Report Book: Retina Network Security Scanner Unlimited

Transcription

1 REPORT BOOK Report Book: Retina Network Security Scanner Unlimited Version 5.20 January

2 Table of Contents Retina Network Security Scanner Unlimited... 3 Report Title: Remediation Report... 3 Report Title: Executive Report... 3 Report Title: Summary Report... 4 Report Title: Vulnerability Export... 5 Report Title: Access Report... 6 Report Title: PCI DSS 3.0 Compliance Report... 6 Report Title: Regulatory Compliance... 7 Report Title: Dashboard Report... 8 Report Title: SCAP Benchmark Assessments Report... 9 Report Title: Web Application (Standard Edition) Report About BeyondTrust

3 Retina Network Security Scanner Unlimited The following reports are available from within the Retina Network Security Scanner Unlimited (RNSSU) version. These can be generated from the vulnerability assessment scan engine, benchmark compliant scan wizard, and the web application scan engine. Report Title: Remediation Report This report is sortable by asset or vulnerability and allows filtering by risk, asset, and vulnerability. Users can customize notes presented in the report and explicit details regarding the findings are provided in the sample below: Report Title: Executive Report The executive report represents all of the findings in the form of metrics. This includes charts for the most vulnerable assets and top 10 vulnerabilities, as well as, detailed findings for asset inventory on processes, shares, etc. 3

4 Report Title: Summary Report The summary report provides a flattened version of all details from a scan. This includes metrics regarding the scan itself and all assets discovered. Flatten details cover all metrics from asset traits to enumerations of software, process, shares, etc. 4

5 Report Title: Vulnerability Export The vulnerability export is designed for consumption of the data using third party tools. Users can export the results as CSV, HTML, and XML. Fields can be selected through the UI to explicitly set which data can be exported. The sample below is a CSV export with all fields turned on. 5

6 Report Title: Access Report The access report is designed to enumerate all targets for a scan and whether credentials failed to authenticate for a target and why. This assists teams with identifying targets that fail authenticated scans based on faulty credentials or hardening techniques used to block authenticated access. Report Title: PCI DSS 3.0 Compliance Report This report is specific to the PCI DSS 3.0 standard. It produces a report compliant for submission as 6

7 an ASV, allows for completion of the required Self Assessment Questionnaires (SAQs), and company details as applicable for a compliant solution. Report Title: Regulatory Compliance The Retina Network Security Scanner contains detailed mappings for vulnerabilities to the following regulatory compliance initiatives and frameworks: ITIL, ISO 27002, COBIT, NIST, NERC/FERC, MASS 201, GLBA, HITRUST, and SOX. 7

8 Below are samples for NIST and HIPAA. Note, these are modeled after the remediation report. Report Title: Dashboard Report The dashboard report provides a single page summary of a scan and the findings. Based on the findings, anything excessive will cause the assessment to be flagged as Passed or Failed. 8

9 Report Title: SCAP Benchmark Assessments Report The Retina Network Security Scanner Unlimited is a certified SCAP 1.1 benchmark compliance scanner. The solution contains over 70 out-of-the-box benchmark templates from NIST, MITRE, CIS, Microsoft, RedHat, and the US Government. Below is a sample for a domain controller using a STIG template. 9

10 Report Title: Web Application (Standard Edition) Report The Retina Network Security Contains the Standard Edition of our Web Application Scan Engine. The scan engine is available as a wizard from the tool menu and will provide interactive reports for highlighting remediation details for web applications. Below are screenshots from the summary screen and web application vulnerability details page. 10

11 11

12 About BeyondTrust BeyondTrust is a global cyber security company dedicated to proactively eliminating data breaches from insider privilege abuse and external hacking attacks. Corporate and government organizations rely on BeyondTrust solutions to shrink attack surfaces and identify imminent threats. The company's integrated risk intelligence platform presents a unique competitive advantage in its ability to reveal critical risks hidden within volumes of user and system data. This unifies IT and Security departments, empowering them with the information and control they need to jointly prevent breaches, maintain compliance, and ensure business continuity. BeyondTrust's Privileged Account Management and Vulnerability Management solutions are trusted by 4,000 customers worldwide, including over 50% of the Fortune 100. To learn more about BeyondTrust, please visit BeyondTrust Corporation. All rights reserved. BeyondInsight, PowerBroker, Retina, and Retina Network Security Scanner are trademarks or registered trademarks of BeyondTrust in the United States and other countries. Other marks are the trademarks of their respective owners. 12