BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Top Vulnerability Management Trending and Delta Reports

Posted April 1, 2011    Morey Haber

Every organization wants to know where they are going and where they have been.  Performing an analysis on the here and now only gives a snapshot that gives little perspective into how things have progressed or patterns for the future. For vulnerability assessment, many clients rely on delta reports to compare scan jobs and data warehousing solutions to look at long term trends. Unfortunately, many tools lack this basic capability and users are left “hand jamming” reports themselves or ignoring the value of historical data.  eEye’s Retina solutions provide both capabilities and make the results easy to use for any organization.

The first solution I would like to review with you is Retina CS. Retina CS is a Unified Vulnerability Management Solution that allows full assessment, mitigation, and protection against vulnerabilities. It is results driven architecture that allows you to produce comprehensive results without asking technical questions about how do I get the data I need. One of the key elements in this approach is delta reporting.  A user can select any number of Delta Reports within the solution and provide a comparison for any two scans or all data collected between two time/date ranges filtered by logical groups. Below is a small sample for these delta report templates:

The results of these produce a list of assets with the changes identified and statistics regarding the changes (the data has been trimmed for illustration purposes):

This produces one of the best reports for monitoring change control in an environment and for snapshot based trending. This is a fundamental requirement of many regulatory compliance initiatives and a simple task with Retina CS.

The next step in trending is to see this data for long periods of time using a data warehouse solution. Retina Insight provides this perspective through a Vulnerabilities Delta Report by Month:

This perspective highlights which vulnerabilities have been added over time (due to auto updates of the vulnerability database), what the cumulative total is for the environment, and which vulnerabilities have been remediated and confirmed fix. As with the other blogs on this topic and sample reports, I am using the same sample database for this example. It is no surprise that things are looking worse over time and existing procedures are not mitigating the risks fast enough in relation to the expanding security threats identified.  (I am just glad this is a lab data and not a real client.) Now, what makes this graph so compelling is the drill down capabilities illustrated in  the partial screen shot below:

For any given month, a user can drill into the vulnerabilities by what was Removed (fixed), Added (new vulnerabilities added to the database and detected in the environment), and what is Existing (found month after month). This is my favorite vulnerability trending report and it provides that inherent view into the past and potentially what is to come.  I consider these two reports essential for any vulnerability management project. These are the top favorites for vulnerability management trending and delta reports within eEye Solutions.

For more information on eEye’s Unified Vulnerability Management solution, please click here.

Leave a Reply

Additional articles

CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,
powerbroker-difference-1

Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

Tags:
, ,
Mac-Security-Enterprise

On Demand Webinar: Security Risk of Mac OS X in the Enterprise

Posted August 20, 2015    BeyondTrust Software

In the last several years, Mac administrators have come to realize that they may be just as vulnerable to exploits and malware as most other operating systems. New malware and adware is released all the time, and there have been serious vulnerabilities patched by Apple in the past several years, some of which may afford attackers full control of your systems.

Tags:
, ,