Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
System Compliance on a Budget
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
paulh
June 04, 2012
Technology
59
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
System Compliance on a Budget
AUCTC, Saint Mary's University. 2012
paulh
June 04, 2012
More Decks by paulh
See All by paulh
Beginners Guide to OSINT
paulh
1
440
squert – an open source UI for NSM data
paulh
0
70
squert - an open source UI for NSM data
paulh
0
370
Internet Safety
paulh
0
140
Situational Awareness with Open Source Tools
paulh
0
120
Network Security Monitoring with Open Source Tools
paulh
0
200
Other Decks in Technology
See All in Technology
“ID沼入口” - 基本とセキュリティから始める、考え続けるためのID管理技術勉強会 告知&イントロ
ritou
0
440
実装だけじゃない! CCA-F取得エンジニアが教えるClaude Code開発プロセス活用術
diggymo
2
430
AIと共生する開発者プラットフォーム:バクラクのモノレポ×マイクロサービス基盤
sakajunquality
1
2.5k
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
1
2.5k
Oracle Exadata Database Service on Cloud@Customer X11M (ExaDB-C@C) サービス概要
oracle4engineer
PRO
2
8.4k
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
2.7k
記録をかんたんに、提案をパーソナルに ── AIであすけんが目指すもの
oprstchn
0
170
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
800
最近評価が難しくなった
maroon8021
0
250
スタートアップにおけるアジャイルの実践について #shibuyagile
murabayashi
3
2.1k
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
3
3k
Zoom2Youtube.Claude
kawaguti
PRO
2
460
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
6k
Ethics towards AI in product and experience design
skipperchong
2
320
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
180
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
11k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
170
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Making Projects Easy
brettharned
120
6.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Why Our Code Smells
bkeepers
PRO
340
58k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
180
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
800
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
Transcript
None
the question: what is the security posture of our devices?
what we used to try and get the answer: McAfee
ePO Nessus Build something
our Experience
McAfee ePO
problems with McAfee ePO complex inaccuracies cumbersome reports blackbox (customizations,
waiting)
Nessus
problems with Nessus tedious overkill inconsistent results hosts accounted for:
76%
our problems in general timing transient devices deepfreeze
our kick at the can
None
what we collect (currently) antivirus windows updates asset info
None
None
None
None
None
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory …? …? …? …? other.. other..
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory compliance history compliance history problem frequency problem frequency other.. other.. SHAZAM! SHAZAM!
the script (patch_status.vbs) what it does how it evolved where
it’s headed
what it does deployment scheduled task information gathering transport
how it evolved primarily driven by trial and error a
lot of: “wouldn’t this be neat” what works? what doesn’t? dealing with problems
what it has changed Managed AV Microsoft update Maintenance window
where it’s headed deployment strategy refne/improve installer target other OS’s
where it’s headed additional metrics ids alert data device usage
java version flash version
where it’s headed helpdesk integration automated ticket generation
thoughts?