BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets.

Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to change control guidelines and best practices. Its goal is to make vulnerability identification and correction an integral part of standard business practices (similar to the specifications in PCI DSS 3.0), rather than a batch process that only reviews risks at intervals (generally once per month or quarter) – thereby creating gaps where threats could compromise assets and applications.

The Retina family of vulnerability management solutions simplifies adherence to Critical Control 4 and the concept of continuous vulnerability assessment via three deployment options and two modules.

First, lets explorer the two modules:

Retina CS Enterprise Vulnerability Management
Retina CS is the only vulnerability management solution designed from the ground up to provide IT security professionals with context-aware vulnerability assessment and risk analysis. Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructure. By centralizing the data and providing real-time alerting, Retina forms the foundation for BeyondTrust’s continuous monitoring solution for vulnerability management.

Retina CS Patch Management
Seamlessly integrated with Retina CS, BeyondTrust’s Patch Management Module closes the loop on vulnerabilities by providing seamless patching for Microsoft and third-party applications. The technology is fully integrated, automated, and agent-less, and improves the efficiency and effectiveness of patch processes by correlating identified vulnerabilities with the appropriate remediation and allowing the process to be performed continuously as new risks are identified.

Based on these two modules, Retina can perform continuous vulnerability assessment using any, or all, of these three techniques:

The Retina Protection Agent
The Retina Protection Agent closes the security gap created by systems that can’t be reached with remote vulnerability assessments alone by providing a lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and optional intrusion prevention. This agent allows for the scheduling of vulnerability assessments to be conducted daily or triggered continuously by external solutions to provide an up to date view of the risks and vulnerabilities present on any Windows assets in accordance with SANS Critical Control 4.

Continuous Authenticated Vulnerability Assessment
Retina contains an industry-unique job scheduling engine that can perform vulnerability assessments multiple times per day and allow for change control windows, auto pause and restart, and automated job aborts when vulnerability data can not be obtained in a timely fashion. These unique capabilities allow for Retina to perform continuous network scan functions in line with the SANS Critical Security Controls and the stringent requirements set forth by many government agencies.

Third-Party Integration
Retina boosts over 30 integrations into SEIMs, call centers, and NAC solutions. With these extensive capabilities, the required escalation of data and on demand scanning required to meet continuous scanning requirements is achievable with the technology out of the box. For example, vulnerability correlation can easily be achieved with LogRhythm or IBM QRadar, and on-demand scanning based on network connectivity with seamless integration into ForeScout NAC.

BeyondTrust has made the process of meeting continuous vulnerability assessment and remediation simple and easy to implement based on requirements of the SANS Critical Security Controls. The technology can scale from the smallest environment to the largest enterprise. With a dedicated management console for reporting on assessments and changes in an environment, Retina can meet these requirements with agent and agent-less technology based on a simple asset-based license model. We look forward to showing you how Retina will change the way you manage risks and meet complex requirements like continuous monitoring.

Tags:
, , , ,

Leave a Reply

Additional articles

{c4eae211-3ca2-4f8e-b2b9-6df0e970aab1}_g.markhardy

The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

Tags:
, , ,
webinar_chalk

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

Tags:
, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,