Two significant vulnerabilities affecting a wide range of systems that couldn't be patch fast enough were released in the past few months. The simple solution for both issues was to find and to patch. However, if the site audit policy is inadequate, finding these systems became a daunting task. It became clear that regularly auditing a network is a necessity, having a baseline you can rely on and an accurate software inventory is critical when dealing with issues like; how many systems are using Bash or might have OpenSSL embedded in them is paramount. Ways that can be used to address and fix known vulnerabilities; and help detect suspicious activity: 1- Identify the risks, if software patch it. If it is the enterprise's "crown jewels", make sure they are well protected. Remember, this a repetitive process that need to be reviewed at regular interval. Dealing with Bash will eventually be coming to an end. If you already have a simple and easy method for auditing and keeping an accurate host software inventory, we would like to hear from you. Using your method, how quickly were you able to identify all the vulnerable network devices? [1] http://heartbleed.com/ ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 493 Posts ISC Handler Sep 28th 2014 |
Thread locked Subscribe |
Sep 28th 2014 6 years ago |
We have Tenable Security Center + Continuous View set up + 1/2 FTE dedicated to it.
We had our results after one credentialed scan of our address space. |
Anonymous |
Quote |
Sep 29th 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!