NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Retina CS 4.5 - Calendars and Vulnerability Smart Rules

May 21, 2013

  • Blog
  • Archive
One of the many challenges facing Product Management today is addressing client feature requests. Often times, the request for a specific business problem does not translate to other customers or markets. Other times, the request is so complicated to explain, it takes multiple discussions to figure out the root problem and to figure out if the technology can be adapted to even solve the problem. Once in a while, these two challenges overlap with multiple clients and you can state, “ I can do that!” For the release of Retina CS 4.5, this overlap felt like hitting the lottery and we were able to address a few complex issues that target multiple lines of business. I would like to share a few with you that will be released very soon. Audit Groups First, is the relatively simple concept of audit groups (some of you may refer to them as plug-ins). These are static groups that are manually built by the end user or are automatically updated using a service to include new audits or depreciate obsolete checks. Most clients use groups like “All Audits” to perform their scans or targeted groups based on Report Templates. The problem my clients have been trying to solve is how to automatically build these groups based on business logic. This concept is a challenge for every vulnerability assessment tool on the market; not just for Retina, and no one has found a good solution to recover the wasted time required to do this. For example, if the Desktop Team wants to target Adobe vulnerabilities every month, they need to create a new audit group (manually in every tool on the market today) that contains just these checks. Next month, they need to update the group with a new set of queries to include any changes and re-save the audit group. Basically, they run a search, select the changes and save out the difference. If they don’t, they will not be including any new updates and may not remove any depreciated checks. This type of targeting extends into every facet of a business. Users that want to check for Zero-Day, Denial of Service, or even CVE vulnerabilities by year would need to manually build and rebuild the group to include changes. Retina CS 4.5 has addressed this problem with Vulnerability Smart Rules. Vulnerability Smart Rules Vulnerability Smart Rules allow users to build groups based on any criteria found in a vulnerability audit. This logic can then be used to dynamically build asset groups, asset filters, and even dynamic audit groups and keep them up to date with no user intervention – at all. For example, if I wanted to build an Audit Group that dynamically updated to include only critical vulnerabilities for a specific vendor, it can. The engine will automatically process any audit updates to the database and rebuild the audit group when needed to include only these checks. These can be used for scheduled scans (with no user intervention) or to filter existing data on the fly for viewing and reports. Below is an example of this new powerful dynamic audit group capability: smart-rules Consider the possibilities and complexity that can now be automated to look for specific application checks or even database vulnerabilities without manually tweaking your targeting parameters for every scan. Calendars The second feature sounds silly to be discussing but natural to everyone that uses and lives within a calendar for daily conference calls, meetings, and tasks. Traditional vulnerability assessment solutions list scheduled scan jobs and reports in a grid. This is basic job scheduling that includes a sort-able list of what the job name is, when it is scheduled, and other criteria. The problem arises in the enterprise when they have to figure out what to do with hundreds of scan engines, dozens of reports, and a list that covers multiple pages. It is a burden to work with standard filter controls and search dialogue boxes. Furthermore, color coded icons make it difficult to see what runs when and overall their status. To handle more complex jobs clients have been requesting additional metrics and tabs. It took a moment of clarity to reinvent this process the way we do business today and what we came up with is a calendar for scheduling. In Retina CS 4.5, BeyondTrust proudly introduces a brand new calendar view for scheduled scan jobs and reports. This context shows a month at a time, all the jobs scheduled and all the reports completed for each assessment. This is a simple and effective method to handle an age old problem, how to manage your tasks day by day. Below is an example of this new perspective: retina-cs-calendar As a Product Manager, translating a client’s needs to technology requires some creativity, talented programmers, and a little luck. Figuring out common problems, sorting through endless feature enhancement requests, and getting lucky with a solution that solves multiple problems just makes the technology better for everyone. Retina CS 4.5 has dozens of new features like these that help put context around your users and assets, and measures their risk to the organization. Stayed tuned, there is more to come on Retina CS 4.5.
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.