BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Tidings from the Year 2036: The Search for Relevant Security Data

Posted June 24, 2014    Morey Haber

A few years ago, I wrote a blog post about finding personal information online. I recently Googled myself again to see who knows what about me. I expected to find some posts and papers I’ve written, and maybe some of my contact details. Instead, the majority of the first-page results associate my name with a certain John Titor, “time traveller” from the year 2036. Sadly, this isn’t true (I’d be a much richer man if it were).

So what does this have to do with BeyondTrust? Well, it’s about the power of search and the importance of being able to find the information you need. With the overload of data available from security solutions today, the ability to quickly find relevant, meaningful information can mean the difference between maintaining a secure environment and suffering a breach.

Let’s take a look at the search capabilities within the BeyondInsight IT Risk Management Platform, which serves as a centralized management, analytics and reporting console for several of our vulnerability and privilege management solutions. To start with, all grids and panels in the BeyondInsight console have powerful search and filter bars:

blog-tidings-img1

BeyondInsight users can enter any expression or word to search for a specific asset, vulnerability, attack, user, event, etc. While this is basic functionality, the sheer fact that this functionality exists in every management grid is incredible. This means that if you ever find yourself overwhelmed with results, you can filter and search to home in on the data you need. Even more importantly, the old-school floppy disk icon allows you to save the results view to a CSV or XLS.

So what else can we turn up in BeyondInsight? Lets take a look at the Analytics and Reporting Module, which delivers over 260 reports plus a structured big data warehouse. If you’re not sure where to look, you can find specific report by entering a simple query, such as “Export”:

blog-tidings-img2

The results for “Export” include all the reports capable of exporting data in flat formats. We can then drill down further by searching within the reports for specific assets, accounts, vulnerabilities, etc.

In this day and age of omniscient Internet search engines, you’d think these seemingly basic search capabilities would be standard in all software solutions. However, take a close look at other security solutions, and you’ll find search capabilities to be lacking to say the least. Users are often forced to generate the report, download the results, and use native tools like PDF search. These long-winded approaches to pinpointing security data can be just as cumbersome as using Google to find information on a specific person. You need to scroll through pages of results, or attempt to narrow your search parameters to exactly what you need.

It would be so much easier to simply save the search filters or parameters to display exactly what you need and what you want others to see. BeyondInsight Smart Rules enable you to do just that: build targeted searches, narrow them to what you need, and save them for later use.

blog-tidings-img3

BeyondTrust solutions are designed and implemented to find the data you need to be productive and efficient. Whether you’re filtering results, finding a report template, or building saved queries, the technology delivers actionable results – not guesses based on similar fields or false positives.

As I mentioned above, a Google search of my name returns several false positives. I really need a Smart Filter to remove the garbage and show only the work I’m doing at BeyondTrust. If you’re a BeyondInsight customer, you’ll find that you have it much easier.

> Learn more about BeyondInsight for vulnerability and privilege management
> Learn about the Retina CS vulnerability reporting capabilities in BeyondInsight

Tags:
, , , , , , , , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,