BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Another First to Market by eEye: Vulnerability Management for Virtual Apps

Posted October 20, 2011    Brad Hibbert

More and more organizations are implementing virtualized solutions to reduce cost and gain strategic flexibility. As such, eEye continues to enhance Retina’s virtualized scanning capabilities to provide insight over the risks these assets raise for the business.

It’s always been such that Retina can scan hypervisors (VMware, Microsoft, and XEN based) and virtualized machines. In addition, this morning we announced major new enhancements to our virtualization strategy. Today, we are the first (and only, for a while) vulnerability management vendor to release and support two unique capabilities that demonstrate our commitment and alignment to our customers and their virtualization needs.

First, Vulnerability Scanning for Virtualized Applications

The trend toward virtualization has its benefits, but it also creates critical security gaps and leaves many organizations exposed. This gap is created through the deployment of virtualized applications. While I do not want to discuss the pros and cons of virtualizing applications, it definitely is a trend and we see many organizations “packaging” both Microsoft applications (including Office) and non-Microsoft applications including Adobe, Mozilla, and Firefox.

To virtualize applications, an administrator typically runs a wizard before and after an application is installed to detect and “package” all of the changes into a single “portable” file. This single file is the “virtualized application.” The challenge with virtualized applications from a vulnerability management perspective is three-fold:

  1. Detecting and scanning virtualized applications when the applications are not executing during the scan window
  2. Identifying where virtualized applications have been executed across the enterprise
  3. Identifying the vulnerabilities associated with the packaged applications

To close this gap and provide 100% visibility of vulnerabilities, eEye has added the ability to scan applications virtualized with VMware’s ThinApp technology. The ThinApp scanning capability is now available in both Retina and Retina CS commercial and community versions. Customers who are leveraging ThinApp applications simply click a checkbox and the rest is taken care of for them. eEye is also planning support for Microsoft App-V.

Through our partnership with VMware and direct integration into the ThinApp SDK, the Retina solution available in October can:

  1. Scan an enterprise and detect where ThinApp applications have been executed and provide centralized reporting over ThinApp application installations.

Software Enumeration

  1. Locate and “Look inside” the ThinApp packages to scan for application vulnerabilities and provide step-by-step guidance to remediate the vulnerabilities.

Scan Result 

  1. In addition to the extensive built-in audits created by our research team, customers can also create custom audits to detect vulnerabilities in custom or unique applications that an organization may be using.

 Audit Wizard  

Second, Configuration/Benchmark Scanning for ESX Server

Managing appropriate configurations is a good proactive approach to mitigating risks and attacks in both the physical and virtual assets. To automate this process, eEye is the first vulnerability vendor to support ESX configuration assessment within its unified scan engine, Retina. With the built-in Retina OVAL certified SCAP engine, customers can use industry or custom benchmarks for their virtual servers to provide ongoing configuration assessment and analysis.

Again, driven by our customers and market trends, eEye is the first to release this level of virtualized application scanning to solve a real problem for customers. We encourage your feedback and comments. Do you use virtualization in your infrastructure? How are you using it?

Need it? Get it for free, for up to 128 IPs

If you have not seen the new Retina products, you can download the free 128 IP Community versions from http://www.eeye.com/products/retina/community.

 

Leave a Reply

Additional articles

Are Your Data Security Efforts Focused in the Right Area?

Posted January 28, 2015    Scott Lang

Vormetric Data Security recently released an insider threat report, with research conducted by HarrisPoll and analyzed by Ovum. Based on the survey responses, it is apparent that there is still a great deal of insecurity over data. However, the results also show that there may be misplaced investments to address those insecurities. I will explain…

Tags:
ghost

GHOST Vulnerability…Scary Indeed

Posted January 28, 2015    BeyondTrust Research Team

A vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considering remote, arbitrary code execution can be achieved. In an effort to avoid taxing DNS lookups, glibc developers introduced…

Tags:
,
dave-shackleford-headshot

Your New Years Resolution: Controlling Privileged Users

Posted January 27, 2015    Dave Shackleford

Is 2015 the year you get a better handle on security? The news last year was grim – so much so, in fact, that many in the information security community despaired a bit. Really, the end-of-the-year infosec cocktail parties were a bit glum. OK, let’s be honest, infosec cocktail parties are usually not that wild…

Tags:
, , ,