BeyondSaaS simplifies vulnerability management by allowing organizations to scan public-facing assets to identify open vulnerabilities. BeyondSaaS is particularly effective in helping organizations achieve and maintain compliance with regulatory and industry compliance mandates such as PCI-DSS (Payment Card Industry Data Security Standards), SOX (Sarbanes-Oxley), or HIPAA (Health Insurance Portability and Accountability Act).
The approach of BeyonSaaS is to provide an attackers-eye view—scanning your Internet-connected servers and applications from the same perspective an attacker has when scanning your network for holes to exploit. While it's important to know where vulnerabilities exist both inside and outside the network, it's crucial to address flaws that can be exploited directly from outside the network.
The heart of BeyondSaaS is the Retina Network Security Scanner—one of the most well-known, and widely used vulnerability scanning platforms in the industry. BeyondSaaS enables you to run manual ad hoc scans, or schedule automated vulnerability scans, and create reports that can be accessed and viewed from a Web browser.
"With the release of BeyondSaaS, BeyondTrust is providing a trusted hands-free approach to vulnerability management and regulatory compliance with a higher degree of accuracy and a lower annual cost," said Kevin Baker, principal at Innovative Management LLC.
One of the advantages of BeyondSaaS is that it is entirely cloud-based, and there is no hardware or software to deploy. The BeyondSaaS platform integrates with Microsoft Live credentials, or Active Directory, and can be managed from any Web browser—even from a smartphone or tablet.
Managing IT from the cloud
The BeyondSaaS platform is part of a growing trend of cloud-based IT management and IT security tools. There are benefits to cloud-based tools for any size organization, but the cloud is particularly valuable for small and medium companies.
- 10 must-try cloud tools for business
- Securing data in the cloud with encryption: The Cypher-X solution
- How cloud computing will impact the on-premise data center
First of all, cloud-based tools are generally cheaper than a comparable solution installed on-premise. There is no hardware to purchase, and typically no software licenses to manage. Companies also don't have to invest in the network architecture necessary to support the platform.
With a cloud-based tool, the vendor is responsible for ensuring the servers are operational, and performing optimally. The vendor manages updates to the application, and to the underlying hardware or operating system. The net result is that the customer can just use the tool and focus on its own business, and the vendor fills the role of IT admin.
Cloud-based tools are also easier to scale as needs change. Where an on-premise solution might require purchasing and configuring additional hardware, and re-provisioning network resources, cloud services can typically scale up with a few clicks of the mouse. More importantly, when the demand subsides you can simply scale back without being stuck with hardware and software you no longer need.
Finally, cloud-based IT management tools are convenient because they can be accessed and managed from virtually anywhere using just about any Web-enabled device.
If your company has public-facing servers or Web resources, you need to perform regular vulnerability scans to ensure they're secure. If you don't have a vulnerability assessment tool in place, you should take a look at what BeyondSaaS can do for you. It's not comprehensive, but it is simple, and cost-effective, and it addresses the public-facing assets that are at the greatest risk of compromise.
You can learn more about BeyondTrust's BeyondSaaS service by attending one of the webcasts being hosted on Thursday, November 21. BeyondTrust CTO Marc Maiffret and Senior Director of Program Management, Morey Haber will host the webcasts to showcase the BeyondSaaS technology through a live demo and answer questions from the audience.
Tony Bradley is a principal analyst with Bradley Strategy Group. He is a respected authority on technology, and information security. He writes regularly for Forbes, and PCWorld, and contributes to a wide variety of online and print media outlets. He has authored or co-authored a number of books, including Unified Communications for Dummies, Essential Computer Security, and PCI Compliance.