BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Simplified Vulnerability Management – Mission Statement

Posted November 5, 2010    Morey Haber

Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager, is to have my very own mission statement for day-to-day business and solution implementation.

My mission is simple: “Simplify Vulnerability Management”

One may ask why I choose something so generic and common place like a Dyson Vacuum cleaner statement. The answer is really simple in itself. When I started with eEye over seven years ago, vulnerability assessment, pen testing, and even the concept of vulnerabilities were somewhat of a dark art. This is well before regulatory compliance initiatives and standards like PCI and SCAP. Only things like BugTraq and CVEs really existed and many peers did not even believe that systems, networks, and applications could be compromised to the level they are today. Tools like Retina began to provide a distinct technical solution for security engineers to understand the problems and form a remediation strategy. As a technical tool, management and executives would generally get lost in the complexity of jargon, audits, policies, and even the scopes for performing an assessment.

In more recent years, the tools have evolved from a technical point solution to regulatory compliance solutions that businesses must adhere to for daily operations. Much of the technical edges have been simplified. It is my belief that they are still not simple enough. Users still have to know about audits, policies, address groups, and various other parameters just to meet assessment and business requirements. My person designed goal for the solutions is to make the products as simple as a possible so virtually anyone can use them. No advanced security knowledge is needed. I believe the results should be as detailed as needed depending on the audience and allow all the data to be summarized for any executive or analyst who wants to know. I believe in keeping it simple yet granular when needed and not the reverse.

Therefore, as you begin to review the next generation unified vulnerability management solutions from eEye, please understand my personal mission statement when designing, building, and implementing our solutions. Make the product reliable, accurate, and simple to meet your business objectives. eEye has had a reliable and accurate product for years and we continue to simply the solution through research and new user interface (Retina CS) to make unified vulnerability management easier for everyone.

I believe in my mission statement. Does your personal mission statement focus on your career, security, vulnerabilities, or the regulatory compliance initiatives you are responsible for? Please let us know. We can help you achieve your goals.

Leave a Reply

Additional articles

Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , ,
Monetary Authority of Singapore

Why MAS Compliance is Still a Real MUST

Posted November 12, 2014    Morey Haber

As reported in our blog earlier this year MAS guidelines are set to change the way financial institutions conduct business in Singapore. Now, nearly four months past the compliance date of July 2014, we are revisiting the guidelines that surround the regulations. Non-compliance was said to result in the following implications for financial institutions: Financial…

Tags:
, , , , ,