Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
System Compliance on a Budget
Search
paulh
June 04, 2012
Technology
0
29
System Compliance on a Budget
AUCTC, Saint Mary's University. 2012
paulh
June 04, 2012
Tweet
Share
More Decks by paulh
See All by paulh
Beginners Guide to OSINT
paulh
1
330
squert – an open source UI for NSM data
paulh
0
48
squert - an open source UI for NSM data
paulh
0
170
Internet Safety
paulh
0
100
Situational Awareness with Open Source Tools
paulh
0
94
Network Security Monitoring with Open Source Tools
paulh
0
130
Other Decks in Technology
See All in Technology
学術機関におけるID連携とOpenID Connect
fujie
0
270
社内の学びの場・コミュニティ形成とエンジニア同士のリレーションシップ構築/devreljapan2024
nishiuma
3
290
エンジニア視点で見る、 組織で運用されるデザインシステムにするには
shunya078
1
310
AIで変わるテスト自動化:最新ツールの多様なアプローチ/ 20240910 Takahiro Kaneyama
shift_evolve
0
240
サプライチェーン攻撃に備える
ryunen344
0
290
タイミーのレコメンドにおける ABテストの運用
ozeshun
1
170
ナレッジグラフとLLMの相互利用
koujikozaki
0
420
『GRANBLUE FANTASY: Relink』最高の「没入感」を実現するカットシーン制作手法とそれを支える技術
cygames
1
140
サーバー管理しないサーバーサービスManaged DevOps Pool
kkamegawa
0
130
アプリをリリースできる状態に保ったまま 段階的にリファクタリングするための 戦略と戦術 / Strategies and tactics for incremental refactoring
yanzm
6
1.4k
JTCや セキュリティチェックリストが夢の跡
nikinusu
1
710
『GRANBLUE FANTASY Relink』キャラクターの魅力を支えるリグ・シミュレーション制作事例
cygames
0
120
Featured
See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k
Art, The Web, and Tiny UX
lynnandtonic
294
20k
KATA
mclloyd
27
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
263
13k
Clear Off the Table
cherdarchuk
91
320k
Designing for humans not robots
tammielis
248
25k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
36
1.7k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.4k
A better future with KSS
kneath
235
17k
What's in a price? How to price your products and services
michaelherold
242
11k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.1k
Fireside Chat
paigeccino
31
2.9k
Transcript
None
the question: what is the security posture of our devices?
what we used to try and get the answer: McAfee
ePO Nessus Build something
our Experience
McAfee ePO
problems with McAfee ePO complex inaccuracies cumbersome reports blackbox (customizations,
waiting)
Nessus
problems with Nessus tedious overkill inconsistent results hosts accounted for:
76%
our problems in general timing transient devices deepfreeze
our kick at the can
None
what we collect (currently) antivirus windows updates asset info
None
None
None
None
None
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory …? …? …? …? other.. other..
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory compliance history compliance history problem frequency problem frequency other.. other.. SHAZAM! SHAZAM!
the script (patch_status.vbs) what it does how it evolved where
it’s headed
what it does deployment scheduled task information gathering transport
how it evolved primarily driven by trial and error a
lot of: “wouldn’t this be neat” what works? what doesn’t? dealing with problems
what it has changed Managed AV Microsoft update Maintenance window
where it’s headed deployment strategy refne/improve installer target other OS’s
where it’s headed additional metrics ids alert data device usage
java version flash version
where it’s headed helpdesk integration automated ticket generation
thoughts?