BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Work Smarter with Retina Insight Threat Analyzers

Posted May 17, 2012    Morey Haber

It keeps happening over and over again. I speak to a prospect, and they do not want yet another vulnerability report with pages and pages of assets and vulnerabilities. Every tool vulnerability assessment scanner can produce this with various degrees of customization and consolidation but a 1,000 page report for a few dozen assets doesn’t scale for the organization or the administrator trying to interpret the results. Even sorting the results based on risk, or filtering on critical assets, can produce a report that is completely unusable based on the shear volume of pages contained within. The same problem is happening in almost every enterprise client I speak to. So what is the solution? Rethinking how a solution displays, reports, and analyzes vulnerabilities and present them in a way that is meaningful and actionable.

We took that first step about 6 months ago when we first introduced HeatMaps to Retina Insight. This concept takes the most critical vulnerabilities (72 seen as CVSS High Impact below) and reorganizes them by risk. 59 of them are Remote Unprivileged and only 37 have proven exploits in common penetration testing tools. For my clients, I would recommend starting remediation on the 37 remote unprivileged, CVSS high impact, and available in an exploit framework first, and then continue working on efforts to mitigate the rest of risks from right to left.  This review has essentially trimmed nearly 50% of the vulnerabilities off the vulnerability report based on real-word priorities and the complete details for remediation are a simple drill down into the Heatmap. This then follows the traditional vulnerability report we all are familiar with.

Risk Matrix by Vulnerability

While this exercise of reclassification is rather basic, it is incredibly important. It visualizes what vulnerabilities are the most critical (despite a critical score) and where the weaknesses are to the business. It does however lack one component that is now available in the new Threat Analyzers. Which vulnerabilities out of the “59” would improve my vulnerability count, vulnerability score, and asset risk score the most if I could only apply a subset of them in a normal remediation cycle. Below is a screen shot from the Threat Analyzers available in Retina Insight.

Risk Reduction Metrics

Essentially, if I was a security engineer and recommended “n” vulnerabilities to be remediated by my team members, what improvement would I see to my overall vulnerability count and asset risk score?  This value can be changed to meet a user’s needs, capacity planning requirements, and filtered on mitigation type: Configuration, Patch, or Zero-Day. The Analyzers will automatically calculate the best recommendations and calculate the effectiveness of the remediation plan. In this example, Retina Insight is recommending 20 vulnerabilities that are a combination of Patches and Configuration changes that would improve the vulnerability count by over 18.5% and lower the average asset risk score by 9%. The Threat Analyzers allow changing criteria within the solution and even filter on: Recommendations, Vulnerability, Mitigation, Software, Score, and Asset Count to optimize the remediation plan to be the most effective use of resources and to maximize security posture.

These tools are no longer just about finding a vulnerability and running a report; they are about working smarter and ultimately making us more effective at our jobs. Prioritizing our efforts, understanding which vulnerability needs attention first, and creating a plan to create a secure computing environment is how we solve these problems. The days of sole vulnerability reports are a legacy technology and we would like to introduce you to Retina. A better way to manage threats and vulnerabilities. For more information, click here.

Tags:
, , , , , ,

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,