Post on 05-Jun-2018
1
BeyondInsight Version 5.4 New and Updated Features
Introducing Advanced Threat Analytics Capabilities and More
An application is launched for the first time. An administrator logs in at 2am. A server has unpatched vulnerabilities. Seen individually, these events may be written off as low-‐risk blips. When combined on a single system, in a single time period, they add up to a red alert.
Advanced persistent threats (APTs) often go undetected because traditional security analytics solutions are unable to correlate diverse data to discern hidden risks. Seemingly isolated events are often written off as exceptions, filtered out, or lost altogether in a sea of data. The intruder continues to traverse the network, and the damage continues to multiply.
BeyondInsight® Clarity, now shipping standard with BeyondInsight v5.4, enables customers to detect critical IT security threats previously lost amidst volumes of data, while identifying specific users and assets exhibiting patterns of risky activity.
Other new features in BeyondInsight v5.4 include:
• BeyondTrust PowerBroker® Password Safe management updates: including expanded platformsupport, plus filtering and API enhancements
• Reporting support for NIST 800-‐53 Revision 4 and PCI Data Security Standard (DSS) 3.0
• Threat Intelligence Connector for ServiceNow®: import BeyondTrust Retina vulnerability data,launch Retina vulnerability scans, and generate incident response tickets in ServiceNow serviceautomation solutions
• Several additional usability and reporting enhancements
BeyondInsight v5.4 gives IT and security professionals unmatched levels of security, visibility, and threat intelligence, enabling them to better understand, prioritize and communicate risk enterprise-‐wide.
New Feature Highlights
BeyondInsight Clarity – Advanced Threat Analytics
BeyondInsight Clarity is an advanced threat analytics capability that enables IT and security professionals to identify data breach threats typically missed by other security analytics solutions. First available as a technology preview in BeyondInsight v5.3, Clarity is now a standard capability of the BeyondInsight IT Risk Management Console, which ships with a variety of BeyondTrust privilege and vulnerability management solutions.
Clarity pinpoints specific, high-‐risk users, accounts and assets by correlating low-‐level privilege, vulnerability and threat data stored in the central BeyondInsight database. The BeyondInsight database
2
contains information gathered via powerful onboard discovery capabilities, combined with data feeds from a variety of privilege and vulnerability management solutions, including: • PowerBroker for Windows: user and account activity data from desktops and servers • PowerBroker for UNIX & Linux: user and account activity from servers • PowerBroker Endpoint Protection Platform: IPS, IDS, anti-‐virus and firewall log data • Retina CS Enterprise Vulnerability Management: vulnerability data • Third-‐Party Vulnerability Scanners: imported data from Qualys®, Tenable®, and Rapid7® BeyondInsight Clarity taps into this rich database to set baselines for normal behavior, observe changes, and identify anomalies that signal critical threats. Correlate: Connect diverse asset, user and threat activity to reveal critical risks
Like a good detective, Clarity is proficient at gathering disparate evidence, making connections, and uncovering would-‐be data breach culprits. For instance, Clarity can recognize that an administrator opening ports on a vulnerable server at 2am probably means trouble. Clarity is uniquely able to analyze privileged user and account activity with asset characteristics, such as vulnerability count, vulnerability level, attacks detected, risk score, applications, services, software and ports. Through advanced threat analytics, Clarity correlates the data, connects the evidence, and reveals clear cases of user and asset risk. Measure: Detect changes signaling in-‐progress threats
Examining an asset’s current state isn’t always enough to reveal risk, making it critical to constantly measure and compare profile data over time. For instance, today, an asset may be running a seemingly normal set of services. Tomorrow, it might be running a markedly different set of “normal” services, while similar assets remain unchanged. Clarity measures asset characteristics from one day to the next, noting the scope and speed of any changes. By comparing an asset’s “change velocity” to that of similar assets, Clarity enables you to see deviations that you may have otherwise missed. Isolate: Spotlight users and assets posing the greatest risks
BeyondInsight Clarity is deft at flagging any users or assets that deviate from the norm. Clarity constantly organizes assets into like groups based on their profiles and behaviors. Whenever changes occur that cause a specific asset to break from the pack, BeyondInsight shines a spotlight on the outlier and its associated users and accounts, while offering complete drill-‐down capabilities to speed investigation and remediation. Report: Align IT and security for smarter decision making
BeyondInsight’s powerful reporting engine keeps IT security and IT operations teams aligned and focused on business goals – whether that means complying with industry regulations like PCI and HIPAA or simply reducing the risk profile by employing least privilege where it makes the most sense. With Clarity, BeyondInsight expands its reports library to over 270 templates, with new templates for pinpointing users, assets and activities with high threat levels. As a result, IT operations and security staff can quickly identify and remediate threats, while sharing vital risk and compliance data to both technical-‐ and non-‐technical audiences within the organization.
