BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets.

Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to change control guidelines and best practices. Its goal is to make vulnerability identification and correction an integral part of standard business practices (similar to the specifications in PCI DSS 3.0), rather than a batch process that only reviews risks at intervals (generally once per month or quarter) – thereby creating gaps where threats could compromise assets and applications.

The Retina family of vulnerability management solutions simplifies adherence to Critical Control 4 and the concept of continuous vulnerability assessment via three deployment options and two modules.

First, lets explorer the two modules:

Retina CS Enterprise Vulnerability Management
Retina CS is the only vulnerability management solution designed from the ground up to provide IT security professionals with context-aware vulnerability assessment and risk analysis. Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructure. By centralizing the data and providing real-time alerting, Retina forms the foundation for BeyondTrust’s continuous monitoring solution for vulnerability management.

Retina CS Patch Management
Seamlessly integrated with Retina CS, BeyondTrust’s Patch Management Module closes the loop on vulnerabilities by providing seamless patching for Microsoft and third-party applications. The technology is fully integrated, automated, and agent-less, and improves the efficiency and effectiveness of patch processes by correlating identified vulnerabilities with the appropriate remediation and allowing the process to be performed continuously as new risks are identified.

Based on these two modules, Retina can perform continuous vulnerability assessment using any, or all, of these three techniques:

The Retina Protection Agent
The Retina Protection Agent closes the security gap created by systems that can’t be reached with remote vulnerability assessments alone by providing a lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and optional intrusion prevention. This agent allows for the scheduling of vulnerability assessments to be conducted daily or triggered continuously by external solutions to provide an up to date view of the risks and vulnerabilities present on any Windows assets in accordance with SANS Critical Control 4.

Continuous Authenticated Vulnerability Assessment
Retina contains an industry-unique job scheduling engine that can perform vulnerability assessments multiple times per day and allow for change control windows, auto pause and restart, and automated job aborts when vulnerability data can not be obtained in a timely fashion. These unique capabilities allow for Retina to perform continuous network scan functions in line with the SANS Critical Security Controls and the stringent requirements set forth by many government agencies.

Third-Party Integration
Retina boosts over 30 integrations into SEIMs, call centers, and NAC solutions. With these extensive capabilities, the required escalation of data and on demand scanning required to meet continuous scanning requirements is achievable with the technology out of the box. For example, vulnerability correlation can easily be achieved with LogRhythm or IBM QRadar, and on-demand scanning based on network connectivity with seamless integration into ForeScout NAC.

BeyondTrust has made the process of meeting continuous vulnerability assessment and remediation simple and easy to implement based on requirements of the SANS Critical Security Controls. The technology can scale from the smallest environment to the largest enterprise. With a dedicated management console for reporting on assessments and changes in an environment, Retina can meet these requirements with agent and agent-less technology based on a simple asset-based license model. We look forward to showing you how Retina will change the way you manage risks and meet complex requirements like continuous monitoring.

Tags:
, , , ,

Leave a Reply

Additional articles

webinar_ondemand

On Demand Webinar – Why You Still Suck at Patching

Posted March 27, 2015    Lindsay Marsh

On Demand Webinar: Dave Shackleford recounts some of his personal experiences in patch management failure, and breaks down the most critical issues holding many teams back from patching more effectively.

Tags:
,
dave-shackleford-headshot

Why You Still Suck at Patching…and How to Turn Your Life Around

Posted March 25, 2015    Dave Shackleford

Live webinar | March 26, 2015 | 10am PT/1pm ET | Dave Shackleford, SANS Instructor | Why You Still Suck at Patching…and How to Turn Your Life Around

Tags:
, ,
infographic

Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls

Posted March 24, 2015    Scott Lang

BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.

Tags:
,