Three Ways to Secure Virtual Applications

Similar documents
Simplifying the Challenges of Mobile Device Security

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Avoiding the Top 5 Vulnerability Management Mistakes

VMware ThinApp Application Virtualization Made Simple

Understanding BeyondTrust Patch Management

Intrusive vs. Non-Intrusive Vulnerability Scanning Technology

WHITE PAPER. Take Back Control of Your Active Directory Auditing

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

BEST PRACTICES. Systems Management.

VMware ThinApp Agentless Application Virtualization Overview W HITE P APER

Complete Patch Management

Retina CS: Using Strong Certificates

WHITE PAPER. Best Practices for Securing Remote and Mobile Devices

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Das AdminStudio beinhaltet eine ganze Reihe von Tools zum Thema Anwendungspaketierung- und Virtualisierung, die wir ihnen nachfolgend zeigen wollen:

VMware End User Computing Horizon Suite

SecureIIS Web Server Protection Guarding Microsoft Web Servers

Practical Patch Compliance

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

APPLICATION VIRTUALIZATION TECHNOLOGIES WHITEPAPER

VMware ThinApp REVIEWER S GUIDE

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

System Planning, Deployment, and Best Practices Guide

AdminStudio Release Notes. 16 July Introduction New Features... 6

Getting Started with Application Virtualization

Finally: Achieve True Principle of Least Privilege for Server Administration in Microsoft Environments

Managing non-microsoft updates

Integrated Threat & Security Management.

Citrix XenApp The need for a Citrix server will still be required so no integration with our future SCCM environment will be available.

Devising a Server Protection Strategy with Trend Micro

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Lumension Endpoint Management and Security Suite

Devising a Server Protection Strategy with Trend Micro

WHITE PAPER. BeyondTrust PowerBroker : Root Access Risk Control for the Enterprise

Invincea Advanced Endpoint Protection

Legacy Applications and Least Privilege Access Management

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

AdminStudio Installation Guide. Version 2013

Tackling Third-Party Patches

Best Practices. Understanding BeyondTrust Patch Management

Mobile Device Management

Rising to the Challenge. The mid-size business and the New World of Work.

Proven LANDesk Solutions

Server and Storage Sizing Guide for Windows 7 TECHNICAL NOTES

How To Test For Security On A Network Without Being Hacked

Desktop Application Virtualization and Application Streaming: Function and Security Benefits

How To Install Ass Software On A Computer Or A Hard Drive

5 Steps to Advanced Threat Protection

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Server-centric client virtualization model reduces costs while improving security and flexibility.

InstallAware for Windows Installer, Native Code, and DRM

Fast and Effective Migration from Novell to Windows Active Directory with VMware Mirage WHITE PAPER

PCI-DSS Penetration Testing

WHITEPAPER. Nessus Exploit Integration

Horizon Workspace Suite Juan I. Vera End User Computing Specialist

Virtualization Essentials

Managed Service Plans

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

NETWORK PENETRATION TESTING

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Vulnerability Management

JAVA WEB START OVERVIEW

Servervirualisierung mit Citrix XenServer

What Do You Mean My Cloud Data Isn t Secure?

Veritas Enterprise Vault for Microsoft Exchange Server

Taking a Proactive Approach to Linux Server Patch Management Linux server patching

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Securing OS Legacy Systems Alexander Rau

White Paper The Dynamic Nature of Virtualization Security

How To Manage A Privileged Account Management

Adobe Flash Player and Adobe AIR security

How To Compare Application Virtualization To Other Software On A Computer Or Network (For A Free)

Windows 7: Tips and Best Practices for Simplified Migration By Nelson Ruest and Danielle Ruest

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

The Importance of Patching Non-Microsoft Applications

FREQUENTLY ASKED QUESTIONS

System Administration Training Guide. S100 Installation and Site Management

Transcription:

WHITE PAPER Detect, Scan, Prioritize, and Remediate Vulnerabilities

Table of Contents Subtitle 1 Headline 3 Headline 3 Sub-Headline 3 ConcIusion 3 About BeyondTrust 4 2 2013. BeyondTrust Software, Inc.

