1  

BeyondInsight Version 5.4 New and Updated Features

Introducing Advanced Threat Analytics Capabilities and More

An  application  is  launched  for  the  first  time.  An  administrator  logs  in  at  2am.  A  server  has  unpatched  vulnerabilities.  Seen  individually,  these  events  may  be  written  off  as  low-­‐risk  blips.  When  combined  on  a  single  system,  in  a  single  time  period,  they  add  up  to  a  red  alert.    

Advanced  persistent  threats  (APTs)  often  go  undetected  because  traditional  security  analytics  solutions  are  unable  to  correlate  diverse  data  to  discern  hidden  risks.  Seemingly  isolated  events  are  often  written  off  as  exceptions,  filtered  out,  or  lost  altogether  in  a  sea  of  data.  The  intruder  continues  to  traverse  the  network,  and  the  damage  continues  to  multiply.  

BeyondInsight®  Clarity,  now  shipping  standard  with  BeyondInsight  v5.4,  enables  customers  to  detect  critical  IT  security  threats  previously  lost  amidst  volumes  of  data,  while  identifying  specific  users  and  assets  exhibiting  patterns  of  risky  activity.  

Other  new  features  in  BeyondInsight  v5.4  include:  

• BeyondTrust  PowerBroker®  Password  Safe  management  updates:  including  expanded  platformsupport,  plus  filtering  and  API  enhancements

• Reporting  support  for  NIST  800-­‐53  Revision  4  and  PCI  Data  Security  Standard  (DSS)  3.0

• Threat  Intelligence  Connector  for  ServiceNow®:  import  BeyondTrust  Retina  vulnerability  data,launch  Retina  vulnerability  scans,  and  generate  incident  response  tickets  in  ServiceNow  serviceautomation  solutions

• Several  additional  usability  and  reporting  enhancements

BeyondInsight  v5.4  gives  IT  and  security  professionals  unmatched  levels  of  security,  visibility,  and  threat  intelligence,  enabling  them  to  better  understand,  prioritize  and  communicate  risk  enterprise-­‐wide.  

New Feature Highlights

BeyondInsight Clarity – Advanced Threat Analytics

BeyondInsight  Clarity  is  an  advanced  threat  analytics  capability  that  enables  IT  and  security  professionals  to  identify  data  breach  threats  typically  missed  by  other  security  analytics  solutions.  First  available  as  a  technology  preview  in  BeyondInsight  v5.3,  Clarity  is  now  a  standard  capability  of  the  BeyondInsight  IT  Risk  Management  Console,  which  ships  with  a  variety  of  BeyondTrust  privilege  and  vulnerability  management  solutions.  

Clarity  pinpoints  specific,  high-­‐risk  users,  accounts  and  assets  by  correlating  low-­‐level  privilege,  vulnerability  and  threat  data  stored  in  the  central  BeyondInsight  database.  The  BeyondInsight  database  

 

2  

contains  information  gathered  via  powerful  onboard  discovery  capabilities,  combined  with  data  feeds  from  a  variety  of  privilege  and  vulnerability  management  solutions,  including:    • PowerBroker  for  Windows:  user  and  account  activity  data  from  desktops  and  servers  • PowerBroker  for  UNIX  &  Linux:  user  and  account  activity  from  servers  • PowerBroker  Endpoint  Protection  Platform:  IPS,  IDS,  anti-­‐virus  and  firewall  log  data  • Retina  CS  Enterprise  Vulnerability  Management:  vulnerability  data  • Third-­‐Party  Vulnerability  Scanners:  imported  data  from  Qualys®,  Tenable®,  and  Rapid7®      BeyondInsight  Clarity  taps  into  this  rich  database  to  set  baselines  for  normal  behavior,  observe  changes,  and  identify  anomalies  that  signal  critical  threats.    Correlate:  Connect  diverse  asset,  user  and  threat  activity  to  reveal  critical  risks    

