Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Retina Now Offers Custom Audits for Android Devices

May 16, 2012

  • Blog
  • Archive
When a marketing buzz word sticks like BYOD (Bring Your Own Device), it is inevitable to see it everywhere in an effort to capitalize on the momentum; blogs, literature, SEO, social media, etc. In the past, we have seen great terms like "ecosystem", "framework", and my personal favorite "distributed computing", rise and fall in marketing. Fortunately, some of these buzz words are more realistic than others and really do pose a challenge to many companies. It is not just about the latest and greatest technology or security threat, but what really matters to the business. BYOD is one of those terms that really does matter and is a real problem. eEye, like many organizations, does support BYOD. We have a wide mix of devices from Android to Apple to WebOS (PalmOS) connected with various parts of our infrastructure with a myriad of security tools, firewalls, and access control lists filtering content and visibility. This is no surprise and for corporations supporting BYOD, I would expect the same; or at least hope so. As businesses struggle to reduce costs, BYOD, provides an upfront cost savings by allowing employees to bring their own devices to work in lieu of potential capital expenses to acquire them. One of the hidden costs is how to maintain proper security for these devices and fundamentally what risks they present for vulnerability assessment and even custom auditing on top of costs for securing connectivity. Retina has taken the traditional approach of vulnerability assessment for Android devices to a new level to solve this problem. With the release of Retina CS 3.1 and Retina Community 3.1, eEye is offering for free a vulnerability assessment agent for Android devices from the Google Play Store (formerly Google Market Place). Download from Google Play Now. As users begin to connect these devices to the corporate infrastructure, primarily through email, they can assess if their device has inherent vulnerabilities that could cause unnecessary risk to the business via vulnerable applications like Google Wallet or Adobe Flash. When used as a standalone agent, all of the findings and remediation steps are presented directly on the device, and when connected to Retina CS, all of the results are correlated in the management console, just like any other asset, for complete zero-gap vulnerability management coverage. The solution however, does not just stop at assessments for Android devices, it allows for custom configuration and auditing to meet the needs of your business policies. Retina complements MDM solutions with additional flexibility for vulnerability and configuration policies. Consider that your policy for BYOD states that USB debugging should be off or that if you connect your device to the infrastructure, certain applications must be installed (for additional security like anti-virus) or are explicitly denied from being installed (like a faux version Angry Birds that contains malware). Retina CS (and CS Community) allow for you to perform this inventory. An MDM solution may be setup to enforce these but Retina Android Agents allow you to verify these settings on the actual device and create custom ones beyond the scope of your MDM solution. Mobile devices (smartphones and tablets) represent an entirely new way to do business. Everything from accepting credit cards (which fall under PCI DSS compliance regulations and making vulnerability assessment a must have on these devices) to allowing users to connect and bring their latest gadgets to work pose a new security challenge for IT and security departments. Emphasizing security restrictions on connectivity is not enough. Assessing these devices, that are outside of the corporate firewalls and IDS/IPS systems, is a must. Whether you rely on just an MDM vendor for your security, have mandated anti-virus on these devices, or have sat down and seriously considered the risks these devices represent, do not forget that they are vulnerable just like other desktops and servers within your environment. The marketing buzz may be about BYOD but remember the real buzz is within your organization and you must consider how you will manage mobile devices. They are the proverbial "hand-held keys" to the internal workings of your business; from emails, to contact lists, to possible mail attachments. They should be assessed for vulnerabilities and configuration violations just like any other device. Just like every other industry buzz in the past, like "working from home", and "mobile workforce" with laptops, these devices need the same considerations and protection. Retina can get you started. Download from the Google Play Store now.

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.