Patches have been available for a bit for Meltdown and Spectre, the "Winter 2017/2018" vulnerabilities so visible that your relatives have likely heard of them, and teenagers are updating their various screens on pain of even slower performance than having a low battery in a 2-year-old iPhone. (I should know, I have a 1+ year old iPhone that I talk on for several hours a day).
Everyone is rapidly tracking and remediating this vulnerability, and I want to show you how easy and fast it is to do with BMC SecOps Response and BSA or SCCM.
First, like everyone working in Security, I've got regular vulnerability scans running. I can pull the latest scan info from my vulnerability scanner, and upload it to SecOps Response.
I can run this hands off (auto-importing from Nessus etc., loading from a folder or other source), but I want to spot check this particular scan.
These vulnerabilities auto-map to patches on load, and I can review them to make sure they're what I want to use. My hosts are already mapped, but if we scanned something new, auto-map will quickly line them up with the endpoint managers, here BSA, SCCM, or BNA (less a target for this particular vulnerability).
Now I go to the Security Dashboard to understand both the overall security view, and that for these specific vulnerabilities. Here's my overall, showing that I've got some Severity 4/5 vulnerabilities that are getting beyond the SLA: I'd better come back to those when I'm done dealing with this particular issue.
I filter by CVE, put in part of the number to quickly find it, and select them. I click "Apply Filters" and I'm filtering in seconds.
The dashboard focuses down to giving me visibility into the state of these specific vulnerabilities. These vulnerabilities were scanned on a certain date, and now we need to go remediate them.
Great, let's flip over to the operator dashboard. Here we see the discovered vulnerabilities, filtered as they were in the Security dashboard, automatically mapped to remediations in our Patch Catalogs. We can narrow down to the set of servers we want to work on using Server Groups and other filters above, and then click the "Remediate" button to build out the remediation task, automatically create a Change Management Request, etc.:
We can quickly step through this process to name this particular Operation:
We can also exclude hosts here, schedule the remediation, etc., and track its execution in the dashboard.
Here we're going to automatically create and document a change management request, typically one of the more important but tedious steps in doing production changes, which will happen with minimal work on my part. We can also skip this, or mark it for Emergency Approval, depending on how your particular Change Management workflow works best.
And here's our operation, ready to go once the change approval has been granted and the maintenance window starts:
Once the Remediation runs, we'll see immediate feedback on the security dashboard, as the vulnerabilities move from "Awaiting Attention", through Awaiting Approval, Execution, and our favorite state, Closed.
So we get integrated vulnerability imports, automated vulnerability and asset mapping, tightly linked remediation, status reporting back to our Security Operations team via the Security Dashboard, and best of all, vulnerabilities that close without war room marathons, but instead Business As Usual.