|
| |
|
 |
eTrust
Vulnerability Manager Frequent Questions
|
eTrust Vulnerability
Manager FAQs
eTrust Vulnerability Manager reduces risks by
discovering business-critical assets and the technologies running on them,
correlating them with validated vulnerabilities, providing risk-based task
lists with step-by-step remediation instructions, and measuring progress and
status of remediation efforts.
What is a vulnerability and how does it affect my
systems?
A vulnerability is a hardware or software weakness that
leaves a system open to assault, harm or unauthorized exploitation, either
externally or internally, thereby resulting in an unacceptable risk of
business-critical information. If a vulnerability is exploited by an internal
or external person (hacker) data can be stolen, modified or corrupted on that
system.
Well-known vulnerabilities over the past few years
include Nimda, Code Red, SQLSlammer and others. Each has caused millions of
dollars of damage to enterprise networks, including network downtime of
multiple weeks in some environments. Examples of such damages can be seen
below:
 | Code Red cleanup costs were estimated at US$2.6
billion (Computer Economics) |
|
| Nimda cost a multibillion dollar U.S. financial
institution US$13 million to clean up (US Government National Cyber
Security working group) |
|
| SQLSlammer cleanup costs were estimated at US$1.2
billion (CNET) |
|
| SQLSlammer IT personnel costs for a worldwide
media conglomerate were US$2.3 million in the first two weeks (internal
company estimates) |
|
Why do I need eTrust Vulnerability Manager?
Organizations are struggling with the exponential rise in vulnerabilities, as
well as implementing a comprehensive vulnerability management solution.
Traditional approaches to vulnerability management are too difficult,
expensive, time-consuming and complex to implement, and they require
investments in multiple tools and experts. Managing vulnerabilities requires
several procedures be in place, such as research and validation, asset
inventories, correlation and task management, patch management and remediation
processes, verification procedures and measurement. eTrust Vulnerability
Manager from Computer Associates International, Inc. (CA) is a single-tool
solution that solves this complex management problem.
How will I benefit from using eTrust Vulnerability
Manager?
eTrust Vulnerability Manager is a complete tool for identifying, managing,
fixing and measuring vulnerabilities. Organizations benefit from using this
solution in many different ways, including:
| Access to CA’s industry-leading vulnerability
database — no more need for research |
|
| Reduction in the cost of managing the
vulnerability management process |
|
| Ability to prioritize and manage risk at an asset
level |
|
| Consistency in vulnerability remediation across
the enterprise |
|
| Ability to measure your security posture at an
asset level |
|
| Proactive and reactive methodology to managing
vulnerabilities |
|
How does eTrust Vulnerability Manager detect
vulnerabilities?
eTrust Vulnerability Manager uses non-intrusive methods to detect
vulnerabilities on an asset through a two-step process. Step one is the
identification of technologies running on an asset. This may be accomplished
through either manual input or automatically by eTrust Vulnerability Manager
Service. eTrust Vulnerability Manager Service identifies the version, patch
and hot fix level of technologies running on an asset. This information is
then correlated with CA’s security database to identify the vulnerabilities
that apply to the asset.
How do you update security content and signatures
in eTrust Vulnerability Manager?
Security content and signatures are automatically updated through the transfer
of encrypted data from the CA repository to your local appliance using a
secure Internet link — secure sockets layer (SSL). The frequency of the
transfer is defined by the user as either hourly or daily. From a research
perspective, we strive to review, validate and publish new vulnerabilities on
priority technologies within 72 hours of identification.
Where does eTrust Vulnerability Manager fit in my
network?
There are no restrictions on where eTrust Vulnerability Manager may fit in
your network. However, due to the various types of data stored on the system,
we suggest it be installed inside the DMZ of your corporate network. Other
considerations are Internet accessibility, which is required to receive
content and code updates. In instances where eTrust Vulnerability Manager
cannot have Internet access, the purchase of eTrust Vulnerability Manager –
Director is advised to handle content and code distribution from one console.
What is the Best Practice for deploying eTrust
Vulnerability Manager?
Organizations typically deploy eTrust Vulnerability Manager in a staged
process. The solution is first installed in a certain portion of the network;
there its use is refined and brought into the normal day-to-day operations of
the IT staff. As success occurs, other eTrust Vulnerability Managers are
rolled out across the enterprise.
Who is the competition, and how do you compare
with a vulnerability scanner?
No single product provides the same comprehensive
functionality in eTrust Vulnerability Manager. The closest competitor is
Symantec’s Vulnerability Assessment product, which uses a combination of an
agent and scanning technologies to identify vulnerabilities. In most cases we
are compared to products that provide similar portions of our functionality,
such as:
| • Vulnerability scanners — Foundstone, Qualys and
Internet Security Systems (ISS) |
| • Vulnerability databases — Security Focus and
Trusecure |
| • Configuration tools — Configuresoft
|
| • Patch management — Citadel Security and
Patchlink |
We are most often confused with scanners, which have
four major shortfalls when compared to eTrust Vulnerability Manager:
| 1. Intrusive scanning techniques run the risk of
shutting down critical systems and often discover false positives
|
| 2. Number of vulnerabilities discovered is
approximately 5–20% of the vulnerabilities discovered by eTrust
Vulnerability Manager |
| 3. Number of technologies covered is about 5–10%
of eTrust Vulnerability Manager |
| 4. Delayed vulnerability data due to lag time in
creating and distributing signatures |
Do you perform patch management?
eTrust Vulnerability Manager does not perform patch installation. However,
step-by-step remediation instructions are detailed for each vulnerability.
These instructions include direct links to a vendor’s website to download the
patch or hot fix required to remediate the problem. CA’s Unicenter® Software
Delivery can be used to automate patch distribution. CA is working to
integrate eTrust Vulnerability Manager and Unicenter Software Delivery to help
simplify remediation.
|
