BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Sneak Peek: Free Mobility Scanning from eEye

Posted September 21, 2011    Brad Hibbert

With mobile devices and smart phones representing 40% of all mobile phones in the US, consumerization continues to blur the corporate boundary as employees expect and require consistent access to corporate services from wherever they are, on any device they’re using—desktops, laptops, tablets and smart phones. 

One of eEye’s major strengths from a vulnerability perspective is our focus on 100% discovery of all vulnerabilities provided via our remote and optional local scanning agents that cover windows, non-windows, networking devices, databases, applications, and web applications across physical and virtualized environments. So, it is only natural that eEye be the first vendor to offer robust vulnerability scanning for mobile devices as well.

Similar to our standard vulnerability management approach, which offers remote and local scanning options for maximum flexibility and visibility, we’re currently working on both agentless and agent-based scanning support for mobile devices. Most customers that we’ve been working with have a significant investment in Blackberry. So, the first release – which is only a couple of weeks away – will focus on Blackberry devices. Next, we’ll provide vulnerability assessment for Android and iOS (in the queue for later this year).

The Blackberry BES Connector will be included with our Retina CS management console at no additional cost and will be provided free with a community version of the CS console – also shipping at the end of the month. Retina CS will support multiple BES Connectors that will connect to the BES admin service and pull back lots of data including hardware, apps, and configuration. The connectors can use both supported credential methods (AD or BAS). The default port that a BAS server listens on is 443, but it can be changed as needed. Both the BAS configuration and the CS Connector will allow you to specify a port.

Retina CS Connector Details

We will have an extensive list of built-in audits, but will also provide a lot of flexibility through custom device and application audits. Below is a simple example of custom audits that can be created to look for specific applications/versions being installed on devices.

Custom Device Audit

If you are familiar with Retina CS you will see that the configuration of the scanning, prioritization, and reporting on mobile devices is exactly the same for other asset types. As I mentioned the Blackberry support will be available to customers and to our community (a free license up to 128 assets!) in a couple of weeks.

I Need your Input

I look forward to gathering feedback through direct correspondence and through our community forums as we continue to enhance this offering to include Android and iOS later this year. As a first step, I’d like to get your feedback on mobile devices within your organization. Click here to answer a very short survey.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,