SEPM Outsourcing

•

1 gefällt mir•481 views

Here is a presentation I recently have to the a Midwest security user group on how to manage multiple environments, or clients, with Symantec Endpoint Protection.

Technologie

Agenda
• Goal: Successfully manage endpoint security for
outsourced clients, while minimizing time and resources.

• Requirements / Challenges

• Solutions
– 3 Unique ‘features’ we leveraged.

• Issues

Requirements
1. Single point of:
• Management
• Visibility
• Alerts
• Reporting

2.
2 Neutral from client environments

3. Automatic ticket generation
3 A t ti ti k t ti

Challenges – 1) Independent secure
network, allow client communication

Challenges – 2) Updates to enclave
without Internet connection

Challenges – 3) Clients ability 'go-away'

Solutions – 1) Replication
• Choices: Site Replication vs. GUPs
– GUPs: Can’t manage independent client
admins, won’t centrally collect logs, open
ports.
– Domains vs Groups
vs.

Steps:
1. Verify ‘Additional Site’ in SEPM

2. Edit Properties of Replication

3. Replicate Now

4. Check Log

5. Setup ‘Limited Admin’
p

Issues:
1.
1 SEPM = Same Version
S V i

2. Shut down replication during
upgrade
pg

3. Remember to turn back on

4.
4 Easily ‘Deleted’
Deleted

Solutions – 2) Live Update Server
• C
Challenge:
– Couldn't communicate with Internet.

• Solution:
– Live Update Server on Tier 3 with
Internet connectivity
– Pushes out to 'Distribution share'
on a server within the Secure
Enclave (use for 4th box!).

LUA Issues

1. Postgres.exe 100%

2. Troubleshooting def’s (3-4
2 T bl h ti d f’ (3 4
spots)

3. Patch s
3 Patch’s more difficult

4. 12/31 disaster

5. No ‘delta’ benefit

Solutions – 3) Ticket Automation
• Challenge:
– No ‘flip switch’ options to escalate alerts.
– L
Laughed at for not having SEM/SIM solution.
h d tf th i l ti
• Solution:
– Syslog server
– Remedy server reads Syslog

Steps:
1. Configure ‘External Logging’

2. Point to Syslog server IP/port
o t Sys og se e /po t

3. SLOWLY turn on Log Filters

4.
4 Request tickets be pulled

5. Verified ticket generation

6. Solid Security Incident Response
Process in place.

Other Issues
• Firewall Change Requests = > 80% of time

• Client P k
Cli t Packages sometimes h ld ‘
ti held ‘master’ SEPM
t ’
in Sylink.xml file.
• Opened ticket – Due to TS installation.

• Use CD Package with custom Sylink

Weitere ähnliche Inhalte

Andere mochten auch

Learning from Web Activity

jakehofman

如何提升产品体验与设计品质,兼谈价值体现与个人成长

Lavi

11강 기업교육론 20110518

조현경

Market research process

Ho Cao Viet

English astronomie21

filipj2000

Chapter 1 market & marketing

Ho Cao Viet

Data-driven modeling: Lecture 01

jakehofman

Death

wolfkenobi

Ubuntu žaliems

sirexas

Introduction to Steens Furniture

Steens Furniture

Perpres12 1961 tugas belajar

Rubby Anzela

Aiguilledu midiengelseversie

filipj2000

1강 기업교육론 20110302

조현경

Abctest

rupamb

Gen Y and Connected Consumers – A Study of their Opinion Management in Social...

Mou Mukherjee-Das

Fascinating....... mother russia

filipj2000

CFA presentation

aboorva

賽後心得分享

jenyjeny

A New Wave of Tobacco Products, April 2011 Update

Maine Public Health Association Tobacco Policy Subcommittee and Friends of the FHM

Proceeding aciar beefcattle_ias team_jan_2014

Ho Cao Viet

Andere mochten auch (20)

Learning from Web Activity

如何提升产品体验与设计品质,兼谈价值体现与个人成长

11강 기업교육론 20110518

Market research process

English astronomie21

Chapter 1 market & marketing

Data-driven modeling: Lecture 01

Death

Ubuntu žaliems

Introduction to Steens Furniture

Perpres12 1961 tugas belajar

Aiguilledu midiengelseversie

1강 기업교육론 20110302

Abctest

Gen Y and Connected Consumers – A Study of their Opinion Management in Social...

