Q&A with BeyondTrust: on Enterprise Security Risks and BeyondTrust’s Vulnerability Management Solutions

Cybersecurity is in a constant state of flux. Every so often we hear about data breaches that result in the exposure of hundreds of thousands of private records, and a company’s reputation and credibility lost. In 2017 alone–specifically in the last quarter of the year–an average of 274 exploit detections were recorded, up 82% from the previous quarter.

Vulnerabilities–or system weaknesses–are exploited by cybercriminals to disrupt systems and businesses, causing significant damage with far-reaching impact. And if the world’s largest companies can quickly fall prey to cyber attacks, is there any hope for small enterprises to shore up their defenses?

SourceForge recently spoke with Scott Lang, the Senior Director at BeyondTrust, a global cybersecurity company that’s on a mission to prevent privilege misuse and stop unauthorized access in organizations, to discuss the biggest security challenges facing modern enterprises today and how businesses can take a more proactive approach to security. Lang also talks about BeyondTrust’s vulnerability management solutions and how they enable businesses to quickly identify and mitigate threats to their users and assets.

Q: Please share with our readers a brief overview on BeyondTrust. When was the company established and what types of industries do you currently serve?

A: BeyondTrust dates its heritage back to the founding of Symark in 1985, when it introduced one of the original solutions for privilege command elevation and delegation for Unix and Linux environments.

Today, BeyondTrust delivers a complete Privileged Access Management (PAM) platform that provides control and visibility over all user privileges and passwords. Our PAM solution is different because it includes built-in security insights from Vulnerability Management and Threat & Behavioral Analytics that help to inform privilege decisions.

With more than 4,000 customers across the globe, and serving all industries (especially those with the most stringent cybersecurity and compliance requirements), industry analysts consider BeyondTrust a leader in our market.

Q: What do you see as some of the biggest security challenges facing modern enterprises today?

A: Some of the biggest security risks facing modern enterprises today are posed by unmanaged user privileges and privileged accounts – specifically how they can be targeted in a data breach.

In fact, according to Forrester Research, 80% of security breaches involve privileged accounts in some way. Think about some of the most significant data breaches that have hit the news just in the last year – brands like Uber, the UK National Health Service, and Swift Networks. Each had their privileged credentials hacked or stolen, leading to significant reputational and financial loses.

The Cyber Attack Chain (or Kill Chain) is a common reference for illustrating the steps involved in an externally-driven cyber attack such as these. External attacks make up about 72% of all attacks according to the 2018 Verizon Data Breach Investigations Report, with insider attacks accounting for 28% (and growing!).

Based on our experience, externally-driven data breaches start when an attacker exploits an asset vulnerability or attempts to gain a foothold through some sort of social engineering tactic, like phishing where the aim is to obtain a credential. Why does this happen? Systems on the perimeter are vulnerable to attack, and users can have too much privilege, making them targets. Once inside the network, the attacker hijacks privileges or leverages stolen or weak passwords. Unmanaged credentials and excessive privileges are the culprits here.

Once the attacker successfully becomes an insider, they can leverage those privileges and passwords to move laterally and exploit other resources to achieve their ultimate objective – your data. And most organizations don’t have the visibility to connect the dots between excessive privileges and perimeter exploits.

The problem only gets more complex as enterprise perimeters expand beyond traditional on-premise systems and internal employees. The IT perimeter is comprised of the people, processes and technology that access an organization’s information assets. For malicious hackers and insiders, it’s the attack surface through which the organization can be breached. The cloud and IoT devices present new attack vectors, and processes like DevOps mean new applications, scripts, bots and other technologies may require automated access to infrastructure, as well to one another.

Clearly, how IT supports, protects and enables business is changing just as fast. While the new perimeter is making business for efficient and agile, it’s also opening paths of attack.

Q: In your opinion, what are some of the most basic things organizations need to do to reduce their risk for security exploitation?

There are several basic things that organizations can do to reduce their overall attack surface. Here are five to get started.

• Do not share passwords, especially privileged accounts. Speaking of passwords, ensure that different passwords are used for all applications in use in the organizations, and store them in a secure password management safe that requires you to check them in and out with a secure workflow process – it provides accountability!
• Implement the principle of least privilege to ensure that everyone has only the minimum access to do their jobs, and nothing more.
• Scan for vulnerabilities and patch systems regularly.
• Employ proper network segmentation to keep third-parties (even trusted ones) out of areas they don’t need to access.
• Implement a backup and disaster recovery plan for all important documents and data.

Q: How can enterprises move from a reactive security approach to a proactive one with the least impact to productivity? Can you share some tips on what organizations need to implement an effective vulnerability management program?

A: Over the past two decades, the basic approach to managing software vulnerabilities has consistently remained – discover assets, audit them for vulnerabilities, prioritize and patch them, and report on progress.

