Every organization wants to know where they are going and where they have been. Performing an analysis on the here and now only gives a snapshot that gives little perspective into how things have progressed or patterns for the future. For vulnerability assessment, many clients rely on delta reports to compare scan jobs and data warehousing solutions to look at long term trends. Unfortunately, many tools lack this basic capability and users are left “hand jamming” reports themselves or ignoring the value of historical data. eEye’s Retina solutions provide both capabilities and make the results easy to use for any organization.
The first solution I would like to review with you is Retina CS. Retina CS is a Unified Vulnerability Management Solution that allows full assessment, mitigation, and protection against vulnerabilities. It is results driven architecture that allows you to produce comprehensive results without asking technical questions about how do I get the data I need. One of the key elements in this approach is delta reporting. A user can select any number of Delta Reports within the solution and provide a comparison for any two scans or all data collected between two time/date ranges filtered by logical groups. Below is a small sample for these delta report templates:
The results of these produce a list of assets with the changes identified and statistics regarding the changes (the data has been trimmed for illustration purposes):
This produces one of the best reports for monitoring change control in an environment and for snapshot based trending. This is a fundamental requirement of many regulatory compliance initiatives and a simple task with Retina CS.
The next step in trending is to see this data for long periods of time using a data warehouse solution. Retina Insight provides this perspective through a Vulnerabilities Delta Report by Month:
This perspective highlights which vulnerabilities have been added over time (due to auto updates of the vulnerability database), what the cumulative total is for the environment, and which vulnerabilities have been remediated and confirmed fix. As with the other blogs on this topic and sample reports, I am using the same sample database for this example. It is no surprise that things are looking worse over time and existing procedures are not mitigating the risks fast enough in relation to the expanding security threats identified. (I am just glad this is a lab data and not a real client.) Now, what makes this graph so compelling is the drill down capabilities illustrated in the partial screen shot below:
For any given month, a user can drill into the vulnerabilities by what was Removed (fixed), Added (new vulnerabilities added to the database and detected in the environment), and what is Existing (found month after month). This is my favorite vulnerability trending report and it provides that inherent view into the past and potentially what is to come. I consider these two reports essential for any vulnerability management project. These are the top favorites for vulnerability management trending and delta reports within eEye Solutions.
For more information on eEye’s Unified Vulnerability Management solution, please click here.