Like  a  good  detective,  Clarity  is  proficient  at  gathering  disparate  evidence,  making  connections,  and  uncovering  would-­‐be  data  breach  culprits.  For  instance,  Clarity  can  recognize  that  an  administrator  opening  ports  on  a  vulnerable  server  at  2am  probably  means  trouble.  Clarity  is  uniquely  able  to  analyze  privileged  user  and  account  activity  with  asset  characteristics,  such  as  vulnerability  count,  vulnerability  level,  attacks  detected,  risk  score,  applications,  services,  software  and  ports.  Through  advanced  threat  analytics,  Clarity  correlates  the  data,  connects  the  evidence,  and  reveals  clear  cases  of  user  and  asset  risk.    Measure:  Detect  changes  signaling  in-­‐progress  threats  

Examining  an  asset’s  current  state  isn’t  always  enough  to  reveal  risk,  making  it  critical  to  constantly  measure  and  compare  profile  data  over  time.  For  instance,  today,  an  asset  may  be  running  a  seemingly  normal  set  of  services.  Tomorrow,  it  might  be  running  a  markedly  different  set  of  “normal”  services,  while  similar  assets  remain  unchanged.  Clarity  measures  asset  characteristics  from  one  day  to  the  next,  noting  the  scope  and  speed  of  any  changes.  By  comparing  an  asset’s  “change  velocity”  to  that  of  similar  assets,  Clarity  enables  you  to  see  deviations  that  you  may  have  otherwise  missed.    Isolate:  Spotlight  users  and  assets  posing  the  greatest  risks  

BeyondInsight  Clarity  is  deft  at  flagging  any  users  or  assets  that  deviate  from  the  norm.  Clarity  constantly  organizes  assets  into  like  groups  based  on  their  profiles  and  behaviors.  Whenever  changes  occur  that  cause  a  specific  asset  to  break  from  the  pack,  BeyondInsight  shines  a  spotlight  on  the  outlier  and  its  associated  users  and  accounts,  while  offering  complete  drill-­‐down  capabilities  to  speed  investigation  and  remediation.    Report:  Align  IT  and  security  for  smarter  decision  making    

BeyondInsight’s  powerful  reporting  engine  keeps  IT  security  and  IT  operations  teams  aligned  and  focused  on  business  goals  –  whether  that  means  complying  with  industry  regulations  like  PCI  and  HIPAA  or  simply  reducing  the  risk  profile  by  employing  least  privilege  where  it  makes  the  most  sense.  With  Clarity,  BeyondInsight  expands  its  reports  library  to  over  270  templates,  with  new  templates  for  pinpointing  users,  assets  and  activities  with  high  threat  levels.  As  a  result,  IT  operations  and  security  staff  can  quickly  identify  and  remediate  threats,  while  sharing  vital  risk  and  compliance  data  to  both  technical-­‐  and  non-­‐technical  audiences  within  the  organization.      

3  

One  of  several  new  BeyondInsight  Clarity  Threat  Analytics  reports,  the  “Top  10  Assets”  report  enables  IT  and  security  staff  to  focus  on  specific  assets  and  associated  activities  that  put  the  organization  at  risk.  

PowerBroker Password Safe Management Enhancements

PowerBroker  Password  Safe  is  a  privileged  password  management  solution  based  on  the  BeyondInsight  IT  Risk  Management  Platform.  BeyondInsight  v5.4  provides  centralized  management,  reporting  and  analytics  capabilities  for  Password  Safe  v5.4,  along  with  several  other  BeyondTrust  privilege  and  vulnerability  management  solutions.  New  BeyondInsight  features  for  Password  Safe  include:  

• Password  management  and  rule-­‐based  application  control  integration  with  the  PowerBroker  forWindows  least-­‐privilege  management  solution

• New  platform  and  device  support  for  Cisco®,  Sybase®,  VMware®  vSphere®  (SSH),  F5  BIG-­‐IP®,  HPComware®,  Palo  Alto  Networks®,  Checkpoint®,  Juniper®,  RACF®,  and  IBMi®  (AS400)

• New  Active  Directory  service  account  management  support• DSS  keys  for  managed  accounts  on  Unix  and  Linux• Matching  criteria  for  managed  account  Smart  Rules  (matching  filters)• API  enhancements

4  

NIST SP 800-53 Revision 4 Reporting

BeyondInsight  now  supports  NIST  800-53  revision  4  for  regulatory  compliance  reports.  This  update  is  strategically  important  for  FedRAMP  2.0  and  other  key  frameworks  that focus on vulnerability  assessment  and  configuration  compliance.  

