BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Right-click Metasploit Integration

Posted July 12, 2011    Marc Maiffret

At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective.

While other products continue to lock IT folks into ‘one size fits all’ processes around vulnerability management, we are striving to give you all the information you need to make better educated decisions on how you want to manage vulnerabilities and risk within your business. There is no one right way to manage a vulnerability nor is there one risk score for a vulnerability that maps equally to all companies. Context is key.

In continuing to provide extra flexibility to make better vulnerability management decisions based on how your IT process works, and not how your vulnerability management software wants to force your IT process to work, we are happy to announce right-click Metasploit integration.

As most of you know, we have had integration between both the free and commercial version of Metasploit for data importing for a while now. Thanks to the great work of our friends on the Metasploit Framework team, you are able to import Retina vulnerability scan data directly into Metasploit to then launch exploits against vulnerabilities that Retina discovered. This is in the same way that you can also import Retina scan results into Core Security’s Core Impact product for exploit testing.

We decided to take our integration with Metasploit even further by giving Retina Network customers, and users of our free scanner Retina Community, the ability to right-click on a vulnerability within Retina and launch any applicable Metasploit exploit that might exist. This now creates a dual channel ability by which you can use the free version of Metasploit to either import Retina data into Metasploit to launch applicable exploits or to directly launch Metasploit exploits from within Retina itself. All you need is Retina and Metasploit installed on the same system. We take care of the rest.

eEye’s Director of Product Management, Morey Haber, has put together a video to show this new integration and just how straight forward it is.

This is only the beginning of what we have in store for leveraging the free version of Metasploit to harness its exploit testing capabilities to be at the fingertips of Retina commercial and free Retina Community users. Stay tuned for a lot more integrations with Metasploit free and improvements on top of this first “right-click to exploit” integration release.

As always exploits are far from an exact science and when it comes to prioritizing your vulnerabilities you cannot discount a vulnerability simply because an exploit framework failed to properly exploit a vulnerability. There are many factors that can cause an exploit to fail and also plenty of times where an exploit framework will simply not have an exploit for a vulnerability even though attackers in the wild do.

For example Metasploit free only had exploit coverage for roughly 9% of all Microsoft vulnerabilities in 2010. There is always going to be a gap between the thousands of malicious attackers and their exploit toolkits and what a commercial company can develop with tens of employees. The non-exact science of exploit reliability and incomplete coverage of exploits to vulnerabilities are two factors to keep in mind when thinking about how to prioritize your vulnerabilities.

Stay tuned as we have some more major product announcements in the works that build upon both this integration and show brand new ways of helping you prioritize your vulnerability management process.

P.S. eEye will be sponsoring and exhibiting at this year’s Black Hat conference in Las Vegas. We hope to catch up either at our booth or the craps table. You can find out more here: http://www.eeye.com/fearnot

Leave a Reply

Additional articles

Restricted Area Sign

Implementing Least Privilege for Windows the Easy Way

Posted July 31, 2014    Morey Haber

The concept of least privilege states that asset users should have the lowest level of access privileges required to effectively conduct their jobs. Implementing least privilege can bring several benefits to your organization, including: Increased security by reducing the attack surface available to users and to potential attackers who compromise user systems via phishing, malware,…

Tags:
, , ,
gartner market guide image - aug 2014

Introducing the Gartner Market Guide for Privileged Account Management

Posted July 29, 2014    Chris Burd

Gartner recently released a new Market Guide for Privileged Account Management (PAM), and we’d like to share a complimentary copy with you. The report includes PAM market analysis and direction, vendor overviews, and recommendations for selecting PAM solutions for your environment. BeyondTrust is one of two representative vendors (out of 20) to address all solution…

Tags:
, , , , , , , ,
Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,