Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Exploitability in Context

March 28, 2012

  • Blog
  • Archive

Every year there are literally tens of thousands of new vulnerabilities discovered across the various software and hardware technologies we rely upon every day. Simple math would seem to dictate an impossible task to manage all of these vulnerabilities and to make the real-world, priority-based decisions on them. Vulnerability management is one thing, but for enterprise IT and security teams to truly stay ahead of today's sophisticated attack requires the combination of vulnerability management with threat and exploit intelligence - the processing and analysis of the big security data within your environment.

How are you prioritizing vulnerabilities?

One method to better prioritize your own plan of attack is by understanding which of the thousands of vulnerabilities are actively being leveraged by attackers to break into computer networks. For all the vulnerabilities discovered every year there is a much smaller percentage of vulnerabilities that are ever used within attacks. One of the very powerful capabilities of our Retina CS vulnerability management suite is the ability to quickly see which vulnerabilities have associated exploits, or are even being used by criminals in active exploit toolkits. The ability to run a point-in-time report that shows the mapping between your vulnerabilities and active exploits can be a very powerful tool in your arsenal in staying one step ahead of network attacks. This point-in-time capability is made even more useful when you marry that with the trending reporting made easily available in Retina CS. This provides that visual representation of your assets, their vulnerabilities and associated attacks over time - quickly telling you how organizational changes might be impacting your ability to manage critical vulnerabilities - for better or worse.

Understand your security exposure.

It’s important to keep track of historical data and be able to incorporate it in whichever fashion makes most sense to your environment and needs. Often times historical trending data can be too high level and lose its meaning or you are bound by pre-built trending reports. With Retina CS’s threat intelligence engine - Retina Insight - you can generate the trending data that is specific to your particular context - not what a security vendor thinks might be your optimal view.

As an example, maybe you want to track the number of open vulnerabilities with known exploits over time. Furthermore, you may want to enhance this data and filter by “Smart Groups” which can be assets within business units or operating systems, or assets directly queried from your Active Directory.

To add more context and intelligence to the report you may find yourself adding other parameters such as a filter by exploitable vulnerabilities that have been unpatched for X number of days, or filter by vulnerabilities which are fixable via a configuration change, security update or are of a zero-day category. These reports are easily created via our Pivot Grid with easy click and drag actions and will auto-generate both numerical and graphical representations of the data you want to trend. At the end of the day these highly customizable and automatable reports will enhance your understanding of your security exposure around the topics that matter must to you.

Security in Context.

So how quickly are you remediating exploitable vulnerabilities in your environment? How has your progress changed over time? If you cannot answer these questions, you might be in need of a more capable Threat Management solution.

Take a test drive of Retina CS now.

The report below shows number of open exploitable vulnerabilities per month by Smart Groups.

The report below shows the number of open exploitable vulnerabilities per month by operating system.

Photograph of Alejandro DaCosta

Alejandro DaCosta, Product Manager

As Product Manager, Alex DaCosta is responsible for designing the company’s Vulnerability Management solutions. Alex joined BeyondTrust via the company’s acquisition of eEye Digital Security, where he held senior positions as Security Engineer in both pre and post sales operations. As a Senior Security Engineer, Alex was responsible for the success of demonstrating, architecting and implementing the Company’s enterprise solutions. Alex graduated from California State University, Long Beach with a Bachelors of Science Degree in Management Information Systems.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.