BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Scalability When You Need It

Posted September 25, 2013    Morey Haber

I think we have all been there before. We pilot a solution, run the gambit of tests in the lab, and when it comes to production, the scalability falls flat on its face. It does not matter if the solution was architected correctly for the environment with multiple nodes, high performance database, and tons of CPU and RAM to spare, it just does not work. This is when we realize the vendor failed to create the technology with the scalability needed to address the challenges often encountered in enterprise deployments. The outcome is that we end up living with a scaled back implementation, or worse, waste time and money before picking another vendor. This is a challenge BeyondTrust is acutely aware of. Why? Because many of our clients have been there with a different vulnerability management solution and discovered that Retina was designed from the ground up to be scalable, portable, and architecturally flexible to meet the heavy demands of a true enterprise environment. For example, take the screen shot below:

Retina Screen Shot

This is from one of our test lab environments used for client demos. It is sanitized client data that has been scaled for testing. The supporting database contains over 100,000 assets and is fully functional for searching, filtering, reporting, and role-based access. It is used to demonstrate that with a single pane of glass, an organization can truly realize that they can perform vulnerability management for every asset in their organization, not just servers or PCI environments.

Retina Screen Shot

Consider the following report that literally takes a few seconds to generate using our embedded data warehouse (Retina Insight) that ships with the solution. It helps take that list of 100,000 devices and prioritize which devices should be remediated first, in lieu of a phone book of potentially a few million pages for every asset and vulnerability. Believe it or not, some our leading competitors still can only generate the long laundry list vulnerability report and do nothing to help the enterprise prioritize remediation activities.

We have all been there before. We have all had tools that work great on our desktops, in labs, but can not handle what truly awaits in the enterprise. With over 260 reports available out of the box, a true ad-hoc report engine that can build customized reports based on all the data collected, and a scalable platform that can handle hundreds of thousands of assets, why have you not looked at Retina yet? Get more info.

Tags:
, , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,