BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets.

Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to change control guidelines and best practices. Its goal is to make vulnerability identification and correction an integral part of standard business practices (similar to the specifications in PCI DSS 3.0), rather than a batch process that only reviews risks at intervals (generally once per month or quarter) – thereby creating gaps where threats could compromise assets and applications.

The Retina family of vulnerability management solutions simplifies adherence to Critical Control 4 and the concept of continuous vulnerability assessment via three deployment options and two modules.

First, lets explorer the two modules:

Retina CS Enterprise Vulnerability Management
Retina CS is the only vulnerability management solution designed from the ground up to provide IT security professionals with context-aware vulnerability assessment and risk analysis. Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructure. By centralizing the data and providing real-time alerting, Retina forms the foundation for BeyondTrust’s continuous monitoring solution for vulnerability management.

Retina CS Patch Management
Seamlessly integrated with Retina CS, BeyondTrust’s Patch Management Module closes the loop on vulnerabilities by providing seamless patching for Microsoft and third-party applications. The technology is fully integrated, automated, and agent-less, and improves the efficiency and effectiveness of patch processes by correlating identified vulnerabilities with the appropriate remediation and allowing the process to be performed continuously as new risks are identified.

Based on these two modules, Retina can perform continuous vulnerability assessment using any, or all, of these three techniques:

The Retina Protection Agent
The Retina Protection Agent closes the security gap created by systems that can’t be reached with remote vulnerability assessments alone by providing a lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and optional intrusion prevention. This agent allows for the scheduling of vulnerability assessments to be conducted daily or triggered continuously by external solutions to provide an up to date view of the risks and vulnerabilities present on any Windows assets in accordance with SANS Critical Control 4.

Continuous Authenticated Vulnerability Assessment
Retina contains an industry-unique job scheduling engine that can perform vulnerability assessments multiple times per day and allow for change control windows, auto pause and restart, and automated job aborts when vulnerability data can not be obtained in a timely fashion. These unique capabilities allow for Retina to perform continuous network scan functions in line with the SANS Critical Security Controls and the stringent requirements set forth by many government agencies.

Third-Party Integration
Retina boosts over 30 integrations into SEIMs, call centers, and NAC solutions. With these extensive capabilities, the required escalation of data and on demand scanning required to meet continuous scanning requirements is achievable with the technology out of the box. For example, vulnerability correlation can easily be achieved with LogRhythm or IBM QRadar, and on-demand scanning based on network connectivity with seamless integration into ForeScout NAC.

BeyondTrust has made the process of meeting continuous vulnerability assessment and remediation simple and easy to implement based on requirements of the SANS Critical Security Controls. The technology can scale from the smallest environment to the largest enterprise. With a dedicated management console for reporting on assessments and changes in an environment, Retina can meet these requirements with agent and agent-less technology based on a simple asset-based license model. We look forward to showing you how Retina will change the way you manage risks and meet complex requirements like continuous monitoring.

Tags:
, , , ,

Leave a Reply

Additional articles

Ponemon_Report

Big Surprise: Cost of Data Breaches Up; Are you Doing the *Right* Things to Mitigate the Costs?

Posted May 28, 2015    Scott Lang

Ponemon Institute Cost of Data Breach Study – costs are going up – to the tune of a 23% increase in total costs of data breaches, and a 12% increase in per-record cost since 2013. Are you doing the right things to mitigate costs?

Tags:
, ,
IRS-Data-Breach

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015    Morey Haber

The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”.

Tags:
, , ,
dave-shackleford-headshot

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

Tags:
, ,