最后更新于2020年7月10日星期五格林尼治标准时间13:36:18
朋友们,跟我一起去旅行吧. 我们故事的主角是你和我. They’re thous和s of security analysts 和 sysadmins. They’re people who get s**t done (often the hard way), through sheer 为ce of will 和 a not-insignificant amount of elbow grease.
但在他们的内心深处,想想 可能是什么?. 他们想象他们的 漏洞管理和修补过程 而不是像今天不同的组件, but rather an elegant symphony of algorithmically driven API calls self-healing the environment while they lie back 和 listen to the musical hum of processor fans.
:musical_note: I can show you the world… :musical_note:
好吧,我们来好好谈谈. 天上掉馅饼的自动化工作流是可能的吗? 嗯,也许. 但同样的道理,我也装不出来 斯科特Weinger的 的声音, I’m not going to try 和 为ce-feed what I believe to be largely impractical solutions to really hard problems.
安全编排和自动化 不是关于复杂的,多方面的工作流程. It’s about taking the everyday tasks that we per为m 和 making them easier. 漏洞管理和修补是 包装 with such tasks that are ripe 为 some sweet, sweet orchestration 和 automation. 这些任务的一个常见线程是 IT和安全需要协同工作——成为彼此的工具!—to get things fixed, 和 that’s why Rapid7 has released the 漏洞修复工具包 为 InsightConnect, Rapid7的高飞解决方案. 如果你允许的话, I’d like to take you through a scenario that I’m sure many an analyst 和 sysadmin has gone through.
我可以向你展示这个世界……
Our story features two heroes: a security analyst 和 a sysadmin. They are about to go through an entirely ordinary scenario in their lives. 一个全新的关键漏洞即将出现. It’s one of those annoying ones that impacts software that’s widely deployed but hard to control—possibly a coffee-themed runtime environment, 谁能说?
The security analyst goes through a regular review-和-advise cycle 为 vulnerabilities. 在很大程度上, the agents they’ve deployed gather data automatically at regular intervals, 所以他们不需要太多的照看, 和 the analyst has a lot more on their plate than just 脆弱性管理. Some days, however, a bad one comes across the wire that requires a more immediate response.
今天就是这样的一天.
Upon seeing the vulnerability’s details, the analyst becomes concerned. The risk assessor in them can see that exploitation will be relatively easy, 和 they know that at least some systems in their network will be impacted. It also has one of those catchy names that’s going to appear at the top of a hundred vendor blogs, 这是一个 确定 that their boss will be asking about it, so they’d best get to work.
Knowing any resolution will require IT’s assistance, the analyst jumps into a shared Slack channel with their favorite system administrator. After giving a quick overview of the issue, they dive in. 利用来自代理的新数据, the security analyst starts the first of many workflows they’ll use with InsightConnect. 给InsightConnect机器人的一条快速Slack消息 在InsightVM中触发一个搜索查询 对于受关键漏洞影响的资产, 几分钟之内, the bot delivers the news: Two assets in the network are impacted.
With the vulnerable hosts identified, it’s time 为 the sysadmin to get in the game. The security analyst uses 另一个 InsightConnect工作流 to 查找漏洞详细信息 从Rapid7的漏洞数据库. This fires back with the critical piece of in为mation that the sysadmin needs: the solution in为mation. 有了补丁信息, the sysadmin proceeds to quickly assess the systems in question to ensure that 应用ing the patch won’t hurt anything important. 这是好消息,也是坏消息. 好消息是? One of the systems can be patched without consequence. The sysadmin calls 另一个 InsightConnect工作流 through the slackbot, 在BigFix中启动补丁序列 用于安全补丁资产.
坏消息是? A critical business application will be impacted if the patch is applied to the other asset. 没有什么是简单的. The sysadmin submits an exception request 为 the patch 和 asset, 和 另一个 InsightConnect工作流 notifies the security analyst of the pending exception. 不过,这个故事确实有一个圆满的结局. The sysadmin noted that the vulnerable system is sitting in a segmented corner of the network. The risk is acceptable, 和 the security analyst approves the exception via the slackbot. 一切顺利. 我们的英雄可以安息.
Despite idealizing some aspects of the above scenario, any security analyst or systems administrator will recognize the basic steps that were taken here. What they may not realize is the speed with which resolution is actually possible. No single task is in itself daunting, but the streamlining of them via 在InsightConnect中集成聊天工作流 eliminates the need to log in to multiple tools 和 per为m actions across a variety of complex user interfaces. 它不需要一个巨大的, highly complex workflow to make day-to-day operations a lot more pleasant 为 everyone. Instead, tie Slack to the remediation process with the workflows from the 漏洞修复工具包 为了轻松的提升和快速的回报.
