BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Simplified Vulnerability Management – Mission Statement

Posted November 5, 2010    Morey Haber

Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager, is to have my very own mission statement for day-to-day business and solution implementation.

My mission is simple: “Simplify Vulnerability Management”

One may ask why I choose something so generic and common place like a Dyson Vacuum cleaner statement. The answer is really simple in itself. When I started with eEye over seven years ago, vulnerability assessment, pen testing, and even the concept of vulnerabilities were somewhat of a dark art. This is well before regulatory compliance initiatives and standards like PCI and SCAP. Only things like BugTraq and CVEs really existed and many peers did not even believe that systems, networks, and applications could be compromised to the level they are today. Tools like Retina began to provide a distinct technical solution for security engineers to understand the problems and form a remediation strategy. As a technical tool, management and executives would generally get lost in the complexity of jargon, audits, policies, and even the scopes for performing an assessment.

In more recent years, the tools have evolved from a technical point solution to regulatory compliance solutions that businesses must adhere to for daily operations. Much of the technical edges have been simplified. It is my belief that they are still not simple enough. Users still have to know about audits, policies, address groups, and various other parameters just to meet assessment and business requirements. My person designed goal for the solutions is to make the products as simple as a possible so virtually anyone can use them. No advanced security knowledge is needed. I believe the results should be as detailed as needed depending on the audience and allow all the data to be summarized for any executive or analyst who wants to know. I believe in keeping it simple yet granular when needed and not the reverse.

Therefore, as you begin to review the next generation unified vulnerability management solutions from eEye, please understand my personal mission statement when designing, building, and implementing our solutions. Make the product reliable, accurate, and simple to meet your business objectives. eEye has had a reliable and accurate product for years and we continue to simply the solution through research and new user interface (Retina CS) to make unified vulnerability management easier for everyone.

I believe in my mission statement. Does your personal mission statement focus on your career, security, vulnerabilities, or the regulatory compliance initiatives you are responsible for? Please let us know. We can help you achieve your goals.

Leave a Reply

Additional articles

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,