2 hours 35 minutes
Hi and welcome back to lesson 2.3. We're gonna be talking about ticketing and tracking software as relates to vulnerability management.
All right, so in this video, we are gonna learn about how ticketing and tracking software can be used to aid in vulnerability management how important it can be to use that tracking software and then how to create effective work flows for vulnerability management.
So what? We're tracking vulnerabilities. First, we need to identify them. So let's figure out what we've got. We've talked about this. We need it. We need to know what we've got before we can go on to anything else on and whether that data comes from security, Skinner's or code reviews. We can take all that information and figure out what we've got.
Second, we've gotta add it to the ticketing software. So what software do we have? That's a great way to manage it where we're using CM practices, configuration management practices. Look at the software that we have. We can add it to our software so we can say you know what? I've got installed this patch, this one, this one so we can keep track
of what we're doing and how we're doing it.
And then third, we can make sure that it sent to the appropriate teams. And that's where we're gonna talk a little bit about work flows, but making sure that the right teams air involved you're having I t You're having security. You're having CM you're having leadership all of these people involved. So that way you know what needs to be remediated and when,
so you can use anything from excel SharePoint gear a service. Now there's a ton of tools out there that you can use to track this stuff and to create work flows. Um, you know, depending on your maturity model,
you might be using something like euro or service. Now, our SharePoint, there's a lot of great workflow tools out there that you can use to help. You kind of keep track of what you're doing
on. I think having that tracking really makes the difference in being able to understand
what you're doing and why, you know, looking at all those If you look at your historical data, once you've got it all in there, you can say, Why are we doing this this way? Maybe we can do things better. Um, so all having all that information can help you to improve vulnerability management.
So how would we know what's being remediated if we're not tracking it? You know, if we just have it in someone's head, that they're patching all this stuff, but we don't actually know on. We're running. Security scans were like, Hey, you know what? I'm seeing this one patch missing from several months ago or even a year ago. Why didn't get patched? If we don't have any documentation, how would we know
why I got missed? Maybe, You know, maybe it was an accident. Or maybe there were other things going on
that it didn't get patched. But how would we know? So, having that tracking really helps us to keep organized and know what we're doing,
um, it's another way to keep all teams involved in vulnerability management. You know, it is just a way to get everybody involved across the organization s so people understand what's going on in the environment.
So once we see that the vulnerabilities remediated, then the security team can go through, run a scan and verify it's a really easy way to be able to make sure that your vulnerabilities remediated. I've had experience before where I was the I t admin and also running the scans on my environment, which made it really easy for me because
I could go in, install the patches on my death box,
run the security skin against that death box, verify the vulnerability was remediated and then apply to production. So having that access can really help to speed up the remediation effort.
Um, and that streamlines your process, improve speed. All of those things. All good things from tracking vulnerabilities.
So effective work flows. So we're talking about a workflow. We want to make sure that each step along the way people are identified, we're putting in the right information to try to help this process. So
we've got our ticket. We got our vulnerability or are affected software.
So that way, then you know executive leadership can step in and say, Yeah, good to go. Or they can delegate that to someone else and say, You know what? I trust what you guys are doing. Do what you need to dio I don't want to be involved. Go for it so they can delegate and put somebody else in charge of that effort.
So systems are identified. Teams can be notified within that workflow. You know, say hey, at each step, you need to let I t know Are you need to let the security team no. Or the sock? No, or whoever they need to be involved on. Now, each team may have their own step or task
within that ticket that they can say, OK, I've completed this task. Now security can go on a run that scan
on, and then you can keep track of testing and patching before deployment to production. So you could add a task in there that says yes, I have tested this against the systems and verify and functionality before moving on to production.
And then after each team has completed their piece, you can send it back to the security team. They'll run their scans, will do their verification, Um, and then, if more work is needed, uh, you know, I've seen Inspector Meltdown before where someone thought they put the right registry key in Turns out it was the wrong number. Had to go back and say,
no, we got to go back. Change this registry. He let me know, and I'll re scan. So it's
all of that loop. Keeping everybody in the loop is so important.
So in today's video,
we talked about what vulnerability tracking is relevant software, everything that you can use to kind of help with vulnerability. Tracking,
Um, and why it's so important to track goes on voter vulnerabilities can help us speed up that process. Keep historical data so we can continue to improve our practices.
And then how to create an effective workflow for tracking those vulnerabilities.
Ah, here, my references. I'll see you guys in the next lesson.
Offensive Penetration Testing
The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing ...
22 CEU/CPE Hours Available
Certificate of Completion Offered
The CompTIA Security+ SY0-501 certification course helps you develop your competency in topics such as ...
46 CEU/CPE Hours Available
Certificate of Completion Offered