Skip navigation
Share:|

Coming up on October 18, 2018 is BMC’s annual user event, the BMC Exchange in New York City!

 

Exchange-NY-CityImage-Linkedin.jpg

 

During this free event, there will be thought-provoking keynotes including global trends and best practices.  Also, you will hear from BMC experts and your peers in the Digital Service Operations (DSO) track.  Lastly, you get to mingle with everyone including BMC experts, our business partners, and your peers.  Pretty cool event to attend, right? 

 

In the DSO track, we are so excited to have 3 customers tell their stories. 

  • Cerner will speak about TrueSight Capacity Optimization and their story around automation and advanced analytics for capacity and planning future demand.   Check out Cerner’s BizOps 101 ebook
  • Park Place Technologies’ presentation will focus on how they leverage AI technology to transform organizations.
  • Freddie Mac will join us in the session about vulnerability management.  Learn how your organization can protect itself from security threats.  Hear how Freddie Mac is using BMC solutions. 

 

BMC product experts will also be present in the track and throughout the entire event.

  • Hear from the VP of Product Management on how to optimize multi-cloud performance, cost and security
  • Also, hear from experts on cloud adoption.  This session will review how TrueSight Cloud Operations provides you visibility and control needed to govern, secure, and manage costs for AWS, Azure, and Google Cloud services.

 

At the end of the day, there will be a networking reception with a raffle (or 2 or 3).  Stick around and talk to us and your peers.  See the products live in the solutions showcase. Chat with our partners.  Stay around and relax before heading home. 

 

Event Info:

Date: October 18th 2018

When: 8:30am – 7:00pm

  • Keynote begins at 9:30am
  • Track Sessions begin at 1:30pm
  • Networking Reception begins at 5:00pm

Where: 415 5th Ave, NY, NY 10016

 

For more information and to register, click here

 

Look forward to seeing you in NYC!  Oh, and comment below if you are planning to attend!  We are excited to meet you.

Share:|

We are pleased to announce that TrueSight Vulnerability Management 3.0 is now GA.

 

Bladelogic Threat Director and SecOps Response Service have been now been converged to a single platform and is called TrueSight Vulnerability Mgmt.

TSVM1.JPG

Highlights of the release:

 

  1. Product Delivery using Docker Containers: TSVM is now deployed as a set of Docker Containers giving our customers are faster and better install experience
  2. SCCM support: SCCM integration is now supported and users can now use SCCM for remediation through TSVM
  3. Data Enrichment via Asset Tagging: Users can now tag assets in bulk using simple CSV imports and create views and remediate based on service, owners stec
  4. Enhanced Vulnerability Auto-Mapping:Ability to configure rules for TSSA patch catalogs one time. This provides ability to define preferred catalogs per OS version, and auto-map vulnerabilities to multiple catalogs accurately in the cases where multiple patch catalogs have patches for the corresponding vulnerability

 

For any questions or feedback, comment below

Share:|

We've published a new video that demonstrates how to use tags to filter assets and then use those same filters on the Operator Dashboard to launch a Remediation Operation.

See Walkthrough: Using tags to filter remediation targets.

Let us know if you find this video helpful by rating or commenting on this blog post.

Share:|

We've published a new video that demonstrates how to use the Operator Dashboard in SecOps Response to filter network vulnerabilities. The video also shows how to launch a remediation operation that will instruct BMC Network Automation to correct those vulnerabilities.

See Walkthrough: Using BNA to remediate network issues detected in a vulnerability scan.

Let us know if you find this video helpful by rating or commenting on this blog post.

Share:|

We've published a new walkthrough describing how to import tags so they can be used to enrich data associated with assets. The walkthrough also shows how to use tag data to filter information on the Operator Dashboard.

See Walkthrough: Using tags to filter remediation targets.

Let us know if you find this topic helpful by rating or commenting on this blog post.

Share:|

Patches have been available for a bit for Meltdown and Spectre, the "Winter 2017/2018" vulnerabilities so visible that your relatives have likely heard of them, and teenagers are updating their various screens on pain of even slower performance than having a low battery in a 2-year-old iPhone.  (I should know, I have a 1+ year old iPhone that I talk on for several hours a day).

 

Everyone is rapidly tracking and remediating this vulnerability, and I want to show you how easy and fast it is to do with BMC SecOps Response and BSA or SCCM.

 

First, like everyone working in Security, I've got regular vulnerability scans running.  I can pull the latest scan info from my vulnerability scanner, and upload it to SecOps Response.

 

I can run this hands off (auto-importing from Nessus etc., loading from a folder or other source), but I want to spot check this particular scan.

 

 

These vulnerabilities auto-map to patches on load, and I can review them to make sure they're what I want to use.  My hosts are already mapped, but if we scanned something new, auto-map will quickly line them up with the endpoint managers, here BSA, SCCM, or BNA (less a target for this particular vulnerability).

