BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Top Vulnerability Management Trending and Delta Reports

Post by Morey Haber April 1, 2011

Every organization wants to know where they are going and where they have been.  Performing an analysis on the here and now only gives a snapshot that gives little perspective into how things have progressed or patterns for the future. For vulnerability assessment, many clients rely on delta reports to compare scan jobs and data warehousing solutions to look at long term trends. Unfortunately, many tools lack this basic capability and users are left “hand jamming” reports themselves or ignoring the value of historical data.  eEye’s Retina solutions provide both capabilities and make the results easy to use for any organization.

The first solution I would like to review with you is Retina CS. Retina CS is a Unified Vulnerability Management Solution that allows full assessment, mitigation, and protection against vulnerabilities. It is results driven architecture that allows you to produce comprehensive results without asking technical questions about how do I get the data I need. One of the key elements in this approach is delta reporting.  A user can select any number of Delta Reports within the solution and provide a comparison for any two scans or all data collected between two time/date ranges filtered by logical groups. Below is a small sample for these delta report templates:

The results of these produce a list of assets with the changes identified and statistics regarding the changes (the data has been trimmed for illustration purposes):

This produces one of the best reports for monitoring change control in an environment and for snapshot based trending. This is a fundamental requirement of many regulatory compliance initiatives and a simple task with Retina CS.

The next step in trending is to see this data for long periods of time using a data warehouse solution. Retina Insight provides this perspective through a Vulnerabilities Delta Report by Month:

This perspective highlights which vulnerabilities have been added over time (due to auto updates of the vulnerability database), what the cumulative total is for the environment, and which vulnerabilities have been remediated and confirmed fix. As with the other blogs on this topic and sample reports, I am using the same sample database for this example. It is no surprise that things are looking worse over time and existing procedures are not mitigating the risks fast enough in relation to the expanding security threats identified.  (I am just glad this is a lab data and not a real client.) Now, what makes this graph so compelling is the drill down capabilities illustrated in  the partial screen shot below:

For any given month, a user can drill into the vulnerabilities by what was Removed (fixed), Added (new vulnerabilities added to the database and detected in the environment), and what is Existing (found month after month). This is my favorite vulnerability trending report and it provides that inherent view into the past and potentially what is to come.  I consider these two reports essential for any vulnerability management project. These are the top favorites for vulnerability management trending and delta reports within eEye Solutions.

For more information on eEye’s Unified Vulnerability Management solution, please click here.

Leave a Reply

Additional articles

smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,