Retina CS Turns Patch Tuesday into Simply “Tuesday”
Last week we announced Retina CS 3.0 – which extends our already market-leading vulnerability management capabilities for mobile devices – by adding in support for Android devices, as well as Microsoft Exchange ActiveSync – and sets a new bar for enterprise cloud security, allowing private cloud deployments based on Amazon Web Services (AWS) and VMware vCenter to be integrated within your existing vulnerability management strategy.
This announcement comes on the heels of our most recent award for Retina CS, granted by SC Magazine, who gave us the highest marks possible for usability, feature-richness and most importantly, value. Why do I bring this up? Well, Patch Tuesday of course.
Patch Tuesdays (and the following days) are typically very active days in the security community. The fact that it’s named “Patch Tuesday” tells us something in its own right. It even has a Wikipedia page! eEye has long been an active contributor to the Patch Tuesday ‘economy’. In fact, many organizations give us partial credit for pushing Redmond toward a regular reporting cycle. We’ve long provided our unique insights via our Vulnerability Expert Forum which takes place the Wednesday right after Patch Tuesday (there’s still time to sign up!), helping customers and non-customers alike better plan their Patch Tuesday response.
Even with all of this, our true goal is to provide the solution – Retina CS – that allows our customers to turn “Patch Tuesday” into simply “Tuesday”.
Why is it important? Our customers are busy enough proactively trying to meet their already demanding security, compliance and audit requirements. Patch Tuesday shouldn’t throw them off their preferred cadence.
How do we help? By providing all the necessary capabilities to accurately scan and identify the need for those new patches, to provide Insight into which machines can wait for a normal patch window, and most importantly, the reporting to prove their efforts made their networks more secure.
If you’re longing for Patch Tuesday to return to just simply “Tuesday”, I encourage you to join our next Vulnerability Expert Forum and check out Retina CS.
UPDATE: If you’re participating in our VEF today at 1pm PST be sure to post your answer to our question, that we ask you during the webinar, below for your chance to win an Amazon Kindle Fire! It’s that easy. Good luck.
Permanent Link
There is mobile security? Patch management is near nil and forget about adobe and java updates.
We’re not using any security for cloud since we are not using that now. For mobile we are still using Blackberry’s RIM with no rights for the user to install apps on their phones.
We intend to fix our security issues in the near future with Retina CS
We are currently not supporting mobile devices or cloud computing so we don’t have a solution yet.
We use Lotus Traveler to lock down our mobile devices including, iPad, iPhone, and Android devices. We do not use any cloud services at this time.
My answer to the question is: We don’t use smart phones. As far as cloud storage, all data deemed sensitive is encrypted into a TrueCrypt Container file prior to being moved to the cloud. All passwords are stored locally in a KeePass Database. The key to the KeePass database is stored via Cryptainer on a thumb drive and the password to open the Cryptainer disk is memorized. The thumb drive is only in the PC during the time that KeePass is being used. So far out data has been save on the Cloud and being as we are not using Smart Phones we are not open to attack.
1. Cloud security – None, since the client has no plans for moving to the cloud in the near future.
2. Mobile security –
a. Run Retina scans for vulnerability and compliance on supporting servers and remediate vulnerabilites
b. User education on procedures, SOP and policies
c. No direct hard-wire connection of mobile device directly into the network (circumventing security)
d. Incident response for lost\stolen devices
Hi,
my experience is that mobile devices have to satisfy the same security policies as all other Enduser devices. That means normally encryption,AV, firewall and centralized management solutions.
The big clouds I have seen so far are much better managed that individual servers. Probably for two reasons.
First of all clouds are managed by professionals, and in some form SLA with customers exist. So proper management processes need to be established and followed.
Second, its is easy to request VMs or services. Without popper control of ownership neither billing nor revalidation of usage is possible.