Virtual Application Overview Applications are virtualized by encapsulating application files and registry settings into a single package that can be deployed, managed, and updated independently from the underlying operating system (OS). The virtualized applications do not make any changes to the underlying OS and continue to behave the same across different configurations for compatibility, consistent end-user experiences, and ease of management. Virtualization has become extremely popular with 80% of enterprises having a virtualization program or project (Gartner Virtualization Reality Report). VMware s ThinApp is one of the most popular products used to virtualize an app. This whitepaper focuses on the integration and value of using VMware ThinApp technology with eeye s vulnerability management solution, Retina. Why Virtualize Applications? There are hundreds of reasons to virtualize an application and here are a few common scenarios: Simplify Windows 7 migration - Easily migrate legacy applications such as Internet Explorer 6 to 32- and 64-bit Windows 7 systems. Virtual apps enable you to eliminate costly recoding, regression testing, and support costs. Eliminate application conflicts - Isolate desktop applications from each other and from the underlying OS to avoid conflicts. For example, you can run Internet Explorer 6 seamlessly on Windows 7 alongside newer Internet Explorer browsers. Consolidate application streaming servers - Enable multiple applications and sandboxed user-specific configuration data to reside safely on the same server. Augment security policies - Deploy virtualized packages on locked-down PCs and allow end users to run applications without compromising security. Increase mobility for end users - Deploy, maintain, and update virtualized applications on USB flash drives for ultimate portability. Vulnerability Trends Security professionals must account for virtual applications as part of their standard vulnerability management process as increased popularity and exposure hasn t gone unnoticed by hackers. Vulnerabilities have been on the rise and that trend is expected to continue. In 2010, there were 8562 publicly disclosed vulnerabilities which is a 27% increase over the previous year and in 2011 37% of publicly disclosed vulnerabilities do not have a vendor supplied patch. In addition, vulnerability severity has increased with the majority of vulnerabilities categorized as medium or higher (IBM X-Force 2011 Mid-year Trend and Risk Report). 3 2013. BeyondTrust Software, Inc.

Figure 1: Vulnerability Disclosures by Year 1996 2011. Figure 2: Vulnerability Disclosures by Severity 2009 2011. Figure 3: Vendor Patch Timeline for first half of 2011. 4 2013. BeyondTrust Software, Inc.

Anatomy of an Attack Hackers try to exploit the most users with the least amount of effort. For example, due to the prevalent use of PDF documents throughout the workplace, it is common for attackers to exploit PDF viewers, such as Adobe Reader. Assuming a user has an older, vulnerable version of Adobe Reader installed, an attacker simply sends an email containing a malicious PDF file and the user is exploited upon viewing. Hackers typically use current events or email spoofing to trick users into viewing attachments. One of the more popular methods is spoofing the Human Resources department with a timely subject line such as New Holiday Calendar or Benefit Changes. Since it appears safe to open a document from Human Resources, users open these attachments and are easily exploited. Exploitation of virtual applications is no different. The attacker sends the same malicious code and the user is exploited upon viewing. Virtualized applications are not installed like traditional applications as they are essentially a self-contained executable that can be installed in various locations. The end result is traditional vulnerability scanners are not able to detect virtualized vulnerabilities and in this case the Adobe Reader vulnerability would not be detected. However, Retina s scan engine can discover the vulnerable application as well as help remediate the vulnerability, such as providing an upgrade link to a newer version of Adobe Reader - which could then be repackaged and deployed as an updated and secure virtual application package. Retina is the only solution that automates vulnerability management for virtual applications. Doesn t my vulnerability scanner identify vulnerabilities in virtualized applications? Traditional vulnerability scanners are not able to detect virtual app vulnerabilities due to the way virtual apps are installed. Retina is the only solution that is able to detect where ThinApp packages have been deployed on your network. This information is used to properly scan virtual apps and ensure ThinApp applications are part of your standard vulnerability management process. ThinApp Architecture VMware defines application virtualization as the ability to deploy software without modifying the host computer or making any changes to the local operating system, file system, or registry. Using this virtualization technology, organizations can deploy custom and commercial software across the enterprise without installation conflicts, system changes, or any impact on stability. Virtualized applications such as VMware ThinApp can be run without any modifications or additions to a PC, including administrative permissions. Traditional applications that are installed and run locally utilize a variety of components such as the following: files, registry settings, Windows services, etc. Virtualizing an application encapsulates all of the components from a traditional installed application into a single EXE that functions sort of like a bubble floating on top of the operating system. From the workstation s perspective, the myriad of files and registry settings making up the virtual application are not visible all it sees is one executable. But the end result is a virtual application functioning properly on the host as if it were installed locally. 5 2013. BeyondTrust Software, Inc.

Virtualizing applications does provide an additional layer of security by running the application inside a bubble, but it can be a false sense of security, as vulnerabilities still exist within the application itself. Also, it is common to virtualize older or legacy applications that a company needs to continue using legacy apps are notorious for being vulnerable. For example, if a legacy web service is installed within a virtualized environment, attackers can exploit unpatched vulnerabilities within that service. Another security benefit of virtualized applications is customizable rules of isolation, meaning a user dictates how the virtual app interacts with the host operating system. In most instances the application can see files and registry settings on host machines as if it was natively installed, but it isn t allowed to physically change files or settings. For example, any sort of run-time modification that an application may try to attempt to a file or a registry value is actually stored in a sandbox. This sandbox is nothing more than a folder that holds run-time modifications. If a run-time vulnerability is executed the change occurs in the sandbox and doesn t affect the physical host. The architecture of virtual applications makes it difficult for traditional vulnerability management solutions to understand because everything is contained in a single EXE. Retina enables security professionals to extend into the virtual world and tell you exactly what s going on from a vulnerability management perspective by looking inside the EXE. Retina s integration with ThinApp is designed to make virtual apps part of your standard vulnerability processes scan all applications (including virtualized) and manage vulnerabilities from a centralized console. Three Ways to Secure Virtualized Applications When ThinApp virtualizes an application, it s important to understand how virtualization affects the security footprint of any potential vulnerability. Here are the three main areas to focus from a vulnerability management perspective: Discover all virtual applications when the apps are not executing as well as understand where they exist on your network (servers, desktops, file shares, etc.) and where virtual apps have previously been run. Scan, prioritize, and remediate virtual application vulnerabilities Don t forget custom applications Discover Virtual Applications The biggest challenge is finding ThinApp packages since there is no registry on the physical host if you install a ThinApp package again there is just a single EXE. Retina detects ThinApp packages in a few different ways. The first method is if ThinApp is deployed using MSI (Microsoft Installer Technology), which is one of the options in the ThinApp Package Creation Wizard. If you deploy the virtual app as a standard regular piece of software it will be registered and display in Add or Remove Programs. Retina detects the application is a ThinApp version of the product, and acts accordingly. Instead of having audits look at the registry, Retina will go out and find the ThinApp package, enumerate that package, and then perform standard vulnerability checks. 6 2013. BeyondTrust Software, Inc.

