Scaling API-first – The story of a global engineering organization
Cost-effective approach to full-cycle vulnerability management
1. Cost-effective approach to full-cycle
vulnerability management
Sumita Chotani
13th November 2012
Company Confidential
2. Common Issues across SMB
2
One man army
Security is not a priority
Upper Management wants results
Time is of the essence
User friendly product is imperative
3. AUTOMATION is the key
3
What can you automate?
Identifying your Network Topology and Asset
Management?
Vulnerability Assessment of the network?
Reporting the findings of the assessment?
Remediation workflow via a ticketing system?
4. Identifying your network topology
and Asset Management
4
Discover, understand and organize your network
and the people managing the systems
3 Basic Steps:
o Run Scheduled maps*
o Form Asset Groups around the existing
logical structure
o Assign each Asset Group to its respective
owner
Map ~ Network discovery
9. Vulnerability Assessment of the
network
9
Periodic scanning of all perimeter and internal
systems
E.g.
o Nightly scans of Production Environment
o Weekly scans Critical servers and workstations
o Monthly scans of entire network pre and post Patch
Tuesday
11. 11
Reporting the findings of the
assessment
Actionable Report
o Patch Report
• One Interactive Report:
- View of a Patch Matrix
- Patch – Host Mapping
- Link to download the Patch
Schedule report generation