How SCAP Brought Sanity to Vulnerability Management
Orbitz CISO Ed Bellis explains how the proliferation of vulnerability assessment products and services has created chaos, and how SCAP may be the answer.
(snip)
What's SCAP, you ask? Until last year I hadn't heard of it either.
(/snip)
yes, I thought it rang a bell but I kept asking through 2/3 of the article! Funny thing, you defined SaaS immediately.
A method of unifying and homoginizing all of the various security related logs and reports will be a god send. I look forward to hearing that you have a tool that we can all use. Good luck.
Ron - Look at SecureFusion from Gideon Technologies at http://www.gideontechnologies.com. SecureFusion combines Vulnerability, Policy, & Configuration Management and Asset Discovery. It is SCAP-validated. SecureFusion automates and orchestrates compliance measurement and reporting. SecureFusion gathers standards-based IT risk metrics into a central service-oriented architecture portal where you can view all IT assets, vulnerabilities, configuration details, and policy compliance metrics.
Becky
With regard to the SecureFusion suite from Gideon, I have researched the product and it is certainly an impressive technology stack that would solve all of my problems with one minor exception, it forces you to use the built-in scanner.
What if I don't want to use the built-in scanner?
What if I have a set of scanners that I am required to use and I need to get all the different results imported into some sort of centralized system?
I need a "scanner-agnostic" vulnerability management system, anyone have any ideas?
How SCAP Brought Sanity to Vulnerability Management
Orbitz CISO Ed Bellis explains how the proliferation of vulnerability assessment products and services has created chaos, and how SCAP may be the answer.
» View Article
(snip)
What's SCAP, you ask? Until last year I hadn't heard of it either.
(/snip)
yes, I thought it rang a bell but I kept asking through 2/3 of the article! Funny thing, you defined SaaS immediately.
A method of unifying and homoginizing all of the various security related logs and reports will be a god send. I look forward to hearing that you have a tool that we can all use. Good luck.
Ron - Look at SecureFusion from Gideon Technologies at http://www.gideontechnologies.com. SecureFusion combines Vulnerability, Policy, & Configuration Management and Asset Discovery. It is SCAP-validated. SecureFusion automates and orchestrates compliance measurement and reporting. SecureFusion gathers standards-based IT risk metrics into a central service-oriented architecture portal where you can view all IT assets, vulnerabilities, configuration details, and policy compliance metrics.
Becky
With regard to the SecureFusion suite from Gideon, I have researched the product and it is certainly an impressive technology stack that would solve all of my problems with one minor exception, it forces you to use the built-in scanner.
What if I don't want to use the built-in scanner?
What if I have a set of scanners that I am required to use and I need to get all the different results imported into some sort of centralized system?
I need a "scanner-agnostic" vulnerability management system, anyone have any ideas?
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK