BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Work Smarter with Retina Insight Threat Analyzers

Post by Morey Haber May 17, 2012

It keeps happening over and over again. I speak to a prospect, and they do not want yet another vulnerability report with pages and pages of assets and vulnerabilities. Every tool vulnerability assessment scanner can produce this with various degrees of customization and consolidation but a 1,000 page report for a few dozen assets doesn’t scale for the organization or the administrator trying to interpret the results. Even sorting the results based on risk, or filtering on critical assets, can produce a report that is completely unusable based on the shear volume of pages contained within. The same problem is happening in almost every enterprise client I speak to. So what is the solution? Rethinking how a solution displays, reports, and analyzes vulnerabilities and present them in a way that is meaningful and actionable.

We took that first step about 6 months ago when we first introduced HeatMaps to Retina Insight. This concept takes the most critical vulnerabilities (72 seen as CVSS High Impact below) and reorganizes them by risk. 59 of them are Remote Unprivileged and only 37 have proven exploits in common penetration testing tools. For my clients, I would recommend starting remediation on the 37 remote unprivileged, CVSS high impact, and available in an exploit framework first, and then continue working on efforts to mitigate the rest of risks from right to left.  This review has essentially trimmed nearly 50% of the vulnerabilities off the vulnerability report based on real-word priorities and the complete details for remediation are a simple drill down into the Heatmap. This then follows the traditional vulnerability report we all are familiar with.

Risk Matrix by Vulnerability

While this exercise of reclassification is rather basic, it is incredibly important. It visualizes what vulnerabilities are the most critical (despite a critical score) and where the weaknesses are to the business. It does however lack one component that is now available in the new Threat Analyzers. Which vulnerabilities out of the “59″ would improve my vulnerability count, vulnerability score, and asset risk score the most if I could only apply a subset of them in a normal remediation cycle. Below is a screen shot from the Threat Analyzers available in Retina Insight.

Risk Reduction Metrics

Essentially, if I was a security engineer and recommended “n” vulnerabilities to be remediated by my team members, what improvement would I see to my overall vulnerability count and asset risk score?  This value can be changed to meet a user’s needs, capacity planning requirements, and filtered on mitigation type: Configuration, Patch, or Zero-Day. The Analyzers will automatically calculate the best recommendations and calculate the effectiveness of the remediation plan. In this example, Retina Insight is recommending 20 vulnerabilities that are a combination of Patches and Configuration changes that would improve the vulnerability count by over 18.5% and lower the average asset risk score by 9%. The Threat Analyzers allow changing criteria within the solution and even filter on: Recommendations, Vulnerability, Mitigation, Software, Score, and Asset Count to optimize the remediation plan to be the most effective use of resources and to maximize security posture.

These tools are no longer just about finding a vulnerability and running a report; they are about working smarter and ultimately making us more effective at our jobs. Prioritizing our efforts, understanding which vulnerability needs attention first, and creating a plan to create a secure computing environment is how we solve these problems. The days of sole vulnerability reports are a legacy technology and we would like to introduce you to Retina. A better way to manage threats and vulnerabilities. For more information, click here.

Tags:
, , , , , ,

Additional articles

BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,

Heartbleed – When OpenSSL Breaks Your Heart

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Post by BeyondTrust Research Team April 8, 2014
Tags:
, , ,