Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
System Compliance on a Budget
Search
paulh
June 04, 2012
Technology
0
41
System Compliance on a Budget
AUCTC, Saint Mary's University. 2012
paulh
June 04, 2012
Tweet
Share
More Decks by paulh
See All by paulh
Beginners Guide to OSINT
paulh
1
410
squert – an open source UI for NSM data
paulh
0
57
squert - an open source UI for NSM data
paulh
0
290
Internet Safety
paulh
0
110
Situational Awareness with Open Source Tools
paulh
0
100
Network Security Monitoring with Open Source Tools
paulh
0
180
Other Decks in Technology
See All in Technology
Shirankedo NOCで見えてきたeduroam/OpenRoaming運用ノウハウと課題 - BAKUCHIKU BANBAN #2
marokiki
0
150
o11yで育てる、強い内製開発組織
_awache
3
120
Why Governance Matters: The Key to Reducing Risk Without Slowing Down
sarahjwells
0
110
SwiftUIのGeometryReaderとScrollViewを基礎から応用まで学び直す:設計と活用事例
fumiyasac0921
0
140
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
150
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
1
270
Large Vision Language Modelを用いた 文書画像データ化作業自動化の検証、運用 / shibuya_AI
sansan_randd
0
110
データエンジニアがこの先生きのこるには...?
10xinc
0
450
BtoBプロダクト開発の深層
16bitidol
0
330
生成AIを活用したZennの取り組み事例
ryosukeigarashi
0
200
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
mixi_engineers
PRO
1
180
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
180
Featured
See All Featured
A Tale of Four Properties
chriscoyier
160
23k
Code Reviewing Like a Champion
maltzj
525
40k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Producing Creativity
orderedlist
PRO
347
40k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
How STYLIGHT went responsive
nonsquared
100
5.8k
The Cult of Friendly URLs
andyhume
79
6.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Writing Fast Ruby
sferik
629
62k
Why Our Code Smells
bkeepers
PRO
339
57k
Transcript
None
the question: what is the security posture of our devices?
what we used to try and get the answer: McAfee
ePO Nessus Build something
our Experience
McAfee ePO
problems with McAfee ePO complex inaccuracies cumbersome reports blackbox (customizations,
waiting)
Nessus
problems with Nessus tedious overkill inconsistent results hosts accounted for:
76%
our problems in general timing transient devices deepfreeze
our kick at the can
None
what we collect (currently) antivirus windows updates asset info
None
None
None
None
None
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory …? …? …? …? other.. other..
the backend host host antivirus antivirus windows updates windows updates
asset info asset info active directory active directory compliance history compliance history problem frequency problem frequency other.. other.. SHAZAM! SHAZAM!
the script (patch_status.vbs) what it does how it evolved where
it’s headed
what it does deployment scheduled task information gathering transport
how it evolved primarily driven by trial and error a
lot of: “wouldn’t this be neat” what works? what doesn’t? dealing with problems
what it has changed Managed AV Microsoft update Maintenance window
where it’s headed deployment strategy refne/improve installer target other OS’s
where it’s headed additional metrics ids alert data device usage
java version flash version
where it’s headed helpdesk integration automated ticket generation
thoughts?