Mobilize Your Security Village
Connected threat and vulnerability intelligence provides businesses with improved contextual awareness so they can make smarter, more well-informed security decisions. That’s how we flip the game on our adversaries and take control of vulnerabilities. It’s time to enlist the eyes and ears of your “security village”, automate their interactions, and coordinate their intelligence to pinpoint and eliminate high risk vulnerabilities and to uncover and track emerging threats.
Are We Winning or Losing?
Over the past two decades, the basic approach to managing software vulnerabilities has consistently remained: discover assets-> audit for vulnerabilities-> prioritize and patch-> report on progress. However, despite widespread deployment of vulnerability management technologies, few organizations have been able to decisively put a check in the win column.
Cyber security statistics in 2016 paint a bleak picture. Unpatched vulnerabilities proliferate. Threat actors weaponize new exploits three times faster than just a few years ago. The attack surface continues to expand as shadow IT abounds, and non-traditional platforms – like cloud / virtual, mobile, and IoT – are becoming pervasive. Sophisticated new attack vectors (i.e. overlay malware) crop up all the time. And, breaches continue to rise.
Time for a Change
Gartner security analyst Craig Lawson recently said, “It is worth pressing the reset button and doubling down on improving your vulnerability management. Get your foundation right first. It’s not only just a principle, the data speaks volumes as to how effective it could be to improving your organization’s security posture.”
Retina Connected Threat and Vulnerability Intelligence (CTVI) orchestrates asset, attack, malware, privilege, vulnerability data, and more from BeyondTrust and 3rd party solutions. Essentially, Retina CTVI mobilizes your “security village,” automating data interactions, and coordinating intelligence sharing to pinpoint and eliminate high risk vulnerabilities and to uncover and track emerging threats.
Think Like an Attacker
One of our recent expert speakers (and a BeyondTrust customer) noted that one thing attackers do extraordinarily well is share information with each other. We need to take a page from the attacker’s playbook–meaning expand the information sharing and collaboration between security and monitoring systems we already have in place, as well as outside threat intelligence sources.
What we’re talking about goes far beyond just spitting out event data to a SIEM. By mobilizing our “security villages”, and automating their interactions, we can collect data from a variety of trusted sources, correlate it into a clear picture of risk, and take swift and decisive actions to mitigate vulnerabilities and threats.
Let’s Change the Game
Here are just a few examples of how Retina Connected Threat and Vulnerability Intelligence (CTVI) can help change your vulnerability management game:
Prioritize Known Vulnerabilities:
- Tight integration between Retina vulnerability and PowerBroker privilege data enables organizations to prioritize vulnerabilities based on which applications get used the most and who is using them.
- Connections to 3rd party exploit and malware sources, including Metasploit, CANVAS, and more, identify vulnerabilities that have publicly available exploits, are being used by exploit toolkits, or reside on compromised systems.
- Consume threat data from next-generation firewalls, like Palo Alto, for broader intelligence to determine risk scores, and consequently, which vulnerabilities are the most dangerous.
Shorten Remediation Times:
- Share data with workflow management and ticketing systems, like BMC Remedy and ServiceNow, to trace remediation progress as well as to initiate on-demand vulnerability scans.
- Native integration with Microsoft Windows Server Update Service (WSUS) and System Configuration Manager (SCCM) for deploying the latest product updates (Microsoft, JAVA, Adobe, etc.) directly from the Retina console.
Increase Emerging Threat Visibility:
- Cloud and virtual integrations with Amazon AWS, Microsoft Azure and Hyper-V, Google Cloud, VMware, and more ensure that organizations have a clear picture of their risk.
- Orchestrate asset, attack, malware, privilege, vulnerability data, and more from BeyondTrust and 3rd party security solutions, to spot anomalous behavior and pinpoint which assets and users pose the greatest threat.
Maximize Security Investments:
- Combine vulnerability intelligence with PAM solutions to make privilege decisions based on an application’s known vulnerabilities, their age, potential risk, and compliance impact.
- Correlate NGFW threat activity with detailed vulnerability, malware, and attack data for a holistic view of asset risk.
- Add real-time vulnerability intelligence to SIEMs for superior targeted attack and breach detection, as well as broader compliance visibility.
Read the complete Data Sheet!