BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Now Offers Custom Audits for Android Devices

Posted May 16, 2012    Morey Haber

When a marketing buzz word sticks like BYOD (Bring Your Own Device), it is inevitable to see it everywhere in an effort to capitalize on the momentum; blogs, literature, SEO, social media, etc. In the past, we have seen great terms like “ecosystem”, “framework”, and my personal favorite “distributed computing”, rise and fall in marketing. Fortunately, some of these buzz words are more realistic than others and really do pose a challenge to many companies. It is not just about the latest and greatest technology or security threat, but what really matters to the business.

BYOD is one of those terms that really does matter and is a real problem. eEye, like many organizations, does support BYOD. We have a wide mix of devices from Android to Apple to WebOS (PalmOS) connected with various parts of our infrastructure with a myriad of security tools, firewalls, and access control lists filtering content and visibility. This is no surprise and for corporations supporting  BYOD, I would expect the same; or at least hope so. As businesses struggle to reduce costs, BYOD, provides an upfront cost savings by allowing employees to bring their own devices to work in lieu of potential capital expenses to acquire them. One of the hidden costs is how to maintain proper security for these devices and fundamentally what risks they present for vulnerability assessment and even custom auditing on top of costs for securing connectivity. Retina has taken the traditional approach of vulnerability assessment for Android devices to a new level to solve this problem. With the release of Retina CS 3.1 and Retina Community 3.1, eEye is offering for free a vulnerability assessment agent for Android devices from the Google Play Store (formerly Google Market Place). Download from Google Play Now. As users begin to connect these devices to the corporate infrastructure, primarily through email, they can assess if their device has inherent vulnerabilities that could cause unnecessary risk to the business via vulnerable applications like Google Wallet or Adobe Flash. When used as a standalone agent, all of the findings and remediation steps are presented directly on the device, and when connected to Retina CS, all of the results are correlated in the management console, just like any other asset, for complete zero-gap vulnerability management coverage. The solution however, does not just stop at assessments for Android devices, it allows for custom configuration and auditing to meet the needs of your business policies. Retina complements MDM solutions with additional flexibility for vulnerability and configuration policies. Consider that your policy for BYOD states that USB debugging should be off or that if you connect your device to the infrastructure, certain applications must be installed (for additional security like anti-virus) or are explicitly denied from being installed (like a faux version Angry Birds that contains malware). Retina CS (and CS Community) allow for you to perform this inventory. An MDM solution may be setup to enforce these but Retina Android Agents allow you to verify these settings on the actual device and create custom ones beyond the scope of your MDM solution. Mobile devices (smartphones and tablets) represent an entirely new way to do business. Everything from accepting credit cards (which fall under PCI DSS compliance regulations and making vulnerability assessment a must have on these devices) to allowing users to connect and bring their latest gadgets to work pose a new security challenge for IT and security departments. Emphasizing  security restrictions on connectivity is not enough. Assessing these devices, that are outside of the corporate firewalls and IDS/IPS systems, is a must. Whether you rely on just an MDM vendor for your security, have mandated anti-virus on these devices, or have sat down and seriously considered the risks these devices represent, do not forget that they are vulnerable just like other desktops and servers within your environment. The marketing buzz may be about BYOD but remember the real buzz is within your organization and you must consider how you will manage mobile devices. They are the proverbial “hand-held keys” to the internal workings of your business; from emails, to contact lists, to possible mail attachments. They should be assessed for vulnerabilities and configuration violations just like any other device. Just like every other industry buzz in the past, like “working from home”, and “mobile workforce” with laptops, these devices need the same considerations and protection. Retina can get you started. Download from the Google Play Store now. 

Tags:
, , , , , ,

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,