BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Another First to Market by eEye: Vulnerability Management for Virtual Apps

Posted October 20, 2011    Brad Hibbert

More and more organizations are implementing virtualized solutions to reduce cost and gain strategic flexibility. As such, eEye continues to enhance Retina’s virtualized scanning capabilities to provide insight over the risks these assets raise for the business.

It’s always been such that Retina can scan hypervisors (VMware, Microsoft, and XEN based) and virtualized machines. In addition, this morning we announced major new enhancements to our virtualization strategy. Today, we are the first (and only, for a while) vulnerability management vendor to release and support two unique capabilities that demonstrate our commitment and alignment to our customers and their virtualization needs.

First, Vulnerability Scanning for Virtualized Applications

The trend toward virtualization has its benefits, but it also creates critical security gaps and leaves many organizations exposed. This gap is created through the deployment of virtualized applications. While I do not want to discuss the pros and cons of virtualizing applications, it definitely is a trend and we see many organizations “packaging” both Microsoft applications (including Office) and non-Microsoft applications including Adobe, Mozilla, and Firefox.

To virtualize applications, an administrator typically runs a wizard before and after an application is installed to detect and “package” all of the changes into a single “portable” file. This single file is the “virtualized application.” The challenge with virtualized applications from a vulnerability management perspective is three-fold:

  1. Detecting and scanning virtualized applications when the applications are not executing during the scan window
  2. Identifying where virtualized applications have been executed across the enterprise
  3. Identifying the vulnerabilities associated with the packaged applications

To close this gap and provide 100% visibility of vulnerabilities, eEye has added the ability to scan applications virtualized with VMware’s ThinApp technology. The ThinApp scanning capability is now available in both Retina and Retina CS commercial and community versions. Customers who are leveraging ThinApp applications simply click a checkbox and the rest is taken care of for them. eEye is also planning support for Microsoft App-V.

Through our partnership with VMware and direct integration into the ThinApp SDK, the Retina solution available in October can:

  1. Scan an enterprise and detect where ThinApp applications have been executed and provide centralized reporting over ThinApp application installations.

Software Enumeration

  1. Locate and “Look inside” the ThinApp packages to scan for application vulnerabilities and provide step-by-step guidance to remediate the vulnerabilities.

Scan Result 

  1. In addition to the extensive built-in audits created by our research team, customers can also create custom audits to detect vulnerabilities in custom or unique applications that an organization may be using.

 Audit Wizard  

Second, Configuration/Benchmark Scanning for ESX Server

Managing appropriate configurations is a good proactive approach to mitigating risks and attacks in both the physical and virtual assets. To automate this process, eEye is the first vulnerability vendor to support ESX configuration assessment within its unified scan engine, Retina. With the built-in Retina OVAL certified SCAP engine, customers can use industry or custom benchmarks for their virtual servers to provide ongoing configuration assessment and analysis.

Again, driven by our customers and market trends, eEye is the first to release this level of virtualized application scanning to solve a real problem for customers. We encourage your feedback and comments. Do you use virtualization in your infrastructure? How are you using it?

Need it? Get it for free, for up to 128 IPs

If you have not seen the new Retina products, you can download the free 128 IP Community versions from http://www.eeye.com/products/retina/community.

 

Leave a Reply

Additional articles

webinar 2

On Demand Webinar: Because Auditing Stinks Sometimes

Posted July 2, 2015    Lindsay Marsh

Auditing stinks. Well, mostly stinks. In this on demand webinar, lead by Group Policy MVP Jeremy Moskowitz, you’ll learn the three key tenets to real Group Policy auditing. Tenet 1: Why do you care about Group Policy auditing? Tenet 2: How does Eventing help you know “Who did what?” Tenet 3: How does Reporting tell…

Tags:
, , , ,
skeletonkey3_713678_713680

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

Tags:
, , , , ,
webinar 2

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

Tags:
, ,