BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Another First to Market by eEye: Vulnerability Management for Virtual Apps

Posted October 20, 2011    Brad Hibbert

More and more organizations are implementing virtualized solutions to reduce cost and gain strategic flexibility. As such, eEye continues to enhance Retina’s virtualized scanning capabilities to provide insight over the risks these assets raise for the business.

It’s always been such that Retina can scan hypervisors (VMware, Microsoft, and XEN based) and virtualized machines. In addition, this morning we announced major new enhancements to our virtualization strategy. Today, we are the first (and only, for a while) vulnerability management vendor to release and support two unique capabilities that demonstrate our commitment and alignment to our customers and their virtualization needs.

First, Vulnerability Scanning for Virtualized Applications

The trend toward virtualization has its benefits, but it also creates critical security gaps and leaves many organizations exposed. This gap is created through the deployment of virtualized applications. While I do not want to discuss the pros and cons of virtualizing applications, it definitely is a trend and we see many organizations “packaging” both Microsoft applications (including Office) and non-Microsoft applications including Adobe, Mozilla, and Firefox.

To virtualize applications, an administrator typically runs a wizard before and after an application is installed to detect and “package” all of the changes into a single “portable” file. This single file is the “virtualized application.” The challenge with virtualized applications from a vulnerability management perspective is three-fold:

  1. Detecting and scanning virtualized applications when the applications are not executing during the scan window
  2. Identifying where virtualized applications have been executed across the enterprise
  3. Identifying the vulnerabilities associated with the packaged applications

To close this gap and provide 100% visibility of vulnerabilities, eEye has added the ability to scan applications virtualized with VMware’s ThinApp technology. The ThinApp scanning capability is now available in both Retina and Retina CS commercial and community versions. Customers who are leveraging ThinApp applications simply click a checkbox and the rest is taken care of for them. eEye is also planning support for Microsoft App-V.

Through our partnership with VMware and direct integration into the ThinApp SDK, the Retina solution available in October can:

  1. Scan an enterprise and detect where ThinApp applications have been executed and provide centralized reporting over ThinApp application installations.

Software Enumeration

  1. Locate and “Look inside” the ThinApp packages to scan for application vulnerabilities and provide step-by-step guidance to remediate the vulnerabilities.

Scan Result 

  1. In addition to the extensive built-in audits created by our research team, customers can also create custom audits to detect vulnerabilities in custom or unique applications that an organization may be using.

 Audit Wizard  

Second, Configuration/Benchmark Scanning for ESX Server

Managing appropriate configurations is a good proactive approach to mitigating risks and attacks in both the physical and virtual assets. To automate this process, eEye is the first vulnerability vendor to support ESX configuration assessment within its unified scan engine, Retina. With the built-in Retina OVAL certified SCAP engine, customers can use industry or custom benchmarks for their virtual servers to provide ongoing configuration assessment and analysis.

Again, driven by our customers and market trends, eEye is the first to release this level of virtualized application scanning to solve a real problem for customers. We encourage your feedback and comments. Do you use virtualization in your infrastructure? How are you using it?

Need it? Get it for free, for up to 128 IPs

If you have not seen the new Retina products, you can download the free 128 IP Community versions from http://www.eeye.com/products/retina/community.

 

Leave a Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,