 

Now I go to the Security Dashboard to understand both the overall security view, and that for these specific vulnerabilities.  Here's my overall, showing that I've got some Severity 4/5 vulnerabilities that are getting beyond the SLA: I'd better come back to those when I'm done dealing with this particular issue.

I filter by CVE, put in part of the number to quickly find it, and select them.  I click "Apply Filters" and I'm filtering in seconds.

 

 

The dashboard focuses down to giving me visibility into the state of these specific vulnerabilities.  These vulnerabilities were scanned on a certain date, and now we need to go remediate them.

 

 

 

 

Great, let's flip over to the operator dashboard.   Here we see the discovered vulnerabilities, filtered as they were in the Security dashboard, automatically mapped to remediations in our Patch Catalogs. We can narrow down to the set of servers we want to work on using Server Groups and other filters above, and then click the "Remediate" button to build out the remediation task, automatically create a Change Management Request, etc.:

 

 

We can quickly step through this process to name this particular Operation:

We can also exclude hosts here, schedule the remediation, etc., and track its execution in the dashboard.

 

Here we're going to automatically create and document a change management request, typically one of the more important but tedious steps in doing production changes, which will happen with minimal work on my part.  We can also skip this, or mark it for Emergency Approval, depending on how your particular Change Management workflow works best.

And here's our operation, ready to go once the change approval has been granted and the maintenance window starts:

Once the Remediation runs, we'll see immediate feedback on the security dashboard, as the vulnerabilities move from "Awaiting Attention", through Awaiting Approval, Execution, and our favorite state, Closed.

 

So we get integrated vulnerability imports, automated vulnerability and asset mapping, tightly linked remediation, status reporting back to our Security Operations team via the Security Dashboard, and best of all, vulnerabilities that close without war room marathons, but instead Business As Usual.

 

Share:|

Two new videos demonstrate how to use BMC SecOps Response to remediate vulnerabilities detected in your server environment. The videos are attached to corresponding walkthrough topics. See:

 

Let us know if you find these topics helpful by rating or commenting on this blog post.

Share:|

To use BMC SecOps Response, you must set up on-premise connectors for related products. Here's a new walkthrough and an accompanying video that demonstrates how to onboard a connector for BSA: Walkthrough: Onboarding a connector for BSA - BMC SecOps Response Service

Let us know if you find this topic helpful by rating or commenting on this blog post.

 

Share:|

When vulnerability scans fail to detect a server, that's a blind spot. And blind spots are potential security risks.

A new walkthrough and its accompanying video describe how to use BMC Discovery and BMC SecOps Response to identify blind spots across your computing environment.

See Walkthrough: Using BMC Discovery to detect blind spots and filter for applications.

Let us know if you find this topic helpful by rating or commenting on this blog post.

Share:|

Are you wondering if BMC SecOps Response can help you manage vulnerabilities in a network environment?

We've published some some topics that walk you through the process of using BMC SecOps Response to remediate vulnerabilities detected in a network environment.

One topic describes how to map assets and vulnerabilities in a vulnerability scan to network devices and rules you manage with BNA. The other topic takes you through the process of creating a remediation job to correct vulnerabilities.

 

 

Let us know if you find these topics helpful by rating or commenting on this blog post.

Share:|

Are you just getting familiar with BMC SecOps Response and wondering how the process works?

 

We published some topics that walk you through the process. One topic describes how to map assets and vulnerabilities detected in a vulnerability scan to the servers and remediation content you manage with BSA or SCCM. The other topics take you through the process of creating remediation jobs to correct vulnerabilities.

 

Take a look at these topics:

 

 

Let us know if you find this topic helpful by rating or commenting on this blog post.

Share:|

So, CVE-2017-0144 https://nvd.nist.gov/vuln/detail/CVE-2017-0144, a vulnerability that was identified about two months ago (published Mar 16 2017), is now being widely exploited in the wild, most visibly impacting hospitals in the UK’s National Health Service to the point that they’ve had to redirect incoming patients to other facilities.

This vulnerability is addressed by Microsoft Bulletin MS17-010, which is also included in OS-specific Security Bulletin (roll-ups) SB17-002, SB17-003, SB17-004.  MS17-010 applies to Server 2003 and Server 2008, while SB17-002 applies to Server 2008 R2, SB17-003 applies to Server 2012 R2 and SB17-004 applies to Server 2012 (thanks to Joe Schuler)

 

Part of what makes the vulnerability so serious is that it doesn’t require direct action by the user, simply having the vulnerability and being on the same network as an infected host can expose your system to the ransomware.

 

Wana Decrypt0r screenshot.png

(source: Wikipedia)

 

So, how do we address this using SecOps Response?

 

I imported my latest scan info, then went over to the Operator Dashboard.  Filter by "CVE-2017-0144", and it shows me exactly which systems have this vulnerability detected on, and that the oldest detection is 22 days old (and now in violation of SLA, being a critical vulnerability): 


I scroll down and see all the systems that I can remediate.

 

Click remediate: 

I'm going to deselect one server, but continue with the rest:

Select "Execute Now":

Select some notifications, then hit execute now.


Isn't that easy?