BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Top VM Reports for Daily Security

Post by Morey Haber February 15, 2011

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a daily summary of “what’s new” and decide what actions I want to do (to read or not to read). Now you may be asking what does this have to do with Vulnerability Management reports for Daily Security? Should your daily security involve combing through a hundred page report for the information you need or would a summary email, or even an alert, be better if something has changed that warrants your attention (what’s new)? I vote for the latter.

So how can you get your top vulnerability management reports for daily security? Every vendor in the vulnerability management space can create a vulnerability report and most can create some form of executive report. The executive report is good for a daily view of the overall assets that you may want to track. For a security professional, it lacks the depth and technical findings that might merit further investigation. So how do you get the best of both worlds for your daily view? How about a Score Card that provides that executive look, and allows drill down into the technical components if more details are needed.  Let’s start with an example of a regular Executive Report:

While this provides incredibly valuable information regarding the most vulnerable assets in the group and the last 30 days of vulnerabilities identified across the enterprise, it is not enough for the security professional to decide if they need to take immediate action. This problem is true for executive reports regardless of vulnerability management solution. It is top level information with little guidance for immediate corrective actions or process change on a daily basis.

Now let’s look at the concept of a Score Card Daily Report.  In lieu of just showing assets and vulnerabilities, having the report focus on the importance of the data related to my business helps understand the relevance of each vulnerability. Consider if your business was tied to the Healthcare vertical market.  Having each of these vulnerabilities map to compliance requirements and presented in a way that shows unaccepted risk would be more important; right ? Below is a sample from Retina Insight for this type of mapping:

On a daily or even a weekly basis, a Score Card report can be automatically produced showing you the vulnerabilities in your environment mapped to the technical requirements of HIPAA (or whatever regulations are applicable to your business).  This shows you the age of the vulnerabilities, how long they have been present in a single glance and are color coded to illustrate when problems have been identified longer than the acceptable threshold. From a security professionals point of view, the longer a vulnerability is present, and unpatched, the more likely it will be exploited. Vulnerabilities over 30 days are generally not acceptable unless you accept the risk and document the exclusion. So from this Score Card Report perspective, understanding the age vulnerabilities and how they relate to my business is just one of the top reports for daily security. These reports exist in Retina Insight for PCI, SOX, HIPAA, GLB, NERC/FERC, and many others.

Another report that  security professionals like on a daily basis is based on Alerts. This is the kind of “What’s New” in my environment that I should be aware of. Within Retina CS, a user has the ability to create Smart Groups and Smart Rules based on almost any discovered trait of a host. This includes the ability to build a rule based on newly discovered devices (or rogue) devices and send an email and report out when new devices are identified or changes occur. Below is a sample of this type of rule:

From a daily perspective, a security professional may want continuous monitoring on a sensitive network like one used for credit card payment transactions. All changes to the environment should be planned and documented accordingly, and no new devices should be coming online without following the proper processes. This type of alert would notify me when a new device is added, automatically build a logic group for any and all devices in that segment, and a scheduled report would tell me the details based on the scan used to identify the new devices. If the environment stays status quo, no alerts are generated and I receive my daily scan report via email. If changes occur, either new vulnerabilities or devices (depending on how I setup the rule), I am alerted and I can investigate deeper in my automatically delivered report. This meets the need of a high level summary with the ability to drill down just like the Score Card.

The top vulnerability management reports for daily security will vary per business and by requirements. The common theme is to make them relevant to your business and identify when unwarranted exceptions occur. eEye’s Retina solutions can do both and ease the burden of reporting on vulnerabilities for daily security management.

Tags:
, ,

Leave a Reply

Additional articles

insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,

Vulnerability Expert Forum Highlights: April 2014

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Post by Chris Burd April 16, 2014
Tags:
, , , , ,