BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Posts Tagged ‘retina’

scanner-ui

Xen Server Escape Exploit News

In today’s ever expanding virtualized data center it’s critical to ensure hypervisors/host systems are properly secured and patched to prevent bleed over into often dense populations of the corporate infrastructure.  According to a recent blog post on Threatpost, French research firm VUPEN security has revealed exploit code that takes advantage of a vulnerability in Xen…

Post by Jerome Diggs September 10, 2012
Tags:
, , , , , , , , , , , ,
Java-Logo

Java Pwns Everyone…Again.

Java has a nasty habit of getting you owned. This latest 0day is no exception to the long-lived trend of reliable Java-based exploitation. Here’s what you need to know: The current exploitation method being employed in the wild right now leverages two zero day flaws in Java. The first flaw leverages an implementation issue (logic bug) within ClassFinder.findClass(), which is only present in Java 7.

Post by BeyondTrust Research Team August 30, 2012
Tags:
, , , , , , , ,
CustomAuditsAndroid1-680x607

Retina Now Offers Custom Audits for Android Devices

When a marketing buzz word sticks like BYOD (Bring Your Own Device), it is inevitable to see it everywhere in an effort to capitalize on the momentum; blogs, literature, SEO, social media, etc. In the past, we have seen great terms like “ecosystem”, “framework”, and my personal favorite “distributed computing”, rise and fall in marketing….

Post by Morey Haber May 16, 2012
Tags:
, , , , ,
img-mobile

A Basic Guide to SCAP

The Security Content Automation Protocol (SCAP, pronounced S-cap) is a suite of open standards that when referenced together, deliver an automated vulnerability management, measurement, and policy compliance evaluation for network assets. The first version of the suite specification focused on standardizing communication of endpoint related data and to provide a standardized approach to maintaining the…

Post by Morey Haber March 24, 2011
Tags:
, ,
cloud

Retina in the Cloud

We recently expanded our cloud-based security offerings with Retina Cloud, so I figured it was time to post my first blog on eEye and the cloud. eEye has been providing vulnerability scanning using a SaaS model since 2009 and today, we offer customers a variety of options with respect to vulnerability scanning from the “cloud”….

Post by Brad Hibbert March 10, 2011
Tags:
,
cloud-security-img

There Go My Files…To the Cloud!

One of the many challenges that every IT administrator faces is ensuring that confidential company information stays within the corporate network.  The network is scanned for vulnerabilities, patches are deployed, perimeter firewalls are in place, and endpoint protection products are installed – all in the battle to maintain a secure infrastructure. With all these measures…

Post by Chris Silva March 1, 2011
Tags:
, ,
bigdata-98x98

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 2

The odd part about writing weekly blogs is the amount of discussions that start internally, with clients directly, and sometimes through straight blog comments. After writing “A New Users Guide to Getting Started” article, my team indicated several really good ideas for a Part II follow-up blog. Simply, just getting started with vulnerability management is not enough….

Post by Morey Haber February 22, 2011
Tags:
, , ,
eye in the sky_smaller-resized-600.jpg

Top VM Reports for Daily Security

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a…

Post by Morey Haber February 15, 2011
Tags:
, ,
eye in the sky_smaller-resized-600.jpg

Monitoring Your Change Control Processes

I have responded to a number of RFPs (Request For Proposal) in my day and recently I have seen a trend in some of the questions. While the question varies between requests, there seems to be a growing trend that users want vulnerability assessment tools to not only identify vulnerabilities, but to also track changes to…

Post by Morey Haber February 3, 2011
Tags:
, , , ,
pillars

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 1

New users to vulnerability assessment often ask the same question: “How do I get started”? While this may sound incredibly generic for a security engineer, many companies have never had a vulnerability management process in place and are trying to comprehend the problems of missing patches, remediation prioritization, and risk acceptance. As a basic recommendation,…

Post by Morey Haber January 31, 2011
Tags:
, , ,