The Operations Stack for Vulnerability Management

The Problem

A major multi-national firm with tens of thousands of physical and virtual server instances running hundreds of applications on multiple operating systems and versions across two data centers, multiple in-office labs and server rooms, and multiple public clouds was unable to patch or make security configuration changes across its entire estate. The system administration team relied on SCCM plus AD Group Policy Objects to support multiple versions of Windows-based servers; puppet with shell scripts were used for the Linux servers. On a month-over-month basis, the number of detected vulnerabilities increased by the thousands, despite requiring dozens of labor-intensive over-night and weekend patch windows every month. An emergency patch to address a zero-day vulnerability took over 6 months to be deployed to 100% of servers — both a significant risk and a compliance violation that had to be disclosed to clients and regulators.

Among the challenges that needed to be addressed were:

The Solution

There was no single product that could address the vulnerability backlog and keep this increasingly complex server-estate current on patches and security configuration. Careful analysis and lab testing led to the prototype for the Operations Stack for Vulnerability Management, consisting of:

The Result

Once implemented, the results were easily measured — with many of those metrics coming directly from the stack‚Äôs log analytics system.