Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
System Compliance on a Budget
Search
paulh
June 04, 2012
Technology
0
34
System Compliance on a Budget
AUCTC, Saint Mary's University. 2012
paulh
June 04, 2012
Tweet
Share
More Decks by paulh
See All by paulh
Beginners Guide to OSINT
paulh
1
340
squert – an open source UI for NSM data
paulh
0
48
squert - an open source UI for NSM data
paulh
0
200
Internet Safety
paulh
0
100
Situational Awareness with Open Source Tools
paulh
0
94
Network Security Monitoring with Open Source Tools
paulh
0
140
Other Decks in Technology
See All in Technology
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
1
290
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
300
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
1
120
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
630
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
130
Application Development WG Intro at AppDeveloperCon
salaboy
0
200
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
230
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
950
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
A Tale of Four Properties
chriscoyier
156
23k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Producing Creativity
orderedlist
PRO
341
39k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
How GitHub (no longer) Works
holman
310
140k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.8k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Transcript
None
the question: what is the security posture of our devices?
what we used to try and get the answer: McAfee
ePO Nessus Build something
our Experience
McAfee ePO
problems with McAfee ePO complex inaccuracies cumbersome reports blackbox (customizations,
waiting)
Nessus
problems with Nessus tedious overkill inconsistent results hosts accounted for:
76%
our problems in general timing transient devices deepfreeze
our kick at the can
None
what we collect (currently) antivirus windows updates asset info
None
None
None
None
None
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory …? …? …? …? other.. other..
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory compliance history compliance history problem frequency problem frequency other.. other.. SHAZAM! SHAZAM!
the script (patch_status.vbs) what it does how it evolved where
it’s headed
what it does deployment scheduled task information gathering transport
how it evolved primarily driven by trial and error a
lot of: “wouldn’t this be neat” what works? what doesn’t? dealing with problems
what it has changed Managed AV Microsoft update Maintenance window
where it’s headed deployment strategy refne/improve installer target other OS’s
where it’s headed additional metrics ids alert data device usage
java version flash version
where it’s headed helpdesk integration automated ticket generation
thoughts?