BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Work Smarter with Retina Insight Threat Analyzers

Posted May 17, 2012    Morey Haber

It keeps happening over and over again. I speak to a prospect, and they do not want yet another vulnerability report with pages and pages of assets and vulnerabilities. Every tool vulnerability assessment scanner can produce this with various degrees of customization and consolidation but a 1,000 page report for a few dozen assets doesn’t scale for the organization or the administrator trying to interpret the results. Even sorting the results based on risk, or filtering on critical assets, can produce a report that is completely unusable based on the shear volume of pages contained within. The same problem is happening in almost every enterprise client I speak to. So what is the solution? Rethinking how a solution displays, reports, and analyzes vulnerabilities and present them in a way that is meaningful and actionable.

We took that first step about 6 months ago when we first introduced HeatMaps to Retina Insight. This concept takes the most critical vulnerabilities (72 seen as CVSS High Impact below) and reorganizes them by risk. 59 of them are Remote Unprivileged and only 37 have proven exploits in common penetration testing tools. For my clients, I would recommend starting remediation on the 37 remote unprivileged, CVSS high impact, and available in an exploit framework first, and then continue working on efforts to mitigate the rest of risks from right to left.  This review has essentially trimmed nearly 50% of the vulnerabilities off the vulnerability report based on real-word priorities and the complete details for remediation are a simple drill down into the Heatmap. This then follows the traditional vulnerability report we all are familiar with.

Risk Matrix by Vulnerability

While this exercise of reclassification is rather basic, it is incredibly important. It visualizes what vulnerabilities are the most critical (despite a critical score) and where the weaknesses are to the business. It does however lack one component that is now available in the new Threat Analyzers. Which vulnerabilities out of the “59” would improve my vulnerability count, vulnerability score, and asset risk score the most if I could only apply a subset of them in a normal remediation cycle. Below is a screen shot from the Threat Analyzers available in Retina Insight.

Risk Reduction Metrics

Essentially, if I was a security engineer and recommended “n” vulnerabilities to be remediated by my team members, what improvement would I see to my overall vulnerability count and asset risk score?  This value can be changed to meet a user’s needs, capacity planning requirements, and filtered on mitigation type: Configuration, Patch, or Zero-Day. The Analyzers will automatically calculate the best recommendations and calculate the effectiveness of the remediation plan. In this example, Retina Insight is recommending 20 vulnerabilities that are a combination of Patches and Configuration changes that would improve the vulnerability count by over 18.5% and lower the average asset risk score by 9%. The Threat Analyzers allow changing criteria within the solution and even filter on: Recommendations, Vulnerability, Mitigation, Software, Score, and Asset Count to optimize the remediation plan to be the most effective use of resources and to maximize security posture.

These tools are no longer just about finding a vulnerability and running a report; they are about working smarter and ultimately making us more effective at our jobs. Prioritizing our efforts, understanding which vulnerability needs attention first, and creating a plan to create a secure computing environment is how we solve these problems. The days of sole vulnerability reports are a legacy technology and we would like to introduce you to Retina. A better way to manage threats and vulnerabilities. For more information, click here.

Tags:
, , , , , ,

Additional articles

dave-shackleford-headshot

Your New Years Resolution: Controlling Privileged Users

Posted January 27, 2015    Dave Shackleford

Is 2015 the year you get a better handle on security? The news last year was grim – so much so, in fact, that many in the information security community despaired a bit. Really, the end-of-the-year infosec cocktail parties were a bit glum. OK, let’s be honest, infosec cocktail parties are usually not that wild…

Tags:
, , ,
flash-logo

Adobe Patches Zero-Day Flaw Being Exploited in the Wild

Posted January 22, 2015    BeyondTrust Research Team

Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled”…

Tags:
, , , , ,

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 2 of 2)

Posted January 22, 2015    Scott Lang

In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report…

Tags:
, , , ,