However, looking at the data, the gap between the good guys and bad guys continues to widen. Vulnerability management challenges are only getting tougher. We need to change the game. We have to think like a hacker. Ironically enough, adversaries have been using the concept of connecting dots to successfully hack into our systems for years. Bots typically don’t work alone, but instead as a coordinated group of infected machines, each sharing data with, and taking orders, from a command and control server. Systems such as SIEM, Privilege, GRC, NGFWs, and Asset, Network and Vulnerability Management, all generate valuable data, but are typically walled off from one another.

However, if you can connect their asset, threat and user data together, translate it into actionable intelligence, and then share it back out for various systems to act on–that’s a game-changer! This would enable you to:

• Reduce remediation times for known vulnerabilities.
• Gain insights into new and emerging threats.
• Use vulnerability intelligence to inform least privilege access and increase threat visibility.
• Close vulnerability gaps created by cloud, virtual, and mobile technologies.
• Measure the impact of threats before they’re exploited.

Q: Tell us more about your enterprise vulnerability management solutions. How does Retina CS help companies address their vulnerability management challenges?

A: Retina CS is the only vulnerability management software solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis.

Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across disparate and heterogeneous infrastructure. Thousands of customers worldwide rely on Retina every day to:

• Prioritize known vulnerabilities by pinpointing which assets and users pose the greatest threat.
• Shorten remediation times by enabling customers to respond faster to both known and emerging threats.
• Expand the sightline into emerging threats by uncovering high-risk assets and anomalous behavior that, viewed in isolation, might slip under the radar but when correlated together spell big trouble.
• Maximize the value of existing security investments by sharing normalized security intelligence with each solution in your “security village,” making better-informed security decisions.

Q: What makes Retina stand out over other similar solutions in the market?

A: The three biggest differentiators of Retina CS vs. other competitive solutions in the market include:

• Reporting: Organizations continue to look for better ways to effectively identify and prioritize their known risks. They are not simply looking for more data, but risk information put in the context of their business environment. Companies respond very positively to reports/dashboards that can pinpoint for them which vulnerabilities they should focus on and why.
• Agent-based scanning: The broader adoption of cloud and virtual environments, the ever-growing mobile workforce and the high security risks associated with privileged accounts have created some difficult challenges for traditional network-based vulnerability scanning. Host-based scans close the security gaps created by these evolving factors by enumerating transient systems and performing fast and authenticated scans, without the need for sharing high-privilege accounts or created new ones for scanning.
• Integration: With more and more data to digest and a severe shortage of skilled cybersecurity pros, effectively detecting and remediating risks requires that IT and security systems easily share application, asset, threat and user data, so they can synchronize their intelligence and put forth a coordinated defense. Companies repeatedly say they want to be able to “respond” faster to both known and emerging threats. Tightly integrating their IT and security systems together will enable them to do that.

Q: Looking ahead, what are some of the trends and technologies you see on the rise in the vulnerability management space and how is BeyondTrust meeting these?

A: What stands out most is how an expanding IT perimeter is altering the vulnerability landscape. For example, growth in cloud, mobile, and IoT endpoints will mean the vulnerability scanners will have to deliver insights across these platforms. The same with DevOps processes and the accordant growth in virtualization or containerization technologies such as Docker.

Vulnerability management systems can enable the secure adoption of these technologies and processes by scanning container instances and libraries, offline image scanning, image integrity tracking and more, providing continuous vulnerability assessment and remediation guidance of the infrastructure and code/builds across physical, virtual and cloud environments.

Since most vulnerability scanners also provide configuration compliance, they can also help by performing continuous configuration and baseline scanning against industry configuration guidelines and best practices from FDCC, NIST, STIGS, USGCB, CIS, Microsoft and others across servers and code/builds in physical, virtual and cloud deployed assets.

Q: BeyondTrust has recently been named a Leader in The Forrester Wave: Vulnerability Risk Management, Q1 2018. What does this distinction mean for the company? And what does the future hold for BeyondTrust? Any new products or solutions you’re brewing up?

A: BeyondTrust is actually a Leader in two Forrester Wave reports – the Vulnerability Risk Management one, and the Privileged Identity Management one. This is a tremendous distinction for BeyondTrust. If you look at where the Forrester Wave gave BeyondTrust the highest possible scores, it was in Endpoint Agent Integration, Total Cost of Ownership, and Product Roadmap.

Our customers should feel confident that they have chosen a solution that delivers tremendous value for the price, and one that has a strong, well-developed, forward-looking roadmap to meet tomorrow’s vulnerability and risk management needs. And since our PowerBroker solutions leverage Retina as the foundation for our threat analytics capabilities, and since Retina informs PowerBroker privilege management decisions through patented integration, PowerBroker customers benefit, too.

With integrations and a rich roadmap including multiple connectors to third-party systems, BeyondTrust is setting the bar for comprehensive privileged threat analytics.

About BeyondTrust

BeyondTrust is the leading cybersecurity company committed to helping organizations prevent cyber-attacks and unauthorized data access due to privilege abuse. BeyondTrust offers a range of solutions that give businesses the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. The company is recognized as a Leader in Vulnerability Risk Management and Privileged Identity Management by Forrester Wave. Over 4,000 customers worldwide, including half of the Fortune 100, rely on BeyondTrust’s security solutions.