Network Computing is part of the Informa Tech Division of Informa PLC
eEye Improves Vulnerability Prioritization Capabilities
The new release of eEye Digital Security’s CS Management product improves enterprise ability to prioritize remediation and mitigation of known vulnerabilities. Version 2.5 of the vulnerability management offering also adds support for mobile devices and free patching for select non-Windows applications.
eEye has added several features that help assess the threat level of a vulnerability to a particular business and IT environment. CS Management 2.5 now enables enterprises to custom-tune CVSS (Common Vulnerability Scoring System) by adding local data to the scoring criteria.
"More and more customers are adopting CVSS," says Brad Hibbert, eEye VP of strategy. "They see a high-risk score, and a lot will just use that score--but not each high-risk vulnerability is the same." So, enterprises can tailor the scoring to their environment, based on mitigating controls such as firewall protection, configuration settings and asset criticality that may raise or lower the threat level.
Vulnerability management vendors generally have their own proprietary vulnerability risk assessment scoring systems, which enterprises can modify to reflect their own environment. Just as CVE (Common Vulnerability Environment) works to establish a standard dictionary of vulnerabilities and exposures so that information can be shared across organizations and security tools, CVSS is positioned as a standard for establishing the base risk of a given vulnerability.
"CVSS is independent, and enterprises gravitate toward it, so they understand the risk and not worry so much about vendor bias," says Eric Ogren, founder and principal analyst of the Ogren group. "You can patch, of course, but CVSS also enables you to check out what is recommended in terms of actionable mitigation, such as firewalls, that may take the curse off the vulnerable systems."
CS Management now also identifies whether a vulnerability has an associated exploit from Core Secuirty, Metasploit or Exploit Database, to help determine if there is an immediate threat to critical assets. eEye recently announced "right-click" integration with Metasploit that allows users to import vulnerabilities discovered by eEye’s Retina scanner directly; Metasploit then launches exploits against the target vulnerability. eEye already had similar integration with Core Security.
Recommended For You
Developing and managing a network budget is hard work for network professionals, who often get hit with new projects that they know nothing about. Is there a better way to manage network spending?
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.