eEye Digital Security — Vulnerability Management

The volume of newly discovered vulnerabilities is increasing every day, compelling security professionals to reassess their approach to protecting corporate networks. According to the CERT Institute, 99% of network attacks leverage known vulnerabilities; hence, the opportunity exists to avoid the damage inflicted by these attacks – simply by taking proactive steps to eliminate the multitude of vulnerabilities confronting your enterprise.

The challenge is not identifying the "fix" for a specific vulnerability, as those are provided through software vendors and prudent internal policies. The challenge is to define and implement a coordinated process to address the discovery, identification, remediation and prevention of these vulnerabilities.

The effectiveness of targeted and automated network attacks such as the Sapphire SQL and MS Blaster worms, among others, has clearly demonstrated the inadequacy of most organization’s current vulnerability protection strategy. This inadequacy is primarily driven by several factors:

• Lack of technology and tools to discover, assess and pinpoint vulnerabilities as well as security mis-configurations and policy violations.
  
• Lack of a process to address vulnerabilities.
  
• Misalignment of priorities and integration between security and IT departments.
  
• Limited remediation scope focused solely on software patches.

eEye’s vulnerability management solutions combine process and technology into a single, effective system, giving security and information technology professionals the power to schedule and perform vulnerability audits, create and enforce security policies, prioritize and schedule remediation activities, verify corrective actions, and effectively manage the entire threat mitigation process. Vulnerabilities are best managed through a comprehensive program including Retina® Network Security Scanner, Retina® Remediation Manager and Blink® Vulnerability Protection, which together have the capability to vulnerability management solution to ensure the highest protection against both known and unknown vulnerabilities.

eEYE APPROACH

eEye Digital Security has developed a systematic approach to address the challenges with assessing, remediating, and preventing vulnerabilities. This vulnerability management workflow enables you to align eEye's innovative approach to network security to the business risks associated with the prevention of unauthorized access to your network architecture.

Discover
The critical first step in identifying, checking and tracking all of the servers, workstations and devices that are attached to your network. All systems and devices can contribute to security threats and ultimate downtime so must be identified and audited.

Audit
The linchpin of the entire vulnerability management process, which entails checking all operating systems, hardware configurations and application configurations. This phase must be fast, non-intrusive, customizable, centrally organized and remotely maintained.

Delegate
Upon completion of a given vulnerability assessment, remediation activities are prioritized and assigned to team members. Rules can be created to automatically delegate security events as tasks according to severity level, origin or vulnerability type.

Remediate
Now it is time to take action, and begin dialogues on how to best remediate the discovered vulnerabilities through a combination of technology, processes, policies and training. As vulnerabilities can impact the entire organization, this step will typically be a multi-departmental effort.

Report
Whether monitoring specific machine information, providing executive level views or communicating other important data, reporting is an important element that must be evaluated along with everything else.

Adapt
The final stage for this workflow comprises the ongoing review of data collected from each preceding stage, and modifying your work flows and security measures to continue increasing security, improving performance and reducing the likelihood of unauthorized security breach.

SOLUTION ARCHITECTURE

Consistent with eEye’s best practices approach to threat management and network security, the architecture of eEye’s vulnerability management solution is multi-tiered, starting with a comprehensive assessment and audit of all security threats on all network assets. This is accomplished through a Retina® Network Security scan.

Blink® performs the necessary intrusion prevention protection through the deployment of an agent on each identified network asset. This way each network asset, including mobile workers and wireless devices, may be reported upon, audited and logged, providing the necessary real-time protection each time a network connection is performed.

These events are logged and easily managed through REM™, a central management console, capable of real-time integration through pre-built APIs to larger IT management interfaces including CA’s UniCenter, IBM’s Tivoli and HP’s OpenView. As a whole, this architecture provides the means to holistically view your security resources, and to adapt your