• Home
  • >
  • DevOps
  • >
  • SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology 2022

SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology in today’s post !

Read more about SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology at Wikipedia

You can find content about SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology from the Wikipedia website

SaltStack wants to save operations folk from “audit hell.”

A new feature of the company’s flagship configuration management software Saltstack Enterprise will include capabilities for auditing and instant remediation of configuration errors and vulnerabilities.

SaltStack debuted SaltStack SecOps, which will become generally available early next year, at the company’s annual user conference, SaltConf18, being held in Salt Lake City this week.

The feature came about as a result of getting a lot of questions from users about how to extend the Salt configuration management software to also encompass security, noted Alex Peay, SaltStack vice president of product.

An increasing number of organizations have been using scanning assessment tools from security providers. Such tools typically can scan a set of machines to ensure they are configured correctly, and issue a report listing the machines that failed the audit, and what the specific issues are. An incorrectly configured machine can offer malicious attackers and entry point to do damage.

“We approach this problem differently than all the other assessment tools out there,” Peay said, noting that it takes advantage of Salt’s complex targeting capabilities to offer a fully automated discovery and instant remediation service, a first for both configuration management and security compliance software.

Read More:   Update MapR: How Next-Gen Applications Will Change the Way We Look at Data

While existing services from the security companies can help in meeting external or internal security and compliance requirements, they pose a challenge for operations teams, who must fix the troubled computers after a scan and rerun the scan, Peay explained. Sometimes the machine can be fixed through a tool such as SaltStack’s, or by manual scripts. But the task of moving the list of issues into a remediation process is a manual — and time-consuming — one.

“It leads to a lot of late nights and weekends,” said Peay. And for an organization moving to an automated DevOps process, remediation can be a serious bottleneck.

SaltStack automates the process of discovery and remediation. The software can check thousands of machines, and, if configuration errors are found, immediately fix them. Or, it can generate a report, allowing the administrator to set a time to fix them (during off-hours, for instance).

Initially, SaltStack will use desired configuration settings from the Center for Information Security (CIS), the U.S. Defense Information Agency’s Security Technical Implementation Guides (DISA STIGS), and the National Institute of Standards and Technology (NIST). Such guides have thousands of checks for operating systems, ranging from shutting down a telnet port to defining settings that guide user access permissions. Users can also define their own checks, and use a mixture of external and internal compliance checklists.

Such a remediation service can be easily executed by Salt Minions, the agents installed on each Salt-controlled machine. The service will initially support most widely used Linux and Unix distributions, as well as recent editions of Windows. The configurations will be managed in-house and kept on a public repository (likely GitHub).

Read More:   How the SRE Experience Is Changing with Cloud Native – InApps 2022

Initially, SaltStack SecOps will focus on configuration settings, though over time it may include other security needs, such as patch management and vulnerability remediation, Peay said.

List of Keywords users find our article on Google:

internal auditing
hospitality technology salt lake city, ut
wso2 api manager
jenkins security scanner
wso2 linux
wso2 api management
security compliance news
saltstack secops
wso2 api manager pricing
configuration and compliance management
salt github
scanning wikipedia
wso2 api manager install
windows 10 stigs
wikipedia scanner
disa global solutions jobs
check your branch permissions configuration with the project administrator
windows stigs
defense information systems agency jobs

Source: InApps.net

Rate this post
Content writer

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...