BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Top Vulnerability Management Trending and Delta Reports

Posted April 1, 2011    Morey Haber

Every organization wants to know where they are going and where they have been.  Performing an analysis on the here and now only gives a snapshot that gives little perspective into how things have progressed or patterns for the future. For vulnerability assessment, many clients rely on delta reports to compare scan jobs and data warehousing solutions to look at long term trends. Unfortunately, many tools lack this basic capability and users are left “hand jamming” reports themselves or ignoring the value of historical data.  eEye’s Retina solutions provide both capabilities and make the results easy to use for any organization.

The first solution I would like to review with you is Retina CS. Retina CS is a Unified Vulnerability Management Solution that allows full assessment, mitigation, and protection against vulnerabilities. It is results driven architecture that allows you to produce comprehensive results without asking technical questions about how do I get the data I need. One of the key elements in this approach is delta reporting.  A user can select any number of Delta Reports within the solution and provide a comparison for any two scans or all data collected between two time/date ranges filtered by logical groups. Below is a small sample for these delta report templates:

The results of these produce a list of assets with the changes identified and statistics regarding the changes (the data has been trimmed for illustration purposes):

This produces one of the best reports for monitoring change control in an environment and for snapshot based trending. This is a fundamental requirement of many regulatory compliance initiatives and a simple task with Retina CS.

The next step in trending is to see this data for long periods of time using a data warehouse solution. Retina Insight provides this perspective through a Vulnerabilities Delta Report by Month:

This perspective highlights which vulnerabilities have been added over time (due to auto updates of the vulnerability database), what the cumulative total is for the environment, and which vulnerabilities have been remediated and confirmed fix. As with the other blogs on this topic and sample reports, I am using the same sample database for this example. It is no surprise that things are looking worse over time and existing procedures are not mitigating the risks fast enough in relation to the expanding security threats identified.  (I am just glad this is a lab data and not a real client.) Now, what makes this graph so compelling is the drill down capabilities illustrated in  the partial screen shot below:

For any given month, a user can drill into the vulnerabilities by what was Removed (fixed), Added (new vulnerabilities added to the database and detected in the environment), and what is Existing (found month after month). This is my favorite vulnerability trending report and it provides that inherent view into the past and potentially what is to come.  I consider these two reports essential for any vulnerability management project. These are the top favorites for vulnerability management trending and delta reports within eEye Solutions.

For more information on eEye’s Unified Vulnerability Management solution, please click here.

Leave a Reply

Additional articles

IRS-Data-Breach

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015    Morey Haber

The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”.

Tags:
, , ,
dave-shackleford-headshot

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

Tags:
, ,
Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.