New Feature Highlights for Retina CS 6.2
New 3rd Party Integrations for Scanning Cloud Environments and Sharing Security Intelligence
Retina CS features dozens of certified integrations meant to increase the effectiveness of your “security village” (e.g. SIEM, Privilege, NGFW, Vulnerability Management, and more). While these systems all generate valuable data, they are typically walled off from one another. Connecting your village’s asset, threat and user data together, translating it into actionable intelligence, and synchronizing that knowledge across multiple systems can be a game changer
! In this latest release, Retina CS adds the following 3rd
Discover and classify virtual and cloud-based assets, and their associated vulnerabilities for a clearer picture of risk and compliance in the cloud.
- Google Cloud Platform: Identify assets and scan for vulnerabilities within Google’s Cloud Platform.
Combine Retina vulnerability data with real-time threat information for added context in prioritizing threats and vulnerabilities.
Privilege Access Management:
- Kenna Security: Forward Retina vulnerability scan data to Kenna for correlation with its real-time threat intelligence sources.
- TAXII / STIX: Generate a STIX Incident Report to be consumed by a TAXII Inbox (push) Service. Our incident report includes Observables, Tactics, Techniques and Procedures (TTPs) and related Incidents.
Automate the use of protected privilege credentials for vulnerability scanning.
Security Information & Event Management (SIEM):
- Third Party Credential Provider: Easily perform authenticated vulnerability scans by automating the use of high-level credentials, protected by a 3rd party credential providers that accept SOAP requests.
Add real-time vulnerability intelligence to SIEM solutions for superior targeted attack and breach detection, as well as broader compliance visibility.
- NetIQ Sentinel: Forward BeyondInsight event data to NetIQ Sentinel SIEM in Log Extended Event Format (LEEF).
- Exabeam: Forward BeyondInsight analytics data to Exabeam SIEM in Common Event Format (CEF).
Internet of Things Vulnerability Scanning
While the Internet of Things (IoT), sometimes referred to tongue-in-cheek as the “Insecurity of Things”, is still emerging, the threats presented by its rapidly expanding cyberattack surface are no laughing matter.
One particular threat scenario in the news these days involves using the Mirai IoT Botnet to launch Distributed Denial of Service (DDoS) attacks, like the one on Dyn that caused a massive internet outage
across the United States, or that took the entire country of Liberia offline
. In these instances, Mirai was able to infect tens of thousands of IoT devices, turning them into bots.
With Retina CS 6.2, organizations now have the capability to identify defenseless IoT devices such as Samsung IP cameras, Dahua DVRs, Xerox printers and SMC routers. Utilizing specific information, such as server banners and header data, Retina is able to reliably pinpoint the make and model of a particular IoT device. From there, Retina can safely test whether or not that device is using default or hard-coded credentials for Telnet, SSH, or Basic HTTP Authentication, as these are the preferred attack vectors that botnets (most notably, Mirai) use to initially gain access to a potential victim.
Enhanced Threat Intelligence
Despite widespread deployment of vulnerability management technologies, many companies still struggle with identifying which vulnerabilities pose the greatest risks to their environments. Millions of vulnerabilities exist. However, only a small percentage of these are being actively exploited in the wild. Organizations need “outside” threat information to be able to prioritize their remediation efforts.
In addition to checking for active malware and publically available exploits, Retina CS 6.2 compares hashes from enumerated services and processes and executed applications with the National Software Reference Library
(NSRL). The NSRL contains data that enables organizations to identify dangerous files within their environments. If a file is determined by NSRL to be “malicious”, Retina CS will flag it and provide additional information via BeyondInsight Clarity threat analysis dashboards and reports.