client feature requests. Often times, the request for a specific business problem does not translate to other customers or markets. Other times, the request is so complicated to explain, it takes multiple discussions to figure out the root problem and to figure out if the technology can be adapted to even solve the problem. Once in a while, these two challenges overlap with multiple clients and you can state, “ I can do that!” For the release of Retina CS 4.5, this overlap felt like hitting the lottery and we were able to address a few complex issues that target multiple lines of business.

I would like to share a few with you that will be released very soon.

Audit Groups

First, is the relatively simple concept of audit groups (some of you may refer to them as plug-ins). These are static groups that are manually built by the end user or are automatically updated using a service to include new audits or depreciate obsolete checks. Most clients use groups like “All Audits” to perform their scans or targeted groups based on Report Templates. The problem my clients have been trying to solve is how to automatically build these groups based on business logic. This concept is a challenge for every vulnerability assessment tool on the market; not just for Retina, and no one has found a good solution to recover the wasted time required to do this.  For example, if the Desktop Team wants to target Adobe and Java vulnerabilities every month, they need to create a new audit group (manually in every tool on the market today) that contains just these checks. Next month, they need to update the group with a new set of queries to include any changes and re-save the audit group. Basically, they run a search, select the changes and save out the difference. If they don’t, they will not be including any new updates and may not remove any depreciated checks. This type of targeting extends into every facet of a business. Users that want to check for Zero-Day, Denial of Service, or even CVE vulnerabilities by year would need to manually build and rebuild the group to include changes. Retina CS 4.5 has addressed this problem with Vulnerability Smart Rules.

Vulnerability Smart Rules

Vulnerability Smart Rules allow users to build groups based on any criteria found in a vulnerability audit. This logic can then be used to dynamically build asset groups, asset filters, and even dynamic audit groups and keep them up to date with no user intervention – at all. For example, if I wanted to build an Audit Group that dynamically updated to include only critical vulnerabilities for a specific vendor, it can. The engine will automatically process any audit updates to the database and rebuild the audit group when needed to include only these checks. These can be used for scheduled scans (with no user intervention) or to filter existing data on the fly for viewing and reports. Below is an example of this new powerful dynamic audit group capability:

smart-rules

Consider the possibilities and complexity that can now be automated to look for specific application checks or even database vulnerabilities without manually tweaking your targeting parameters for every scan.

Calendars

The second feature sounds silly to be discussing but natural to everyone that uses and lives within a calendar for daily conference calls, meetings, and tasks. Traditional vulnerability assessment solutions list scheduled scan jobs and reports in a grid. This is basic job scheduling that includes a sort-able list of what the job name is, when it is scheduled, and other criteria. The problem arises in the enterprise when they have to figure out what to do with hundreds of scan engines, dozens of reports, and a list that covers multiple pages. It is a burden to work with standard filter controls and search dialogue boxes. Furthermore, color coded icons make it difficult to see what runs when and overall their status. To handle more complex jobs clients have been requesting additional metrics and tabs. It took a moment of clarity to reinvent this process the way we do business today and what we came up with is a calendar for scheduling. In Retina CS 4.5, BeyondTrust proudly introduces a brand new calendar view for scheduled scan jobs and reports. This context shows a month at a time, all the jobs scheduled and all the reports completed for each assessment.  This is a simple and effective method to handle an age old problem, how to manage your tasks day by day.

Below is an example of this new perspective:

retina-cs-calendar

As a Product Manager, translating a client’s needs to technology requires some creativity, talented programmers, and a little luck. Figuring out common problems, sorting through endless feature enhancement requests, and getting lucky with a solution that solves multiple problems just makes the technology better for everyone. Retina CS 4.5 has dozens of new features like these that help put context around your users and assets, and measures their risk to the organization. Stayed tuned, there is more to come on Retina CS 4.5.

Tags:
, , , ,

Additional articles

Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , ,
Monetary Authority of Singapore

Why MAS Compliance is Still a Real MUST

Posted November 12, 2014    Morey Haber

As reported in our blog earlier this year MAS guidelines are set to change the way financial institutions conduct business in Singapore. Now, nearly four months past the compliance date of July 2014, we are revisiting the guidelines that surround the regulations. Non-compliance was said to result in the following implications for financial institutions: Financial…

Tags:
, , , , ,