BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets.

Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to change control guidelines and best practices. Its goal is to make vulnerability identification and correction an integral part of standard business practices (similar to the specifications in PCI DSS 3.0), rather than a batch process that only reviews risks at intervals (generally once per month or quarter) – thereby creating gaps where threats could compromise assets and applications.

The Retina family of vulnerability management solutions simplifies adherence to Critical Control 4 and the concept of continuous vulnerability assessment via three deployment options and two modules.

First, lets explorer the two modules:

Retina CS Enterprise Vulnerability Management
Retina CS is the only vulnerability management solution designed from the ground up to provide IT security professionals with context-aware vulnerability assessment and risk analysis. Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructure. By centralizing the data and providing real-time alerting, Retina forms the foundation for BeyondTrust’s continuous monitoring solution for vulnerability management.

Retina CS Patch Management
Seamlessly integrated with Retina CS, BeyondTrust’s Patch Management Module closes the loop on vulnerabilities by providing seamless patching for Microsoft and third-party applications. The technology is fully integrated, automated, and agent-less, and improves the efficiency and effectiveness of patch processes by correlating identified vulnerabilities with the appropriate remediation and allowing the process to be performed continuously as new risks are identified.

Based on these two modules, Retina can perform continuous vulnerability assessment using any, or all, of these three techniques:

The Retina Protection Agent
The Retina Protection Agent closes the security gap created by systems that can’t be reached with remote vulnerability assessments alone by providing a lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and optional intrusion prevention. This agent allows for the scheduling of vulnerability assessments to be conducted daily or triggered continuously by external solutions to provide an up to date view of the risks and vulnerabilities present on any Windows assets in accordance with SANS Critical Control 4.

Continuous Authenticated Vulnerability Assessment
Retina contains an industry-unique job scheduling engine that can perform vulnerability assessments multiple times per day and allow for change control windows, auto pause and restart, and automated job aborts when vulnerability data can not be obtained in a timely fashion. These unique capabilities allow for Retina to perform continuous network scan functions in line with the SANS Critical Security Controls and the stringent requirements set forth by many government agencies.

Third-Party Integration
Retina boosts over 30 integrations into SEIMs, call centers, and NAC solutions. With these extensive capabilities, the required escalation of data and on demand scanning required to meet continuous scanning requirements is achievable with the technology out of the box. For example, vulnerability correlation can easily be achieved with LogRhythm or IBM QRadar, and on-demand scanning based on network connectivity with seamless integration into ForeScout NAC.

BeyondTrust has made the process of meeting continuous vulnerability assessment and remediation simple and easy to implement based on requirements of the SANS Critical Security Controls. The technology can scale from the smallest environment to the largest enterprise. With a dedicated management console for reporting on assessments and changes in an environment, Retina can meet these requirements with agent and agent-less technology based on a simple asset-based license model. We look forward to showing you how Retina will change the way you manage risks and meet complex requirements like continuous monitoring.

Tags:
, , , ,

Leave a Reply

Additional articles

ovum-research

New Analyst SWOT Assessment Identifies Key Strengths of PowerBroker

Posted November 24, 2014    Scott Lang

Following on the heels of the Gartner PAM market guide and Frost & Sullivan review of Password Safe comes a new analyst review of our BeyondInsight and PowerBroker platforms, a SWOT assessment of BeyondTrust written by Ovum. Ovum’s honest and thorough review of BeyondTrust indicates that we are delivering, “…an integrated, one-stop approach to PAM….

Tags:
, , ,

Patented Windows privilege management brings you unmatched benefits

Posted November 24, 2014    Scott Lang

We are pleased to announce that BeyondTrust has been granted a new U.S. Patent (No. 8,850,549) for privilege management, validating our approach to helping our customers achieve least privilege in Windows environments. The methods and systems that we employ for controlling access to resources and privileges per process are unique to BeyondTrust PowerBroker for Windows….

Tags:
6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,