eEye Improves Vulnerability Prioritization Capabilities update from August 2011

The new release of eEye Digital Security’s CS Management product improves enterprise ability to prioritize remediation and mitigation of known vulnerabilities. Version 2.5 of the vulnerability management offering also adds support for mobile devices and free patching for select non-Windows applications.

eEye has added several features that help assess the threat level of a vulnerability to a particular business and IT environment. CS Management 2.5 now enables enterprises to custom-tune CVSS (Common Vulnerability Scoring System) by adding local data to the scoring criteria.

"More and more customers are adopting CVSS," says Brad Hibbert, eEye VP of strategy. "They see a high-risk score, and a lot will just use that score--but not each high-risk vulnerability is the same." So, enterprises can tailor the scoring to their environment, based on mitigating controls such as firewall protection, configuration settings and asset criticality that may raise or lower the threat level.

Vulnerability management vendors generally have their own proprietary vulnerability risk assessment scoring systems, which enterprises can modify to reflect their own environment. Just as CVE (Common Vulnerability Environment) works to establish a standard dictionary of vulnerabilities and exposures so that information can be shared across organizations and security tools, CVSS is positioned as a standard for establishing the base risk of a given vulnerability.

"CVSS is independent, and enterprises gravitate toward it, so they understand the risk and not worry so much about vendor bias," says Eric Ogren, founder and principal analyst of the Ogren group. "You can patch, of course, but CVSS also enables you to check out what is recommended in terms of actionable mitigation, such as firewalls, that may take the curse off the vulnerable systems."

CS Management now also identifies whether a vulnerability has an associated exploit from Core Secuirty, Metasploit or Exploit Database, to help determine if there is an immediate threat to critical assets. eEye recently announced "right-click" integration with Metasploit that allows users to import vulnerabilities discovered by eEye’s Retina scanner directly; Metasploit then launches exploits against the target vulnerability. eEye already had similar integration with Core Security.The third new risk prioritization feature is the ability to integrate attack and malware information from third-party products, such as anti-virus tools. eEye already integrates with its own endpoint product, Blink, a host-based intrusion prevention system. eEye has also improved risk reports and analytics, including a heat map that shows the greatest risk.

Reflecting the growing security concern over the proliferation of mobile devices in the workforce, the new release adds vulnerability assessment for mobile devices, initially covering BlackBerry devices. BlackBerry was a natural first choice, Hibbert says, as many eEye customers deploy BlackBerry Enterprise Server for corporately managed phones. Retina CS Mobility Connector will include support for other platforms--iOS, Android and Windows Mobile--before the end of the year. Mobility Connector will initially be offered at no charge to current customers.

Finally, eEye will offer a free patching capability for key non-Windows applications via Windows Server Update Services (WSUS). Initial patch packages include Adobe, which frequently issues security patches, and Firefox. Companies will be able to go to an eEye portal to fetch prepackaged and tested patches and install them with WSUS.

eEye has its own patch module available for Retina CS, of course. While vulnerability management vendors generally started around their core network scanners, such as Retina, the value is as much in the management capabilities as the intrinsic strengths of a given scanner.

"The thing about scanning is you have to do something with the results," says Ogren. "We need actionable information so we can prioritize, generate job tickets, track progress and see how things get cleared."

See more on this topic by subscribing to Network Computing Pro Reports Security That Never Sleeps (subscription required).