Fascinating....... mother russia

CFA presentation

賽後心得分享

A New Wave of Tobacco Products, April 2011 Update

Proceeding aciar beefcattle_ias team_jan_2014

Ähnlich wie SEPM Outsourcing

ISACA Scholarship Competition.pptx

Junho Lee

Free OpManager training Part 4 - Fault Management and IT automation

ManageEngine, Zoho Corporation

Free OpManager training Part 4 - Monitoring Network Performance and Network Maps

ManageEngine, Zoho Corporation

Top 10 Causes for Java Issues in Production and What to Do When Things Go Wrong JavaOne 2010. Abstract: It's Friday evening and you hear the first rumble . . . one java node has become slightly unresponsive. You lookup the process, get a thread dump, and for good measure restart it at 8 p.m. Saturday afternoon is when you realize that other nodes have caught the flu and you get the ugly call from the customer. In a matter of hours, you're on that conference bridge with support groups of different packages and Java vendors and one of your uberarchitects. Yes, production instances are up and down, and restarting like there's no tomorrow. Here's an accumulated compendium of the op 10 things that can cause Java production heartburn and what to do when your Java production is on fire. And yes, please have your tools belt on. Speaker(s): Cliff Click, Azul Systems, Distinguished Engineer SriSatish Ambati, Azul Systems, Performance Engineer

JavaOne 2010: Top 10 Causes for Java Issues in Production and What to Do When...

srisatish ambati

SNMP Demystified Part-II

ManageEngine

engage 2015 - IBM Notes Traveler Daily Business

René Winkelmeyer

Curious about how to make your IBM Connections environment run smoothly while reducing support effort? Need help debugging and getting to the core of some Connections challenges? Join Nico to find out how to resolve common issues, and learn troubleshooting basics and other useful knowledge to ensure an efficient Connections on-premises environment. Level up your debugging skills while learning more about back-end topics such as IBM Cloud Private, Db2, TDI, SSO, Directory and integrations like Docs, CCM, Cognos and FEB. He'll also cover the new PINK features like Orient Me, Metrics and Customizer. Walk away with Connections best-practice tips and tricks to help you provide steady and efficient social capabilities!

IBM Think 2018 - IBM Connections Troubleshooting

Nico Meisenzahl

Valgrind tutorial

Satabdi Das

Case Study of the Unexplained

shannomc

CIRCUIT 2015 - Monitoring AEM

ICF CIRCUIT

[Season - 3 OpManager Training] Monitoring Network Performance

ManageEngine, Zoho Corporation

This presentation, based on a real penetration test, examines vulnerabilities in Excel export that often feature in web applications. It shows how the flaw can result in operating system commands being run on the victim user’s machine, and in this case how Windows domain credentials could be targeted. The underlying technique is not new but due to the unusual conditions of the test, several practical points are covered on the extra work that was required to grab the hash and crack it, which ultimately led to a bug discovered in the popular password cracking tool “hashcat”. This part of the talk was largely based on a blog post earlier this year. The presentation then goes on to discuss opportunities for refining the original Excel export attack in terms of reducing the number of warnings issued by Excel when it runs spreadsheets with suspicious content.

BSides MCR 2016: From CSV to CMD to qwerty

Jerome Smith

This material is presented on CUFP 2013. Functional programming is already an established technology is many areas. However, the lack of skilled developers has been a challenging hurdle in the adoption of such languages. It is easy for an inexperienced programmer to fall into the many traps of functional programming, resulting in a loss of productivity and bad software quality. Resource leaks caused by Haskell's lazy evaluation, for instance, are only the tip of the iceberg. Knowledge sharing and a mature tool-assisted development process are ways to avoid such pitfalls. At GREE, one of the largest mobile gaming companies, we use Haskell and Scala to develop major components of our platform, such as a distributed NoSQL solution, or an image storage infrastructure. However, only 11 programmers use functional programming on their daily task. In this talk, we will describe some unexpected functional programming issues we ran into, how we solved them and how we hope to avoid them in the future. We have developed a system testing framework to enhance regression testing, spent lots of time documenting pitfalls and introduced technical reviews. Recently, we even started holding lunchtime presentations about functional programming in order to attract beginners and prevent them from falling into the same traps.

Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...

gree_tech

Ch5 process synchronization

Welly Dian Astika

What the Heck Just Happened?