3
One of several new BeyondInsight Clarity Threat Analytics reports, the “Top 10 Assets” report enables IT and security staff to focus on specific assets and associated activities that put the organization at risk.
PowerBroker Password Safe Management Enhancements
PowerBroker Password Safe is a privileged password management solution based on the BeyondInsight IT Risk Management Platform. BeyondInsight v5.4 provides centralized management, reporting and analytics capabilities for Password Safe v5.4, along with several other BeyondTrust privilege and vulnerability management solutions. New BeyondInsight features for Password Safe include:
• Password management and rule-‐based application control integration with the PowerBroker forWindows least-‐privilege management solution
• New platform and device support for Cisco®, Sybase®, VMware® vSphere® (SSH), F5 BIG-‐IP®, HPComware®, Palo Alto Networks®, Checkpoint®, Juniper®, RACF®, and IBMi® (AS400)
• New Active Directory service account management support• DSS keys for managed accounts on Unix and Linux• Matching criteria for managed account Smart Rules (matching filters)• API enhancements
4
NIST SP 800-53 Revision 4 Reporting
BeyondInsight now supports NIST 800-53 revision 4 for regulatory compliance reports. This update is strategically important for FedRAMP 2.0 and other key frameworks that focus on vulnerability assessment and configuration compliance.
PCI Data Security Standard (DSS) Version 3.0 Reporting
BeyondInsight v5.4 includes the latest Self Assessment Questionnaires (SAQ) and reporting updates required for PCI DSS 3.0 vulnerability assessment compliance. These updates ensure that clients using Retina and BeyondInsight continue to meet PCI-‐mandated requirements for vulnerability scanning.
Threat Intelligence Connector for ServiceNow Service Automation Solutions
BeyondTrust has partnered with ServiceNow® to develop bi-‐directional integration between BeyondInsight and ServiceNow Asset Management and Incident Response. The new threat intelligence connector enables ServiceNow customers to:
• Import asset profiles from BeyondInsight discovery scans and/or Retina vulnerability scans• Launch Retina vulnerability assessments from the ServiceNow Asset Management module• Generate incident response tickets in ServiceNow based on BeyondInsight Smart Rules and Retina
vulnerability scans
BeyondInsight keeps ServiceNow customers up to date with the latest asset profiles and risk information.
BeyondTrust North America | 800.234.9072 | 818.575.4000 | info@beyondtrust.com BeyondTrust EMEA | +44 (0)1133 970445 | emeainfo@beyondtrust.com
Twitter: @beyondtrust | Facebook.com/beyondtrust | Linkedin.com/company/beyondtrust
5
Miscellaneous Updates
BeyondInsight v5.4 also includes the following incremental improvements: • Usability improvements related to address groups for web vulnerability scans • Custom reports and exports for Pivot Grid Graphs • Critical finding highlights in remediation and vulnerability reports for immediate mitigation • Smart Group creation for systems that have users with administrator privileges • Dedicated BeyondInsight scan and report templates for Personally Identifiable Information (PII)
discovery and the VMware Hardening Guidelines
About the BeyondInsight IT Risk Management Platform
The BeyondInsight IT Risk Management Platform is an integrated suite of software solutions used by IT professionals and security experts to collaboratively: • Reduce user-‐based risk and mitigate threats to information assets • Address security exposures across large, diverse IT environments • Comply with internal, industry and government mandates By unifying BeyondTrust privileged account management and vulnerability management solutions, BeyondInsight provides IT and security teams a single, contextual lens through which to view and address user and asset risk. > Learn more and schedule a demonstration: http://www.beyondtrust.com/Products/BeyondInsight/
About BeyondTrust
BeyondTrust is a global cyber security company dedicated to proactively eliminating data breaches from insider privilege abuse and external hacking attacks. Corporate and government organizations rely on BeyondTrust solutions to shrink attack surfaces and identify imminent threats. The company's integrated risk intelligence platform presents a unique competitive advantage in its ability to reveal critical risks hidden within volumes of user and system data. This unifies IT and Security departments, empowering them with the information and control they need to jointly prevent breaches, maintain compliance, and ensure business continuity. BeyondTrust's Privileged Account Management and Vulnerability Management solutions are trusted by 4,000 customers worldwide, including over 50% of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com. © 2015 BeyondTrust Corporation. All rights reserved. BeyondTrust, BeyondInsight, and PowerBroker are trademarks or registered trademarks of BeyondTrust in the United States and other countries. Other marks are the trademarks of their respective owners.