Options

Remediateing security holes

dmoore44dmoore44 Member Posts: 646
in Off-Topic
I was wondering how you guys remediate security issues in your organizations. I know of some tools like BigFix that allow for remote remediation, but I was just wondering what else might be in vogue these days.
Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
· Share on FacebookShare on Twitter

Comments

  • Options
    ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    I prefer the STEPs outlined in RFC 4012012.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
    · Share on FacebookShare on Twitter
  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    We are using a mauve database. That or I did not understand your question correctly.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less     - discounted vouchers for certs
    · Share on FacebookShare on Twitter
  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    I actually currently work on security issues remediation, and can provide some comments if you have a more defined question.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less     - discounted vouchers for certs
    · Share on FacebookShare on Twitter
  • Options
    afcyungafcyung Member Posts: 212
    Well since the question is vague I will just say in general if we find a vulnerability with a scanner if its a violation of established policy(in my case that means AFIs DISA STIGs, NSA guidance) its fixed based on the severity of the vulnerability. If we get something that's not clearly defined in policy we take it to the local CCB for discussion/remediation. Is this a real issue or a false positive. Is this vulnerability an approved weakness and thus not a concern? What steps can we take to mitigate the issue in the interim until the system is fixed, it might be a system missing a critical patch but that patch might break software so we can't install it yet that type of thing.
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    When I did PCI compliance an outside firm would perform a scan and report what they found. After that we would perform our own scan with SAINT to confirm their findings. If they were the same, we would look at the documentation provided by them and by our internal engineers to fix said whole. Generally, if you research the results you'll find the patch or registry tweaks that you need to make.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • Options
    slickprogslickprog Registered Users Posts: 3 ■□□□□□□□□□
    In terms of automated security tools, I know my organization uses McAfee Foundstone along with several other tools. We have a mature process where a central server pushes out approved (tested) patches/fixes.

    There are of course non-technical IT related security issues/weaknesses which tools cannot remediate, which is where a solid process comes in handy to ensure operational/management/physical IT related issues are fixed.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.