Embed Size (px)
Citation preview
DATASHEET
In today’s dynamic information security environment, we understand that there is no one right way to manage a vulnerability, nor are all vulnerabilities created equal. Just because a vulnerability is ranked critical or another might have an exploit available doesn’t mean it’s important to you. These and other criteria are simply data points into your overall vulnerability management process. What matters is how the vulnerability and the corresponding exploit relate to your business. Simply put, context is key. We strive to give you all the information you need to make better educated decisions as to how you want to manage vulnerabilities and risks within your environment. That is why we provide simple, easy-to-use solutions that work seamlessly within your existing vulnerability management and penetration testing workflows.
How it works: integration witH Metasploit Free and CoMMerCial Versions Retina is fully integrated with both the free and commercial versions of Metasploit. Users can either choose to import Retina data into Metasploit to launch applicable exploits or they can directly launch Metasploit exploits from within Retina itself. The two work-flow options are as follows:
• Simply right-click on a vulnerability within Retina and launch any applicable Metasploit exploit that might exist.
• Import Retina vulnerability scan data directly into Metasploit and then launch exploits against vulnerabilities that Retina discovers.
Unlike other tools in the market, with Retina there is no need to toggle from product-to-product. All that’s needed is Retina and Metasploit installed on either the same or any systems that can communicate; we take care of the rest.
Penetration Testing Integration for Retina CS
the Benefits of Context-aware Vulnerability Management
•determine what to fix first, what to fix next – and why
•prioritize people, processes, and technology to address exposures
•predict return on remediation prior to committing resources
•Measure the efficacy of vulnerability management processes over time
•share results in terms and formats relevant to specific audiences
aBoUt BeYondtrUst
BeyondTrust is a proven leader with more than 25 years of experience. More than half of the companies listed on the Dow Jones, eight of the 10 largest banks, seven of the 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical com-panies rely on BeyondTrust to secure their enterprise.
ContaCt inFo
nortH aMeriCan sales 1.800.234.9072 [email protected]
eMea salesTel: + 44 (0) 8704 586224 [email protected]
Corporate HeadQUarters550 West C Street, Suite 1650 San Diego, CA 92101 1.800.234.9072
ConneCt witH UsTwitter: @beyondtrustFacebook.com/beyondtrustLinkedin.com/company/beyondtrustwww.beyondtrust.com
integration witH all leading penetration testing tools
Retina also provides users with information on the availability of exploits from all the leading penetration testing tools. From within Retina CS, users can export vulnerability data in XML format (from any scan) that can be consumed directly by Core Impact. This allows a distributed enterprise to collect vulnerability data from remote scanners, process the information, and then export it as one file for core impact to ingest and begin pen testing. Enterprise environments do not need to visit every scan engine and can plan for a test using the enterprise architecture they have deployed with Retina CS. Retina is also integrated with:
• Canvas, from Immunity• Exploit DB• Cybercrime Exploit Toolkits, that are continuously researched and analyzed by the
BeyondTrust Research Team This means that after running a scan users can immediately match up vulnerabilities discovered with commercially available exploits. By using Retina, customers now have the ability to tap into four separate exploit toolkits without having to make the capital investment in the technology itself. Furthermore, with Retina’s unmatched reporting you can simply run a report that highlights which vulnerabilities have exploit matches and then prioritize those for remediation if you choose.
no silVer BUllet As always, exploits are far from an exact science and when it comes to prioritizing your vulnerabili-ties. You cannot discount a vulnerability simply because an exploit framework failed to properly exploit it, as there are many factors that can cause an exploit to fail. Also more often than not, an exploit framework will simply not have an exploit for vulnerability even though attackers in the wild do. Finally, while some scanners have false positives, exploits tools have false negatives and miss real exploit matches they should find.
There is always going to be a gap between the thousands of malicious attackers and what the com-mercially available exploit toolkits provide. The non-exact science of exploit reliability and incom-plete coverage of exploits to vulnerabilities are two factors to keep in mind when thinking about how to prioritize your vulnerabilities. This is why BeyondTrust includes these references natively within the solution and Retina provides the lowest false positive rate in the industry.
