BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Now Offers Custom Audits for Android Devices

Posted May 16, 2012    Morey Haber

When a marketing buzz word sticks like BYOD (Bring Your Own Device), it is inevitable to see it everywhere in an effort to capitalize on the momentum; blogs, literature, SEO, social media, etc. In the past, we have seen great terms like “ecosystem”, “framework”, and my personal favorite “distributed computing”, rise and fall in marketing. Fortunately, some of these buzz words are more realistic than others and really do pose a challenge to many companies. It is not just about the latest and greatest technology or security threat, but what really matters to the business.

BYOD is one of those terms that really does matter and is a real problem. eEye, like many organizations, does support BYOD. We have a wide mix of devices from Android to Apple to WebOS (PalmOS) connected with various parts of our infrastructure with a myriad of security tools, firewalls, and access control lists filtering content and visibility. This is no surprise and for corporations supporting  BYOD, I would expect the same; or at least hope so. As businesses struggle to reduce costs, BYOD, provides an upfront cost savings by allowing employees to bring their own devices to work in lieu of potential capital expenses to acquire them. One of the hidden costs is how to maintain proper security for these devices and fundamentally what risks they present for vulnerability assessment and even custom auditing on top of costs for securing connectivity. Retina has taken the traditional approach of vulnerability assessment for Android devices to a new level to solve this problem. With the release of Retina CS 3.1 and Retina Community 3.1, eEye is offering for free a vulnerability assessment agent for Android devices from the Google Play Store (formerly Google Market Place). Download from Google Play Now. As users begin to connect these devices to the corporate infrastructure, primarily through email, they can assess if their device has inherent vulnerabilities that could cause unnecessary risk to the business via vulnerable applications like Google Wallet or Adobe Flash. When used as a standalone agent, all of the findings and remediation steps are presented directly on the device, and when connected to Retina CS, all of the results are correlated in the management console, just like any other asset, for complete zero-gap vulnerability management coverage. The solution however, does not just stop at assessments for Android devices, it allows for custom configuration and auditing to meet the needs of your business policies. Retina complements MDM solutions with additional flexibility for vulnerability and configuration policies. Consider that your policy for BYOD states that USB debugging should be off or that if you connect your device to the infrastructure, certain applications must be installed (for additional security like anti-virus) or are explicitly denied from being installed (like a faux version Angry Birds that contains malware). Retina CS (and CS Community) allow for you to perform this inventory. An MDM solution may be setup to enforce these but Retina Android Agents allow you to verify these settings on the actual device and create custom ones beyond the scope of your MDM solution. Mobile devices (smartphones and tablets) represent an entirely new way to do business. Everything from accepting credit cards (which fall under PCI DSS compliance regulations and making vulnerability assessment a must have on these devices) to allowing users to connect and bring their latest gadgets to work pose a new security challenge for IT and security departments. Emphasizing  security restrictions on connectivity is not enough. Assessing these devices, that are outside of the corporate firewalls and IDS/IPS systems, is a must. Whether you rely on just an MDM vendor for your security, have mandated anti-virus on these devices, or have sat down and seriously considered the risks these devices represent, do not forget that they are vulnerable just like other desktops and servers within your environment. The marketing buzz may be about BYOD but remember the real buzz is within your organization and you must consider how you will manage mobile devices. They are the proverbial “hand-held keys” to the internal workings of your business; from emails, to contact lists, to possible mail attachments. They should be assessed for vulnerabilities and configuration violations just like any other device. Just like every other industry buzz in the past, like “working from home”, and “mobile workforce” with laptops, these devices need the same considerations and protection. Retina can get you started. Download from the Google Play Store now. 

Tags:
, , , , , ,

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,