Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
System Compliance on a Budget
Search
paulh
June 04, 2012
Technology
0
34
System Compliance on a Budget
AUCTC, Saint Mary's University. 2012
paulh
June 04, 2012
Tweet
Share
More Decks by paulh
See All by paulh
Beginners Guide to OSINT
paulh
1
340
squert – an open source UI for NSM data
paulh
0
48
squert - an open source UI for NSM data
paulh
0
200
Internet Safety
paulh
0
100
Situational Awareness with Open Source Tools
paulh
0
94
Network Security Monitoring with Open Source Tools
paulh
0
140
Other Decks in Technology
See All in Technology
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
120
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
230
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
310
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
Featured
See All Featured
Speed Design
sergeychernyshev
25
620
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Automating Front-end Workflow
addyosmani
1366
200k
Code Reviewing Like a Champion
maltzj
520
39k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Faster Mobile Websites
deanohume
305
30k
The Cult of Friendly URLs
andyhume
78
6k
Designing for humans not robots
tammielis
250
25k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Agile that works and the tools we love
rasmusluckow
327
21k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Transcript
None
the question: what is the security posture of our devices?
what we used to try and get the answer: McAfee
ePO Nessus Build something
our Experience
McAfee ePO
problems with McAfee ePO complex inaccuracies cumbersome reports blackbox (customizations,
waiting)
Nessus
problems with Nessus tedious overkill inconsistent results hosts accounted for:
76%
our problems in general timing transient devices deepfreeze
our kick at the can
None
what we collect (currently) antivirus windows updates asset info
None
None
None
None
None
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory …? …? …? …? other.. other..
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory compliance history compliance history problem frequency problem frequency other.. other.. SHAZAM! SHAZAM!
the script (patch_status.vbs) what it does how it evolved where
it’s headed
what it does deployment scheduled task information gathering transport
how it evolved primarily driven by trial and error a
lot of: “wouldn’t this be neat” what works? what doesn’t? dealing with problems
what it has changed Managed AV Microsoft update Maintenance window
where it’s headed deployment strategy refne/improve installer target other OS’s
where it’s headed additional metrics ids alert data device usage
java version flash version
where it’s headed helpdesk integration automated ticket generation
thoughts?