BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Right-click Metasploit Integration

Posted July 12, 2011    Marc Maiffret

At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective.

While other products continue to lock IT folks into ‘one size fits all’ processes around vulnerability management, we are striving to give you all the information you need to make better educated decisions on how you want to manage vulnerabilities and risk within your business. There is no one right way to manage a vulnerability nor is there one risk score for a vulnerability that maps equally to all companies. Context is key.

In continuing to provide extra flexibility to make better vulnerability management decisions based on how your IT process works, and not how your vulnerability management software wants to force your IT process to work, we are happy to announce right-click Metasploit integration.

As most of you know, we have had integration between both the free and commercial version of Metasploit for data importing for a while now. Thanks to the great work of our friends on the Metasploit Framework team, you are able to import Retina vulnerability scan data directly into Metasploit to then launch exploits against vulnerabilities that Retina discovered. This is in the same way that you can also import Retina scan results into Core Security’s Core Impact product for exploit testing.

We decided to take our integration with Metasploit even further by giving Retina Network customers, and users of our free scanner Retina Community, the ability to right-click on a vulnerability within Retina and launch any applicable Metasploit exploit that might exist. This now creates a dual channel ability by which you can use the free version of Metasploit to either import Retina data into Metasploit to launch applicable exploits or to directly launch Metasploit exploits from within Retina itself. All you need is Retina and Metasploit installed on the same system. We take care of the rest.

eEye’s Director of Product Management, Morey Haber, has put together a video to show this new integration and just how straight forward it is.

This is only the beginning of what we have in store for leveraging the free version of Metasploit to harness its exploit testing capabilities to be at the fingertips of Retina commercial and free Retina Community users. Stay tuned for a lot more integrations with Metasploit free and improvements on top of this first “right-click to exploit” integration release.

As always exploits are far from an exact science and when it comes to prioritizing your vulnerabilities you cannot discount a vulnerability simply because an exploit framework failed to properly exploit a vulnerability. There are many factors that can cause an exploit to fail and also plenty of times where an exploit framework will simply not have an exploit for a vulnerability even though attackers in the wild do.

For example Metasploit free only had exploit coverage for roughly 9% of all Microsoft vulnerabilities in 2010. There is always going to be a gap between the thousands of malicious attackers and their exploit toolkits and what a commercial company can develop with tens of employees. The non-exact science of exploit reliability and incomplete coverage of exploits to vulnerabilities are two factors to keep in mind when thinking about how to prioritize your vulnerabilities.

Stay tuned as we have some more major product announcements in the works that build upon both this integration and show brand new ways of helping you prioritize your vulnerability management process.

P.S. eEye will be sponsoring and exhibiting at this year’s Black Hat conference in Las Vegas. We hope to catch up either at our booth or the craps table. You can find out more here: http://www.eeye.com/fearnot

Leave a Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,