BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Sneak Peek: Free Mobility Scanning from eEye

Posted September 21, 2011    Brad Hibbert

With mobile devices and smart phones representing 40% of all mobile phones in the US, consumerization continues to blur the corporate boundary as employees expect and require consistent access to corporate services from wherever they are, on any device they’re using—desktops, laptops, tablets and smart phones. 

One of eEye’s major strengths from a vulnerability perspective is our focus on 100% discovery of all vulnerabilities provided via our remote and optional local scanning agents that cover windows, non-windows, networking devices, databases, applications, and web applications across physical and virtualized environments. So, it is only natural that eEye be the first vendor to offer robust vulnerability scanning for mobile devices as well.

Similar to our standard vulnerability management approach, which offers remote and local scanning options for maximum flexibility and visibility, we’re currently working on both agentless and agent-based scanning support for mobile devices. Most customers that we’ve been working with have a significant investment in Blackberry. So, the first release – which is only a couple of weeks away – will focus on Blackberry devices. Next, we’ll provide vulnerability assessment for Android and iOS (in the queue for later this year).

The Blackberry BES Connector will be included with our Retina CS management console at no additional cost and will be provided free with a community version of the CS console – also shipping at the end of the month. Retina CS will support multiple BES Connectors that will connect to the BES admin service and pull back lots of data including hardware, apps, and configuration. The connectors can use both supported credential methods (AD or BAS). The default port that a BAS server listens on is 443, but it can be changed as needed. Both the BAS configuration and the CS Connector will allow you to specify a port.

Retina CS Connector Details

We will have an extensive list of built-in audits, but will also provide a lot of flexibility through custom device and application audits. Below is a simple example of custom audits that can be created to look for specific applications/versions being installed on devices.

Custom Device Audit

If you are familiar with Retina CS you will see that the configuration of the scanning, prioritization, and reporting on mobile devices is exactly the same for other asset types. As I mentioned the Blackberry support will be available to customers and to our community (a free license up to 128 assets!) in a couple of weeks.

I Need your Input

I look forward to gathering feedback through direct correspondence and through our community forums as we continue to enhance this offering to include Android and iOS later this year. As a first step, I’d like to get your feedback on mobile devices within your organization. Click here to answer a very short survey.

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,