BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Sneak Peek: Free Mobility Scanning from eEye

Posted September 21, 2011    Brad Hibbert

With mobile devices and smart phones representing 40% of all mobile phones in the US, consumerization continues to blur the corporate boundary as employees expect and require consistent access to corporate services from wherever they are, on any device they’re using—desktops, laptops, tablets and smart phones. 

One of eEye’s major strengths from a vulnerability perspective is our focus on 100% discovery of all vulnerabilities provided via our remote and optional local scanning agents that cover windows, non-windows, networking devices, databases, applications, and web applications across physical and virtualized environments. So, it is only natural that eEye be the first vendor to offer robust vulnerability scanning for mobile devices as well.

Similar to our standard vulnerability management approach, which offers remote and local scanning options for maximum flexibility and visibility, we’re currently working on both agentless and agent-based scanning support for mobile devices. Most customers that we’ve been working with have a significant investment in Blackberry. So, the first release – which is only a couple of weeks away – will focus on Blackberry devices. Next, we’ll provide vulnerability assessment for Android and iOS (in the queue for later this year).

The Blackberry BES Connector will be included with our Retina CS management console at no additional cost and will be provided free with a community version of the CS console – also shipping at the end of the month. Retina CS will support multiple BES Connectors that will connect to the BES admin service and pull back lots of data including hardware, apps, and configuration. The connectors can use both supported credential methods (AD or BAS). The default port that a BAS server listens on is 443, but it can be changed as needed. Both the BAS configuration and the CS Connector will allow you to specify a port.

Retina CS Connector Details

We will have an extensive list of built-in audits, but will also provide a lot of flexibility through custom device and application audits. Below is a simple example of custom audits that can be created to look for specific applications/versions being installed on devices.

Custom Device Audit

If you are familiar with Retina CS you will see that the configuration of the scanning, prioritization, and reporting on mobile devices is exactly the same for other asset types. As I mentioned the Blackberry support will be available to customers and to our community (a free license up to 128 assets!) in a couple of weeks.

I Need your Input

I look forward to gathering feedback through direct correspondence and through our community forums as we continue to enhance this offering to include Android and iOS later this year. As a first step, I’d like to get your feedback on mobile devices within your organization. Click here to answer a very short survey.

Leave a Reply

Additional articles

webinar 2

On Demand Webinar: Because Auditing Stinks Sometimes

Posted July 2, 2015    Lindsay Marsh

Auditing stinks. Well, mostly stinks. In this on demand webinar, lead by Group Policy MVP Jeremy Moskowitz, you’ll learn the three key tenets to real Group Policy auditing. Tenet 1: Why do you care about Group Policy auditing? Tenet 2: How does Eventing help you know “Who did what?” Tenet 3: How does Reporting tell…

Tags:
, , , ,
skeletonkey3_713678_713680

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

Tags:
, , , , ,
webinar 2

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

Tags:
, ,