BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

The Concept of Universal Integration

Posted August 16, 2010    Morey Haber

CNN recently reported that cell phones in Europe will soon benefit from a universal charger format. That means that regardless of the cell phone vendor you purchase, there will be one standard connector that will work for all of them. Unfortunately, here in the United States, we have no such regulations and the concept of universal connectors and communication eludes many common technologies.

Consider security technology. Integration between many vendors uses proprietary APIs, standard flat file formats from organizations like NIST, and other technologies borrowed from network management solutions such as SNMP and Syslog. There are very few, if any, real time integration protocols for security solutions that allow them to integrate and perform heterogeneous functions like network management solutions. Security solutions end up generating critical data and it is left to SIEM vendors to correlate the results. This is why third party integrations for security vendors create unique business opportunities before security information event managers even see the unprocessed results, and a strong technology integration partner program is imperative such that your security data in not an island and can be escalated to the appropriate departments.

Consider the concept of generic, universal integration. If a security solution can communicate with other tools using the most common formats like SNMP, Syslog, the Windows Event Log, and provide an open database schema, the concept of universal third-party integration is possible. Any other vendor able to accept these common formats can parse security data and provide additional correlation and business value. The larger question is how does this actually help my business. Consider the following integrations from eEye:

Big Fix – Provides vulnerability and configuration data from BigFix Agents and Retina scans in a single dashboard and reporting for all IP addressable devices

Agiliance – Provides complete GRC information for devices including Retina identified vulnerabilities and the ability to initiate patch management

RedSeal – Identification of security risks from discovered Retina vulnerabilities and native mapping technologies built into RedSeal in a single pane of glass view

ForeScout – Retina vulnerability results assist in critical NAC decisions for device access

Each of these solutions provide additional business value based on detailed integration and universal communication. Solutions with closed cloud architectures, or minimal export and API capabilities, provide only point solutions to a business’s vulnerability management needs. The concept of universal access and standards based communication is not new. Technology has adopted this concept down to cell phone chargers and verticals like network management and security benefit from their widespread adoption. The question really becomes: do your security solutions use these standards, are they certified on the most important ones, and do they ultimately partner with the leading vendors in the industry for technology integrations that can really impact your business and make you more secure? eEye does.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,