Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Role-Based Access for Your Teams

May 2, 2011

  • Blog
  • Archive

Regulatory controls all require the access restriction of sensitive data to the individuals that need to know. Many corporate policies also segregate users to access devices by geographical location or by platform and function. Vulnerability data is sensitive information. In the wrong hands, it provides a blueprint on how to potentially access systems without proper permissions and provisioning. Many discussions have occurred regarding how to safeguard this data internally and how trusting you should be of a SaaS solution to house this data. Regardless of the vulnerability management solution implementation, restricting improper access to assessment data has traditionally been IP address based. That is a list of IP addresses or host names which governs who has access to what vulnerability assessment data and assets. People generally refer to these as “Sites” or “Policies”. Within eEye we refer to them as “Smart Groups”.

In many organizations, IP addresses are not allocated per business function. Subnets can have a mix of printers, desktops, and occasionally servers. Subnets are generally allocated for the raised floor, DMZ, and other supporting infrastructure but the user space and supporting infrastructure is generally all over the board and not standardized. Many companies still do not even use standardized naming conventions for hosts and this represents another challenge for asset identification. So, how do you build role based access for a Desktop Administrator when they may have a dynamic IP list to manage; especially in consideration of DHCP? How would you delegate VA data to the infrastructure team for let’s say for only Cisco devices? Do you even have a list of all the devices that can be imported and is it maintained regularly for corrected assessment and ultimately proper role based access?

In a previous blog, I discussed advanced targeting techniques with Retina CS and how a Smart Group can be constructed on any OS, software installed, patterns in the host name, etc. Consider this technique also applies to the Role Based Access Model within Retina CS. Various Smart Groups can be constructed for only Desktop Operating Systems, Windows Servers, Red Hat Linux, or even only Cisco Devices completely independent of the IP addresses assigned to them. Retina CS will maintain the group automatically with each subsequent scan of the target and keep them up to date regardless of host name or any other traditional “Site” based techniques. The User Based Security Model within Retina CS allows you then to assign User Groups to the Smart Groups and control access based on business function rather than just traditional IP space. If users are uncomfortable with that model, Smart Groups can be built from Address Groups and Active Directory just like any other traditional VA solution or even better, a combination of both! Users can be restricted to a certain platform or device type and the IP range it may be present in. For an enterprise environment, this is priceless. A remote office can have VA data solely for a Desktop Admin in the building he/she works in regardless of DHCP and device type; workstation or laptop.

Consider that role based access for your vulnerability assessment data means so much more in the proper hands rather than in the wrong hands. It can improve your overall security posture and make sure individual teams are response for their security patches and not just the security team providing reports on how to fix the problem. Role based access is a fundamental part of Retina CS and will help you change the way you manage vulnerability data within your environment; secure, role based, and business function delegated. For more information on Retina CS, please click here.

Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.