Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


Posts Tagged ‘Retina’


Java Pwns Everyone…Again.

Posted August 30, 2012    BeyondTrust Research Team

Java has a nasty habit of getting you owned. This latest 0day is no exception to the long-lived trend of reliable Java-based exploitation. Here’s what you need to know: The current exploitation method being employed in the wild right now leverages two zero day flaws in Java. The first flaw leverages an implementation issue (logic bug) within ClassFinder.findClass(), which is only present in Java 7.

, , , , , , , ,

Retina Now Offers Custom Audits for Android Devices

Posted May 16, 2012    Morey Haber

When a marketing buzz word sticks like BYOD (Bring Your Own Device), it is inevitable to see it everywhere in an effort to capitalize on the momentum; blogs, literature, SEO, social media, etc. In the past, we have seen great terms like “ecosystem”, “framework”, and my personal favorite “distributed computing”, rise and fall in marketing….

, , , , , ,

A Basic Guide to SCAP

Posted March 24, 2011    Morey Haber

The Security Content Automation Protocol (SCAP, pronounced S-cap) is a suite of open standards that when referenced together, deliver an automated vulnerability management, measurement, and policy compliance evaluation for network assets. The first version of the suite specification focused on standardizing communication of endpoint related data and to provide a standardized approach to maintaining the…

, ,

Retina in the Cloud

Posted March 10, 2011    Brad Hibbert

We recently expanded our cloud-based security offerings with Retina Cloud, so I figured it was time to post my first blog on eEye and the cloud. eEye has been providing vulnerability scanning using a SaaS model since 2009 and today, we offer customers a variety of options with respect to vulnerability scanning from the “cloud”….


There Go My Files…To the Cloud!

Posted March 1, 2011    Chris Silva

One of the many challenges that every IT administrator faces is ensuring that confidential company information stays within the corporate network.  The network is scanned for vulnerabilities, patches are deployed, perimeter firewalls are in place, and endpoint protection products are installed – all in the battle to maintain a secure infrastructure. With all these measures…

, ,

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 2

Posted February 22, 2011    Morey Haber

The odd part about writing weekly blogs is the amount of discussions that start internally, with clients directly, and sometimes through straight blog comments. After writing “A New Users Guide to Getting Started” article, my team indicated several really good ideas for a Part II follow-up blog. Simply, just getting started with vulnerability management is not enough….

, , ,
eye in the sky_smaller-resized-600.jpg

Top VM Reports for Daily Security

Posted February 15, 2011    Morey Haber

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a…

, ,
eye in the sky_smaller-resized-600.jpg

Monitoring Your Change Control Processes

Posted February 3, 2011    Morey Haber

I have responded to a number of RFPs (Request For Proposal) in my day and recently I have seen a trend in some of the questions. While the question varies between requests, there seems to be a growing trend that users want vulnerability assessment tools to not only identify vulnerabilities, but to also track changes to…

, , , ,

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 1

Posted January 31, 2011    Morey Haber

New users to vulnerability assessment often ask the same question: “How do I get started”? While this may sound incredibly generic for a security engineer, many companies have never had a vulnerability management process in place and are trying to comprehend the problems of missing patches, remediation prioritization, and risk acceptance. As a basic recommendation,…

, , ,

More Than Just Patch Management for Remediation

Posted December 9, 2010    Morey Haber

I have been combing though some vulnerability reports and the vast majority of remediation strategies revolve around applying a patch. Simple in concept; install this patch, and the vulnerability is mitigated. The difficulty arises when you have vast quantities of the patch to deploy, are unsure whether the security update breaks any other function or…

, , , , , , ,