BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Simplified Vulnerability Management – Mission Statement

Posted November 5, 2010    Morey Haber

Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager, is to have my very own mission statement for day-to-day business and solution implementation.

My mission is simple: “Simplify Vulnerability Management”

One may ask why I choose something so generic and common place like a Dyson Vacuum cleaner statement. The answer is really simple in itself. When I started with eEye over seven years ago, vulnerability assessment, pen testing, and even the concept of vulnerabilities were somewhat of a dark art. This is well before regulatory compliance initiatives and standards like PCI and SCAP. Only things like BugTraq and CVEs really existed and many peers did not even believe that systems, networks, and applications could be compromised to the level they are today. Tools like Retina began to provide a distinct technical solution for security engineers to understand the problems and form a remediation strategy. As a technical tool, management and executives would generally get lost in the complexity of jargon, audits, policies, and even the scopes for performing an assessment.

In more recent years, the tools have evolved from a technical point solution to regulatory compliance solutions that businesses must adhere to for daily operations. Much of the technical edges have been simplified. It is my belief that they are still not simple enough. Users still have to know about audits, policies, address groups, and various other parameters just to meet assessment and business requirements. My person designed goal for the solutions is to make the products as simple as a possible so virtually anyone can use them. No advanced security knowledge is needed. I believe the results should be as detailed as needed depending on the audience and allow all the data to be summarized for any executive or analyst who wants to know. I believe in keeping it simple yet granular when needed and not the reverse.

Therefore, as you begin to review the next generation unified vulnerability management solutions from eEye, please understand my personal mission statement when designing, building, and implementing our solutions. Make the product reliable, accurate, and simple to meet your business objectives. eEye has had a reliable and accurate product for years and we continue to simply the solution through research and new user interface (Retina CS) to make unified vulnerability management easier for everyone.

I believe in my mission statement. Does your personal mission statement focus on your career, security, vulnerabilities, or the regulatory compliance initiatives you are responsible for? Please let us know. We can help you achieve your goals.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,