At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective.
While other products continue to lock IT folks into ‘one size fits all’ processes around vulnerability management, we are striving to give you all the information you need to make better educated decisions on how you want to manage vulnerabilities and risk within your business. There is no one right way to manage a vulnerability nor is there one risk score for a vulnerability that maps equally to all companies. Context is key.
In continuing to provide extra flexibility to make better vulnerability management decisions based on how your IT process works, and not how your vulnerability management software wants to force your IT process to work, we are happy to announce right-click Metasploit integration.
As most of you know, we have had integration between both the free and commercial version of Metasploit for data importing for a while now. Thanks to the great work of our friends on the Metasploit Framework team, you are able to import Retina vulnerability scan data directly into Metasploit to then launch exploits against vulnerabilities that Retina discovered. This is in the same way that you can also import Retina scan results into Core Security’s Core Impact product for exploit testing.
We decided to take our integration with Metasploit even further by giving Retina Network customers, and users of our free scanner Retina Community, the ability to right-click on a vulnerability within Retina and launch any applicable Metasploit exploit that might exist. This now creates a dual channel ability by which you can use the free version of Metasploit to either import Retina data into Metasploit to launch applicable exploits or to directly launch Metasploit exploits from within Retina itself. All you need is Retina and Metasploit installed on the same system. We take care of the rest.
eEye’s Director of Product Management, Morey Haber, has put together a video to show this new integration and just how straight forward it is.
This is only the beginning of what we have in store for leveraging the free version of Metasploit to harness its exploit testing capabilities to be at the fingertips of Retina commercial and free Retina Community users. Stay tuned for a lot more integrations with Metasploit free and improvements on top of this first “right-click to exploit” integration release.
As always exploits are far from an exact science and when it comes to prioritizing your vulnerabilities you cannot discount a vulnerability simply because an exploit framework failed to properly exploit a vulnerability. There are many factors that can cause an exploit to fail and also plenty of times where an exploit framework will simply not have an exploit for a vulnerability even though attackers in the wild do.
For example Metasploit free only had exploit coverage for roughly 9% of all Microsoft vulnerabilities in 2010. There is always going to be a gap between the thousands of malicious attackers and their exploit toolkits and what a commercial company can develop with tens of employees. The non-exact science of exploit reliability and incomplete coverage of exploits to vulnerabilities are two factors to keep in mind when thinking about how to prioritize your vulnerabilities.
Stay tuned as we have some more major product announcements in the works that build upon both this integration and show brand new ways of helping you prioritize your vulnerability management process.
P.S. eEye will be sponsoring and exhibiting at this year’s Black Hat conference in Las Vegas. We hope to catch up either at our booth or the craps table. You can find out more here: http://www.eeye.com/fearnot
