Analytics
1/29/2014
10:39 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

BeyondInsight Provides Collaborative Approach To IT Risk Management

BeyondInsight provides a common dashboard interface for multiple BeyondTrust solutions

PHOENIX, January 29, 2014 – BeyondTrust®, the security industry's only provider of Context-Aware Security Intelligence, today announced the release of BeyondInsight&trade, a new IT risk management platform that unifies two foundational security methodologies: Privileged Account Management and Vulnerability Management. BeyondInsight provides a common dashboard interface for multiple BeyondTrust solutions, offering centralized asset discovery, reporting, analytics, and other platform capabilities that enable unprecedented synchronization and collaboration between IT and Security operations. By correlating privilege, access and vulnerability data, the BeyondInsight platform provides a clearer, more-informed picture of enterprise risk.

"Large-scale data breaches often begin with an attacker exploiting a single external vulnerability on a low-level system, and then capitalizing on privileges to gain access to critical systems and data," said Marc Maiffret, CTO at BeyondTrust. "BeyondInsight delivers a comprehensive view of the vulnerabilities that provide doors into an environment, as well as the privileges that present corridors to sensitive assets. With BeyondInsight, security teams will benefit from being able to correlate vulnerability information with user activity, while IT gains a clearer view of how privilege policies impact overall security. This fusion of asset and user intelligence enables IT and security to collectively reduce risk across complex environments."

The BeyondInsight IT Risk Management Platform is an integrated suite of software solutions used by IT professionals and security experts to collaboratively:

Reduce user-based risk and mitigate threats to information assets

Address security exposures across large, diverse IT environments

Comply with internal, industry and government mandates

Provide synergy and collaboration for multiple teams from operations to security

With BeyondInsight, security and IT professionals can jointly keep track of assets, assess risk, ensure compliance, and communicate progress throughout the organization. In addition to providing granular, role-based access to specific vulnerability and privilege management capabilities, BeyondInsight offers centralized asset discovery, asset profiling, management, reporting, and analytics capabilities. All results and data are stored in a central data warehouse and leveraged to inform future vulnerability and privilege management activities.

"As the threat landscape evolves, prioritizing and remediating vulnerabilities continues to be a challenge faced by most organizations," said Javvad Malik, Senior Analyst, Enterprise Security Practice, 451 Research. "Attackers routinely seek to obtain privilege accounts, therefore, combining both privilege and vulnerability management into one platform, as BeyondTrust has done, can help organizations make better-informed risk decisions."

Users can configure BeyondInsight for privileged account management, vulnerability management, or both, with a variety of BeyondTrust PowerBroker® and Retina software solutions. The solutions can be used in conjunction with one another, and all are integrated for maximum data sharing and operational efficiency.

Utilizing BeyondTrust's PowerBroker solutions, IT professionals can easily enforce least-privilege best practices and provide the access employees need to perform their jobs safely, without obstructing IT or end-user productivity. BeyondInsight's Retina CS Enterprise Vulnerability Management capabilities provide security teams with context-aware vulnerability assessment and risk analysis. Retina's results-driven architecture enables security professionals to proactively identify exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructure.

"Recent attacks against prominent financial services institutions, retailers and government agencies have demonstrated that the threat environment has profoundly changed," said Mark Kraska, Vice President of Engineering and Director of Compliance at eHealth Technologies, Inc. "With BeyondInsight, we'll be able to not only manage privileges and reveal vulnerabilities, but also gain insights into how privileges and vulnerabilities interconnect and impact our overall security posture in the context of our most important business priorities. This will allow us to see and manage risk like never before."

BeyondTrust is an industry leader in vulnerability management and privileged account management with nearly two decades of experience helping sophisticated organizations protect themselves from cyber-attacks. For more information on the company, or BeyondInsight, please visit: http://www.beyondtrust.com/.

About BeyondTrust

BeyondTrust is the only security solution vendor providing Context-Aware Security Intelligence, giving customers the visibility and controls necessary to reduce their IT security risks, while at the same time simplifying their compliance reporting.

BeyondTrust offers consistent policy-driven vulnerability and privilege management, role-based access control, monitoring, logging, auditing and reporting to protect internal assets from the inside out. The company's products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, mobile and cloud environments.

With more than 25 years of global success, BeyondTrust is the pioneer of both Vulnerability Management and Privileged Account Management solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world's 10 largest banks, eight of the world's 10 largest aerospace and defense firms, and 7 of the 10 largest U.S. pharmaceutical companies, as well as renowned universities across the globe.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.