2 hours 35 minutes
All right. Welcome, Teoh lesson 4.4. We're gonna talk about automating tasks as it relates to vulnerability management.
So in this video, you're gonna learn about how to automate vulnerability, skinning reporting. We touched on it a little bit in some of the earlier lessons, but we're going to really dive in here and talking about automating security tasks and threat identification as much as we can. Automation will help, uh, you know, lower our
amount that we're using a resource is and make things a lot easier
using documentation of scripts to help with turnover on takeaways for executive leadership.
So scanning and reporting, uh, creating scheduled scans for the systems. You know, that's pretty standard practice daily weekly, whatever you need, but then making sure that you're adding those custom reports to those scans
because just because we have a scan running, that's great. But who's looking at the information? So we need to make sure that we have those custom reports added to those scans.
Eso we could make sure that we're identifying system owners. It's does anyone that might need to know this information eso making sure we create those custom reports and automate those whether they want them weekly, monthly, whatever the reporting requirements are but making sure they have those you know when they need them
on. And then again running those Discovery scans
and keep keep track of new system and changes. You can have reporting to that to Teoh. Send you a daily reporting say hate. Are there any new systems online? Did anything change? What's going on? Eso having those automated reports again for those Discovery scans can save you a ton of time.
having this automation and this kind of runs through each of these slides. But this leaves more time to research vulnerabilities and emerging threats. So as much as you automate, it's what it's really doing is giving your security team the opportunity to continue maturing your vulnerability management practice,
looking at emerging threats, adding that threat until looking at all these things.
Um, well, really just help to mature your practice.
Okay, so security test. We're talking about automating security task. Create a program that alert you for malicious file detection and I p traffic. You should have some sort of script or something running that can really just tell you what's going on Or if you're using a tool like McAfee or fire eyes something like that,
make sure you're getting those alerts. Process those alerts. Really Look at them,
Um, and make sure you're getting relevant information that helps to That'll cut down on looking at false positives, looking at things that you don't really need to see
on a meeting of learning from your security systems server or APP availability. So let's say you know you're using, um,
you have your sin. Maybe your sims having a problem? Well, I want to be alerted on that immediately. I want to know if there's a problem with it. If my security scanner is down something like that, I want to be alerted. So I know I don't have to log into a bunch of different things. I can just know what's going on in my environment
and then creating daily weekly monthly alerts for vulnerabilities.
This is it's gonna depend on who these reports are going to, you know, an eso might only want a monthly report if they're only doing monthly kind of assessments or looking at things monthly. But if, uh, let's say you're the actual engineer, or maybe you're the sys admin who is actually working on this? Maybe you want a weekly report, Maybe you want to see Monday morning. All right.
What? What? Vulnerabilities. Air still hanging out. What do I need to work on this week?
Ah, that's a good way to kind of get an idea of what's still left in the system.
Um, so it's working with the i t team. Get weekly patchy reports that really helps to identify what's left over what's still an issue. So that way we can prioritise and re mediate
You know, I said, automate all the things script, all the things all made, all the things use whatever tools you have at your disposal. If you're doing a task more than once, you really should be scripting it. Um,
that will help cut down on the amount of time that you're spending doing the same thing over and over and over again. Uh, and then comment the scripts.
You know, if you have high turnover us sometimes we see that and helped ask right t. Um, you can have turnover and when even when a critical are really important person leaves and you have a bunch of scripts if you don't know what they are and what they do, where the running, uh, it can make it really difficult to continue that automation.
So having that documentation, having those comments really helps you understand what those scripts are on with. Therefore, on documenting your security infrastructure. Who, what, where, when, Why This is really important for executive leadership because as you have turnovers, you have new people coming in. If you have the documentation and you keep it updated,
uh, it will really help when you're hiring new people to say, Hey, here's all the documentation you can review it, you know, Day one.
Ah, and you're ready to go, um, without needing too much hand holding,
Uh, so for executive leadership,
encourage our teams security teams to create and maintain the documentation creating the documentation of Step one. But we got to make sure that we maintain it because I'm gonna have more people coming in. I want to make sure that they know what's going on in the environment and that it's updated.
Um, as for weekly reports on vulnerabilities, you know, I brought this up in previous lessons, and it's really important to know what's going on in the environment, create milestones and motivate teams to automate tasks. You may be created. Say, Hey, if you automate five tasks this month, you know, um, we'll take you out for happy hour. Or,
you know, here's the $25 Amazon gift card or something like that, you know, to help to motivate teams to automate tasks.
Ah, and when they're automating tasks, chances are that leaves them more time to dio research, training, uh, getting familiar with new technology. Get them up to snuff on cloud security. Eso it really encourage them to automate things. So that way they can continue learning more new and interesting things.
Andan, of course, Hire I T and security personnel was scripting automation skills or teach them. Teach them how to automate, too, if you have great people, but they don't quite know how, send them to training, have them learn how to automate so that they can help you in your environment.
So in today's video, we talked about how to automate vulnerability, skating and reporting and why it's so important. We talked about how to automate security tasks to improve efficiency.
Why scripting a documentation so important, especially if you have high turnover or you have positions that are really crucial, that you need to make sure you have documentation for,
and then how executives can motivate employees to automate tasks.
So it's the end of the lesson. I will see you in the next one.