- Scan windows should permit jobs to be paused and resumed or aborted when the end of a scan window is reached.
- Scan windows should be configurable per scan job, globally, or per scan engine to meet individual business requirements.
- Scan windows should be calendar-based by time and day in order to enforce change control windows.
- A methodology should be available for continuous scanning when assessments must adhere to strict change control windows.
Retina Protection Agents are located on systems that require periodic vulnerability assessment. In this case, scan windows are not applicable because the status and location of the assets is never fully known and cannot be scanned through the internet or made available reliably for change control windows. Therefore, the local Retina agent performs a scheduled assessment locally and, when it is connected to the Internet (or internal network), transmits the results to BeyondInsight for analytics and reporting. The results produce vulnerability data that meets continuous monitoring requirements and addresses any scan windows that may be in place by policy. The Window of Opportunity for vulnerability assessment is changing. For example, PCI DSS 3.0 requires more continuous assessments and scans to be scheduled as a part of normal business practices versus just once per quarter. In order to meet these goals, vulnerability management tools need to manage scan windows with incredible flexibility and adhere to internal policies while allowing assessments to occur more frequently. BeyondInsight provides the features to control scan windows with incredible ease and exceed the requirements with localized agents when no Window of Opportunity can be established. Below is an example of how to perform scan window scheduling on a per job basis:
For more information on how BeyondTrust can help you manage scan windows, please contact us at email@example.com. We look forward to helping your organization perform successful vulnerability assessments with the best reporting in the industry.