PCI Data Security Standard (DSS) Version 3.0 Reporting

BeyondInsight  v5.4  includes  the  latest  Self  Assessment  Questionnaires  (SAQ)  and  reporting  updates  required  for  PCI  DSS  3.0  vulnerability  assessment  compliance.  These  updates  ensure  that  clients  using  Retina  and  BeyondInsight  continue  to  meet  PCI-­‐mandated  requirements  for  vulnerability  scanning.  

Threat Intelligence Connector for ServiceNow Service Automation Solutions

BeyondTrust  has  partnered  with  ServiceNow®  to  develop  bi-­‐directional  integration  between  BeyondInsight  and  ServiceNow  Asset  Management  and  Incident  Response.  The  new  threat  intelligence  connector  enables  ServiceNow  customers  to:  

• Import  asset  profiles  from  BeyondInsight  discovery  scans  and/or  Retina  vulnerability  scans• Launch  Retina  vulnerability  assessments  from  the  ServiceNow  Asset  Management  module• Generate  incident  response  tickets  in  ServiceNow  based  on  BeyondInsight  Smart  Rules  and  Retina

vulnerability  scans

BeyondInsight  keeps  ServiceNow  customers  up  to  date  with  the  latest  asset  profiles  and  risk  information.

 

BeyondTrust  North  America    |    800.234.9072    |    818.575.4000  |    info@beyondtrust.com  BeyondTrust  EMEA  |    +44  (0)1133  970445  |    emeainfo@beyondtrust.com  

Twitter:  @beyondtrust    |    Facebook.com/beyondtrust    |    Linkedin.com/company/beyondtrust

5  

Miscellaneous Updates

BeyondInsight  v5.4  also  includes  the  following  incremental  improvements:    • Usability  improvements  related  to  address  groups  for  web  vulnerability  scans  • Custom  reports  and  exports  for  Pivot  Grid  Graphs  • Critical  finding  highlights  in  remediation  and  vulnerability  reports  for  immediate  mitigation  • Smart  Group  creation  for  systems  that  have  users  with  administrator  privileges  • Dedicated  BeyondInsight  scan  and  report  templates  for  Personally  Identifiable  Information  (PII)  

discovery  and  the  VMware  Hardening  Guidelines        

About the BeyondInsight IT Risk Management Platform

The  BeyondInsight  IT  Risk  Management  Platform  is  an  integrated  suite  of  software  solutions  used  by  IT  professionals  and  security  experts  to  collaboratively:    • Reduce  user-­‐based  risk  and  mitigate  threats  to  information  assets  • Address  security  exposures  across  large,  diverse  IT  environments  • Comply  with  internal,  industry  and  government  mandates    By  unifying  BeyondTrust  privileged  account  management  and  vulnerability  management  solutions,  BeyondInsight  provides  IT  and  security  teams  a  single,  contextual  lens  through  which  to  view  and  address  user  and  asset  risk.    >  Learn  more  and  schedule  a  demonstration:  http://www.beyondtrust.com/Products/BeyondInsight/    

About BeyondTrust

BeyondTrust  is  a  global  cyber  security  company  dedicated  to  proactively  eliminating  data  breaches  from  insider  privilege  abuse  and  external  hacking  attacks.  Corporate  and  government  organizations  rely  on  BeyondTrust  solutions  to  shrink  attack  surfaces  and  identify  imminent  threats.  The  company's  integrated  risk  intelligence  platform  presents  a  unique  competitive  advantage  in  its  ability  to  reveal  critical  risks  hidden  within  volumes  of  user  and  system  data.  This  unifies  IT  and  Security  departments,  empowering  them  with  the  information  and  control  they  need  to  jointly  prevent  breaches,  maintain  compliance,  and  ensure  business  continuity.  BeyondTrust's  Privileged  Account  Management  and  Vulnerability  Management  solutions  are  trusted  by  4,000  customers  worldwide,  including  over  50%  of  the  Fortune  100.  To  learn  more  about  BeyondTrust,  please  visit  www.beyondtrust.com.      © 2015 BeyondTrust Corporation. All rights reserved. BeyondTrust, BeyondInsight, and PowerBroker are trademarks or registered trademarks of BeyondTrust in the United States and other countries. Other marks are the trademarks of their respective owners.