BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Simplified Vulnerability Management – Mission Statement

Posted November 5, 2010    Morey Haber

Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager, is to have my very own mission statement for day-to-day business and solution implementation.

My mission is simple: “Simplify Vulnerability Management”

One may ask why I choose something so generic and common place like a Dyson Vacuum cleaner statement. The answer is really simple in itself. When I started with eEye over seven years ago, vulnerability assessment, pen testing, and even the concept of vulnerabilities were somewhat of a dark art. This is well before regulatory compliance initiatives and standards like PCI and SCAP. Only things like BugTraq and CVEs really existed and many peers did not even believe that systems, networks, and applications could be compromised to the level they are today. Tools like Retina began to provide a distinct technical solution for security engineers to understand the problems and form a remediation strategy. As a technical tool, management and executives would generally get lost in the complexity of jargon, audits, policies, and even the scopes for performing an assessment.

In more recent years, the tools have evolved from a technical point solution to regulatory compliance solutions that businesses must adhere to for daily operations. Much of the technical edges have been simplified. It is my belief that they are still not simple enough. Users still have to know about audits, policies, address groups, and various other parameters just to meet assessment and business requirements. My person designed goal for the solutions is to make the products as simple as a possible so virtually anyone can use them. No advanced security knowledge is needed. I believe the results should be as detailed as needed depending on the audience and allow all the data to be summarized for any executive or analyst who wants to know. I believe in keeping it simple yet granular when needed and not the reverse.

Therefore, as you begin to review the next generation unified vulnerability management solutions from eEye, please understand my personal mission statement when designing, building, and implementing our solutions. Make the product reliable, accurate, and simple to meet your business objectives. eEye has had a reliable and accurate product for years and we continue to simply the solution through research and new user interface (Retina CS) to make unified vulnerability management easier for everyone.

I believe in my mission statement. Does your personal mission statement focus on your career, security, vulnerabilities, or the regulatory compliance initiatives you are responsible for? Please let us know. We can help you achieve your goals.

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,