Not everybody uses MSI to deploy ThinApp packages and there are various ways to deploy virtual apps such as simply copying a ThinApp package to a desktop or having it on a file share. Retina has forensic functionality to check for virtual applications by essentially looking backwards to find where the actual ThinApp package exists. Lastly, if there happens to be an application that isn t using MSI, ThinApp also has the option of including scripts. Retina s script can be bundled directly within ThinApp when creating the package. This script publishes the location of ThinApp bundles. The first time you run the virtual app the keys are published for Retina s scan engine to detect. In this example, Retina found a ThinApp version of Google Chrome. At the bottom of the screenshot there are a few additional details such as where the ThinApp package actually exists, that it s a dat file, and v13.0.782.215. Even if there s not a vulnerability detected in the ThinApp package, Retina s scanner still enumerates the virtual app just as it would any normal software that is locally installed. This information is available in Retina s standard reports and virtual apps are labeled appropriately. Scan, Prioritize, and Remediate Vulnerabilities Now that Retina has detected ThinApp packages the focus changes to auditing for vulnerabilities. Also, Retina does not need to launch a ThinApp application in order to scan. Retina utilizes VMware s ThinApp API, which is extremely flexible and allows Retina to scan the file system and registry of virtual apps. Retina uses the API to examine the ThinApp s file systems and registry and treat it like a normal physical file system and registry. Retina performs standard vulnerability checks looking at file versions, registry values, and numerous other methods to detect if there s a vulnerable piece of software installed. The scanning process is completed behind the scenes and is transparent to the end user as they simply select the ThinApp audit and click run. There s nothing that needs to be installed on the target machines - it s all agentless. In addition, eeye has an optional agent, Retina Protection Agent, that can be deployed on devices that are not part of your corporate network and it reports results back to the centralized management console. 7 2013. BeyondTrust Software, Inc.

This screenshot displays a vulnerability for Google Chrome Multiple Vulnerabilities ThinApp. Retina lists various risk details and how to remediate. In this case, the fix is to upgrade to a newer version of Google Chrome. A quick side note regarding risk or vulnerability severity - Retina has the ability to adjust severity of a vulnerability. If it s determined the risk is lower due to Google Chrome being deployed via ThinApp the user can adjust severity to Medium or Low. Don t Forget Custom Applications Retina has an extremely comprehensive database that includes vulnerability audits for over 1700 platforms, but it s common to virtualize custom or homegrown applications. For example, a custom application may have been developed 5 or 10 years ago, but needs to be virtualized in order to run on a newer operating system. Retina has the ability to create custom audits that look at any ThinApp package, determine the version, and list what workstations have the package deployed. In this example, we used Google Chrome again, but it can be any application that you have. Conclusion As applications are virtualized in order to minimize costs and eliminate conflicts it creates a hybrid environment on the desktop. It s important to always be conscious of the fact that risks are present inside virtual applications. Retina is the first and only solution to provide vulnerability management for applications virtualized with VMware s ThinApp Technology to: Reduce risk by ensuring ThinApp applications are properly discovered and are part of standard vulnerability management processes. Increase visibility and automate vulnerability assessment for ThinApp packages. Decrease time, effort, and cost associated with the discovery and remediation of vulnerabilities within ThinApp applications. Retina s integration with ThinApp continues eeye s theme of no-gap security management by enabling security professionals to manage risk by making ThinApp packages part of their standard vulnerability management processes. 8 2013. BeyondTrust Software, Inc.

About BeyondTrust With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) and vulnerability management solutions for dynamic IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world s 10 largest banks, seven of the world s 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held, and headquartered in Carlsbad, California. For more information, visit beyondtrust.com. CONTACT INFO NORTH AMERICAN SALES 1.800.234.9072 sales@beyondtrust.com EMEA HEADQUARTERS Suite 345 Warren Street London W1T 6AF United Kingdom Tel: + 44 (0) 8704 586224 Fax: + 44 (0) 8704 586225 emeainfo@beyondtrust.com CONNECT WITH US Twitter: @beyondtrust Facebook.com/beyondtrust Linkedin.com/company/beyondtrust www.beyondtrust.com 9 2013. BeyondTrust Software, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information