PowerBroker for Windows – Solution Deployment
PowerBroker for Windows (PBW) is designed to integrate directly into your corporate Active Directory (AD) structure without modifying your existing schema. In the asset labeled “1” below, an administrator simply loads a Group Policy Option (GPO) snap-in onto an asset that uses the Microsoft Management Console (MMC). The administrator can then create policies and rules that are stored in the AD domain labeled “2”. An administrator can also access the management console (Retina CS labeled “3”) via a web interface to run reports or create additional rules based on collected events from the environment.
PowerBroker for Windows, Best Known Secrets – Collections
One of the best-known secrets about PowerBroker for Windows is the ability to logically group rules into Collections. This Best Practice allows you to organize rules based on almost any criteria and treat multiple rules as a single entity. This feature is most useful when:
- Rules require the same item-level targeting
- Organizing rules into physical groupings for ease of maintenance or review
- Creating rule groups based on abstract terms like department, application, or even denied applications or websites
- Enforcing that all sub-groups or rules inherentthe same action
- Storing obsolete or temporary rules
- Staging rules that are used for testing before inserting them into production. (This works best with Item Level Targeting).
Retina Helps Identify Weak Certificates
Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254. The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change the Windows certificate system and will cause it to stop accepting certificates that are less than 1024 bits as those keys are considered ‘weak’. This change will affect all Windows operating systems above Windows XP SP3 and Windows 8 already implements the tighter certificate check.
Xen Server Escape Exploit News
In today’s ever expanding virtualized data center it’s critical to ensure hypervisors/host systems are properly secured and patched to prevent bleed over into often dense populations of the corporate infrastructure. According to a recent blog post on Threatpost, French research firm VUPEN security has revealed exploit code that takes advantage of a vulnerability in Xen 4.1.2 based on advisory CVE-2012-0217. Although the vulnerability was reported in June there are many firms that may have not implemented the patch or worse haven’t identified whether or not they are vulnerable yet.
Just Released Blink 6.0: Advanced Endpoint Protection
It has been a long time since any vendor has introduced game changing features to end point protection solutions. We have seen claims of better anti-virus protection, advanced persistent threat protection (APT), and even claims of massive resource savings using their latest versions. BeyondTrust believes in a defense in depth approach to end point protection using multiple layers of protection from anti-malware to intrusion prevention and application protection.
BlackHole toolkit targets Microsoft XML Core Services flaw
Blackhole is a popular exploit kit used to inject malware onto PCs that visit an exploited site, or are redirected to such a site from another, compromised website. As hackers get bolder they use these types of toolkits to compromise computer networks. This allows less sophisticated individuals and organizations to compromise computer networks since these kits are relatively easy to attain and leverage.
BlackHat 2012 Recap Plus Powerbroker Mobile and Retina CS 3.5 Launch!
It’s been a very busy July here at BeyondTrust, especially the last two weeks! We’ve just returned from the annual BlackHat conference, where we had tremendous response to demonstrations of our Context Aware Security Intelligence solutions. BlackHat, as many of you know, is the industry’s most well respected technical security conference, so we were very excited to participate in and speak with customers and prospects about our latest security technologies. More [...]
PowerBroker Mobile Now Available
What do you get when you cross industry leading vulnerability assessment with a SaaS based mobile device management (MDM) solution? You get a mobile device solution that incorporates the top features of security, configuration, and compliance management with seamless integration into Retina CS. You gain complete visibility into corporate and “bring your own device” (BYOD) mobile assets. You find a mobile solution that is easy to deploy and manage allowing you to do more with less. More [...]
CCOs: Let Threat Analyzer do the heavy lifting
In a recent article on Dark Reading, The Compliance Officer’s Dirty Little Secret, the topic of how Chief Compliance Officers (CCO) form their decision making process(es) around compliance was brought to light. One major decision CCOs are responsible for making is whether to pay the fines associated with non-compliance versus the cost of achieving compliance. I’m sure there are many debates that can go back and forth of the efficacy of either case depending on industry, regulatory requirements, the degree of a breach, etc. but in MANY cases the former is far more costly than the latter when you think of legal risks from class action lawsuits (incurred following a breach), cost of notification to customers, brand image, potential stock price fallout not to mention the cost of consultants and technology to remediate the problem.
Now Available! Direct Integration from Retina CS into RSA Archer eGRC
Yet another first for BeyondTrust and eEye Digital Security. Our combined companies are proud to release our first new direct integration from Retina CS into RSA Archer eGRC. The business value provides comprehensive vulnerability management data directly into Archer’s Threat Management system. Using direct database access from Archer’s Integration System, the eGRC platform harvests asset and vulnerability data directly from Retina CS to provide a snapshot view of Threat Management health based on any data Retina collects for vulnerabilities regardless of server, desktop, infrastructure, cloud or even mobile device. The managed data feed can be setup to import data at almost any periodic frequency and will continually update Archer with the latest Threat Management data based on findings contained within Retina CS regardless of scan job. In addition, this data is completely exposed down to the most granular level to see how assets and vulnerabilities fair against current process and policies.
