Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Simplified Vulnerability Management – Mission Statement

Posted November 5, 2010    Morey Haber

Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager, is to have my very own mission statement for day-to-day business and solution implementation.

My mission is simple: “Simplify Vulnerability Management”

One may ask why I choose something so generic and common place like a Dyson Vacuum cleaner statement. The answer is really simple in itself. When I started with eEye over seven years ago, vulnerability assessment, pen testing, and even the concept of vulnerabilities were somewhat of a dark art. This is well before regulatory compliance initiatives and standards like PCI and SCAP. Only things like BugTraq and CVEs really existed and many peers did not even believe that systems, networks, and applications could be compromised to the level they are today. Tools like Retina began to provide a distinct technical solution for security engineers to understand the problems and form a remediation strategy. As a technical tool, management and executives would generally get lost in the complexity of jargon, audits, policies, and even the scopes for performing an assessment.

In more recent years, the tools have evolved from a technical point solution to regulatory compliance solutions that businesses must adhere to for daily operations. Much of the technical edges have been simplified. It is my belief that they are still not simple enough. Users still have to know about audits, policies, address groups, and various other parameters just to meet assessment and business requirements. My person designed goal for the solutions is to make the products as simple as a possible so virtually anyone can use them. No advanced security knowledge is needed. I believe the results should be as detailed as needed depending on the audience and allow all the data to be summarized for any executive or analyst who wants to know. I believe in keeping it simple yet granular when needed and not the reverse.

Therefore, as you begin to review the next generation unified vulnerability management solutions from eEye, please understand my personal mission statement when designing, building, and implementing our solutions. Make the product reliable, accurate, and simple to meet your business objectives. eEye has had a reliable and accurate product for years and we continue to simply the solution through research and new user interface (Retina CS) to make unified vulnerability management easier for everyone.

I believe in my mission statement. Does your personal mission statement focus on your career, security, vulnerabilities, or the regulatory compliance initiatives you are responsible for? Please let us know. We can help you achieve your goals.

Leave a Reply

Additional articles


Closing the Vulnerability Gap

Posted October 7, 2015    Brian Chappell

Managing vulnerabilities is a significant challenge for many organizations. The main difficulties with managing this manifest in two key areas. The first is that the list isn’t static. The second is priority.


Scottrade Breach: Identified by Federal Officials

Posted October 5, 2015    Morey Haber

Late afternoon on October 2nd, news leaked out of another large security breach, now at Scottrade. The identity count of records, in the millions again (4.6 million is the latest). This breach comes on the second day of national CyberSecurity month, the first being Experian/T-Mobile breach.

3d image Data Breach issues concept word cloud background

Experian/T-Mobile Data Breach: When 2 Days is not Enough

Posted October 2, 2015    Morey Haber

On October 1, Experian admitted full responsibility for the loss of T-Mobile customer data. 15 million user records dating back to 2013 were effected in the breach, with data including sensitive information that may be decryptable like social security numbers and drivers licenses.