BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Another First to Market by eEye: Vulnerability Management for Virtual Apps

Posted October 20, 2011    Brad Hibbert

More and more organizations are implementing virtualized solutions to reduce cost and gain strategic flexibility. As such, eEye continues to enhance Retina’s virtualized scanning capabilities to provide insight over the risks these assets raise for the business.

It’s always been such that Retina can scan hypervisors (VMware, Microsoft, and XEN based) and virtualized machines. In addition, this morning we announced major new enhancements to our virtualization strategy. Today, we are the first (and only, for a while) vulnerability management vendor to release and support two unique capabilities that demonstrate our commitment and alignment to our customers and their virtualization needs.

First, Vulnerability Scanning for Virtualized Applications

The trend toward virtualization has its benefits, but it also creates critical security gaps and leaves many organizations exposed. This gap is created through the deployment of virtualized applications. While I do not want to discuss the pros and cons of virtualizing applications, it definitely is a trend and we see many organizations “packaging” both Microsoft applications (including Office) and non-Microsoft applications including Adobe, Mozilla, and Firefox.

To virtualize applications, an administrator typically runs a wizard before and after an application is installed to detect and “package” all of the changes into a single “portable” file. This single file is the “virtualized application.” The challenge with virtualized applications from a vulnerability management perspective is three-fold:

  1. Detecting and scanning virtualized applications when the applications are not executing during the scan window
  2. Identifying where virtualized applications have been executed across the enterprise
  3. Identifying the vulnerabilities associated with the packaged applications

To close this gap and provide 100% visibility of vulnerabilities, eEye has added the ability to scan applications virtualized with VMware’s ThinApp technology. The ThinApp scanning capability is now available in both Retina and Retina CS commercial and community versions. Customers who are leveraging ThinApp applications simply click a checkbox and the rest is taken care of for them. eEye is also planning support for Microsoft App-V.

Through our partnership with VMware and direct integration into the ThinApp SDK, the Retina solution available in October can:

  1. Scan an enterprise and detect where ThinApp applications have been executed and provide centralized reporting over ThinApp application installations.

Software Enumeration

  1. Locate and “Look inside” the ThinApp packages to scan for application vulnerabilities and provide step-by-step guidance to remediate the vulnerabilities.

Scan Result 

  1. In addition to the extensive built-in audits created by our research team, customers can also create custom audits to detect vulnerabilities in custom or unique applications that an organization may be using.

 Audit Wizard  

Second, Configuration/Benchmark Scanning for ESX Server

Managing appropriate configurations is a good proactive approach to mitigating risks and attacks in both the physical and virtual assets. To automate this process, eEye is the first vulnerability vendor to support ESX configuration assessment within its unified scan engine, Retina. With the built-in Retina OVAL certified SCAP engine, customers can use industry or custom benchmarks for their virtual servers to provide ongoing configuration assessment and analysis.

Again, driven by our customers and market trends, eEye is the first to release this level of virtualized application scanning to solve a real problem for customers. We encourage your feedback and comments. Do you use virtualization in your infrastructure? How are you using it?

Need it? Get it for free, for up to 128 IPs

If you have not seen the new Retina products, you can download the free 128 IP Community versions from http://www.eeye.com/products/retina/community.

 

Leave a Reply

Additional articles

dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,
Chained to the phone

“I’d love to come, but I’m on-call”: Privilege management can relieve holiday help desk headaches

Posted December 3, 2014    Jason Silva

Part of working in IT means you put in your time “on-call.” Companies either don’t realize there is a better way to allow users to maintain administrative access to endpoints, or they remove admin rights from users but don’t account for the resulting operational inefficiencies.

Tags:
, , , , , , ,