BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Top VM Reports for Daily Security

Posted February 15, 2011    Morey Haber

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a daily summary of “what’s new” and decide what actions I want to do (to read or not to read). Now you may be asking what does this have to do with Vulnerability Management reports for Daily Security? Should your daily security involve combing through a hundred page report for the information you need or would a summary email, or even an alert, be better if something has changed that warrants your attention (what’s new)? I vote for the latter.

So how can you get your top vulnerability management reports for daily security? Every vendor in the vulnerability management space can create a vulnerability report and most can create some form of executive report. The executive report is good for a daily view of the overall assets that you may want to track. For a security professional, it lacks the depth and technical findings that might merit further investigation. So how do you get the best of both worlds for your daily view? How about a Score Card that provides that executive look, and allows drill down into the technical components if more details are needed.  Let’s start with an example of a regular Executive Report:

While this provides incredibly valuable information regarding the most vulnerable assets in the group and the last 30 days of vulnerabilities identified across the enterprise, it is not enough for the security professional to decide if they need to take immediate action. This problem is true for executive reports regardless of vulnerability management solution. It is top level information with little guidance for immediate corrective actions or process change on a daily basis.

Now let’s look at the concept of a Score Card Daily Report.  In lieu of just showing assets and vulnerabilities, having the report focus on the importance of the data related to my business helps understand the relevance of each vulnerability. Consider if your business was tied to the Healthcare vertical market.  Having each of these vulnerabilities map to compliance requirements and presented in a way that shows unaccepted risk would be more important; right ? Below is a sample from Retina Insight for this type of mapping:

On a daily or even a weekly basis, a Score Card report can be automatically produced showing you the vulnerabilities in your environment mapped to the technical requirements of HIPAA (or whatever regulations are applicable to your business).  This shows you the age of the vulnerabilities, how long they have been present in a single glance and are color coded to illustrate when problems have been identified longer than the acceptable threshold. From a security professionals point of view, the longer a vulnerability is present, and unpatched, the more likely it will be exploited. Vulnerabilities over 30 days are generally not acceptable unless you accept the risk and document the exclusion. So from this Score Card Report perspective, understanding the age vulnerabilities and how they relate to my business is just one of the top reports for daily security. These reports exist in Retina Insight for PCI, SOX, HIPAA, GLB, NERC/FERC, and many others.

Another report that  security professionals like on a daily basis is based on Alerts. This is the kind of “What’s New” in my environment that I should be aware of. Within Retina CS, a user has the ability to create Smart Groups and Smart Rules based on almost any discovered trait of a host. This includes the ability to build a rule based on newly discovered devices (or rogue) devices and send an email and report out when new devices are identified or changes occur. Below is a sample of this type of rule:

From a daily perspective, a security professional may want continuous monitoring on a sensitive network like one used for credit card payment transactions. All changes to the environment should be planned and documented accordingly, and no new devices should be coming online without following the proper processes. This type of alert would notify me when a new device is added, automatically build a logic group for any and all devices in that segment, and a scheduled report would tell me the details based on the scan used to identify the new devices. If the environment stays status quo, no alerts are generated and I receive my daily scan report via email. If changes occur, either new vulnerabilities or devices (depending on how I setup the rule), I am alerted and I can investigate deeper in my automatically delivered report. This meets the need of a high level summary with the ability to drill down just like the Score Card.

The top vulnerability management reports for daily security will vary per business and by requirements. The common theme is to make them relevant to your business and identify when unwarranted exceptions occur. eEye’s Retina solutions can do both and ease the burden of reporting on vulnerabilities for daily security management.

Tags:
, ,

Leave a Reply

Additional articles

Larry-Brock-CISO

Passwords: A Hacker’s Best Friend

Posted September 1, 2015    Larry Brock

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. But they aren’t.

Tags:
, ,
CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,
powerbroker-difference-1

Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

Tags:
, ,