Another First to Market by eEye: Vulnerability Management for Virtual Apps

More and more organizations are implementing virtualized solutions to reduce cost and gain strategic flexibility. As such, eEye continues to enhance Retina’s virtualized scanning capabilities to provide insight over the risks these assets raise for the business. It's always been such that Retina can scan hypervisors (VMware, Microsoft, and XEN based) and virtualized machines. In addition, this morning we announced major new enhancements to our virtualization strategy. Today, we are the first (and only, for a while) vulnerability management vendor to release and support two unique capabilities that demonstrate our commitment and alignment to our customers and their virtualization needs. First, Vulnerability Scanning for Virtualized Applications The trend toward virtualization has its benefits, but it also creates critical security gaps and leaves many organizations exposed. This gap is created through the deployment of virtualized applications. While I do not want to discuss the pros and cons of virtualizing applications, it definitely is a trend and we see many organizations “packaging” both Microsoft applications (including Office) and non-Microsoft applications including Adobe, Mozilla, and Firefox. To virtualize applications, an administrator typically runs a wizard before and after an application is installed to detect and “package” all of the changes into a single “portable” file. This single file is the “virtualized application.” The challenge with virtualized applications from a vulnerability management perspective is three-fold:

1. Detecting and scanning virtualized applications when the applications are not executing during the scan window
2. Identifying where virtualized applications have been executed across the enterprise
3. Identifying the vulnerabilities associated with the packaged applications

To close this gap and provide 100% visibility of vulnerabilities, eEye has added the ability to scan applications virtualized with VMware’s ThinApp technology. The ThinApp scanning capability is now available in both Retina and Retina CS commercial and community versions. Customers who are leveraging ThinApp applications simply click a checkbox and the rest is taken care of for them. eEye is also planning support for Microsoft App-V. Through our partnership with VMware and direct integration into the ThinApp SDK, the Retina solution available in October can:

1. Scan an enterprise and detect where ThinApp applications have been executed and provide centralized reporting over ThinApp application installations.

Software Enumeration

2. Locate and “Look inside” the ThinApp packages to scan for application vulnerabilities and provide step-by-step guidance to remediate the vulnerabilities.

Scan Result

3. In addition to the extensive built-in audits created by our research team, customers can also create custom audits to detect vulnerabilities in custom or unique applications that an organization may be using.

Audit Wizard

Second, Configuration/Benchmark Scanning for ESX Server Managing appropriate configurations is a good proactive approach to mitigating risks and attacks in both the physical and virtual assets. To automate this process, eEye is the first vulnerability vendor to support ESX configuration assessment within its unified scan engine, Retina. With the built-in Retina OVAL certified SCAP engine, customers can use industry or custom benchmarks for their virtual servers to provide ongoing configuration assessment and analysis. Again, driven by our customers and market trends, eEye is the first to release this level of virtualized application scanning to solve a real problem for customers. We encourage your feedback and comments. Do you use virtualization in your infrastructure? How are you using it? Need it? Get it for free, for up to 128 IPs If you have not seen the new Retina products, you can download the free 128 IP Community versions from http://www.eeye.com/products/retina/community.