Executive Summary

Vulnerabilities in your IT environment can wreak havoc on your business operations. These common weaknesses can be exploited by a variety of external and internal threats, from malicious individuals and “hacktivists,” to criminal hacking syndicates and nation states. The need to proactively address vulnerabilities is accentuated by requirements for always-on business services, cloud-based computing, and regulatory compliance. It’s therefore critical to design and implement a comprehensive security management strategy to ensure business continuity. BeyondTrust’s vulnerability management solutions enable organizations to monitor and document IT weaknesses for a “near-real-time” view into asset risk and its implications for business operations. This risk can be monitored by individual assets or in logical groups, such as by application, operating system, geography, or even business function. BeyondTrust solutions ensure that exposures to critical business processes and applications are monitored and managed at the enterprise level. This enables security resources to be managed as part of an overall IT resource management strategy and allows operations staff to better support the company’s key business objectives.

Critical IT Security Exposures

IT security is clearly the key business issue of today. The words “threat” and “attack” are commonly used as if they connote some monolithic evil that awaits every organization’s infrastructure. In fact, there are many kinds of threats and many modes of attack, and they can originate both inside and outside the organization. Their impacts are diverse and can include:
  • Proprietary information loss
  • Loss of system availability
  • Loss or corruption of data or applications
  • Loss of productivity
  • Regulatory non-compliance
  • Damaged customer relations / brand image

Corporate Risk Calculation

With Retina CS Enterprise Vulnerability Management, BeyondTrust has created a revolutionary methodology for expressing the risk of IT assets deployed throughout the organization. The solution assesses multiple security vectors and calculates a risk for each asset. This risk can be expressed in terms of a logical “Smart Group” within the solution such that the overall assessment of a business unit, geography, or custom container can be compared to other entities within your environment. The overall expression of risk is calculated based on four high-level vectors:
  • Vulnerability – The quantity and severity of vulnerability audits identified by Retina or the PowerBroker Endpoint Protection Suite. Measurements are based on such factors as a lack of proper patch maintenance on a host or compliance issues related to current corporate security policy and best practices.
  • Attacks – A direct measure of actual attacks – as flagged by BeyondTrust’s PowerBroker Endpoint Protection Suite – and their severity. The solution looks at how assets in the corporate environment are being exposed to threats and what type of threats challenge their integrity to perform business functions and protect data.
  • Exposure – A measure of how open a system is to an attack. This is based on the number of open ports, shares, services, and users a host contains; the lack of protection such as a firewall or anti-virus solution; and the presence of any illegal or unnecessary applications that have been installed.
  • Threat – A measure of potential danger to an asset from sources that may regard it as a worthy target, based on user-defined criteria and/or system role.
Based on the technical translation to business terms, organizations can have a direct method for understanding the asset’s security posture from raw technical data to business impact.