Ken Evans

Implementing Data-Driven Networking has significant challenges if we are going to successfully acquire the wealth of data available, and subsequently distribute this data to intelligent systems. During this presentation Andrew will discuss some of the challenges the network operating model has faced in the past and how he believes OpenDaylight can bring about changes in the way we think about managing networks. In the talk Andrew will present some additions to MD-SAL, through which OpenDaylight can be used to acquire data from devices and distribute it to multiple systems

DEVNET-1164 Using OpenDaylight for Notification Driven Workflows

Cisco DevNet

The Dynamic Analyzer in Tizen SDK, helps the developers to improve the performance and stability of their application easily. With the following demo, you can find the bottleneck point, unstable usage of memory, file, thread, network, openGL and functions of application and library. Some of them are done by automatically and some are by manually but easily. With the debugger, you must pause the application at a certain point to analyze, and it is still hard to get statistical and analytic information. This tool will resolve these regret, and make yourselves experience wider view of application analysis. For the more, this tool have the potential to add more applicable ideas of analysis.

How to improve your Tizen native program

Ryo Jin

ISBG 2015 - Challenge accepted: IBM Cloud onboarding & Upgrades to IBM Notes ...

Christoph Adler

Green Code Lab Challenge 2015 Subject Details

Olivier Philippot

Silicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel

Daniel Coupal

Ähnlich wie SEPM Outsourcing (20)

ISACA Scholarship Competition.pptx

Free OpManager training Part 4 - Fault Management and IT automation

Free OpManager training Part 4 - Monitoring Network Performance and Network Maps

JavaOne 2010: Top 10 Causes for Java Issues in Production and What to Do When...

SNMP Demystified Part-II

engage 2015 - IBM Notes Traveler Daily Business

IBM Think 2018 - IBM Connections Troubleshooting

Valgrind tutorial

Case Study of the Unexplained

CIRCUIT 2015 - Monitoring AEM

[Season - 3 OpManager Training] Monitoring Network Performance

BSides MCR 2016: From CSV to CMD to qwerty

Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...

Ch5 process synchronization

What the Heck Just Happened?

DEVNET-1164 Using OpenDaylight for Notification Driven Workflows

How to improve your Tizen native program

ISBG 2015 - Challenge accepted: IBM Cloud onboarding & Upgrades to IBM Notes ...

Green Code Lab Challenge 2015 Subject Details

Silicon Valley Code Camp 2015 - Advanced MongoDB - The Sequel

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

MINDCTI Revenue Release Quarter One 2024

MIND CTI

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Kürzlich hochgeladen (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Six Myths about Ontologies: The Basics of Formal Ontology

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Understanding the FAA Part 107 License ..

AWS Community Day CPH - Three problems of Terraform

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

DBX First Quarter 2024 Investor Presentation

Vector Search -An Introduction in Oracle Database 23ai.pptx

MINDCTI Revenue Release Quarter One 2024

FWD Group - Insurer Innovation Award 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Introduction to Multilingual Retrieval Augmented Generation (RAG)

WSO2's API Vision: Unifying Control, Empowering Developers

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

SEPM Outsourcing

1. Outsourcing SEPM Tony Asher

2. Agenda • Goal: Successfully manage endpoint security for outsourced clients, while minimizing time and resources. • Requirements / Challenges • Solutions – 3 Unique ‘features’ we leveraged. • Issues

3. Requirements 1. Single point of: • Management • Visibility • Alerts • Reporting 2. 2 Neutral from client environments 3. Automatic ticket generation 3 A t ti ti k t ti

4. Challenges – 1) Independent secure network, allow client communication

5. Challenges – 1) Independent secure network, allow client communication

6. Challenges – 2) Updates to enclave without Internet connection

7. Challenges – 2) Updates to enclave without Internet connection

8. Challenges – 3) Clients ability 'go-away'

9. Challenges – 4) Ticket generation

10. Steps Towards Solutions

11. Solutions – 1) Replication • Choices: Site Replication vs. GUPs – GUPs: Can’t manage independent client admins, won’t centrally collect logs, open ports. – Domains vs Groups vs.

12. Replication Process

13. Replication Process (cont.)

14. Replication Process (cont.)

15. Steps: 1. Verify ‘Additional Site’ in SEPM 2. Edit Properties of Replication 3. Replicate Now 4. Check Log 5. Setup ‘Limited Admin’ p

16. Edit Replication Properties

17. Issues: 1. 1 SEPM = Same Version S V i 2. Shut down replication during upgrade pg 3. Remember to turn back on 4. 4 Easily ‘Deleted’ Deleted

18. Solutions – 2) Live Update Server • C Challenge: – Couldn't communicate with Internet. • Solution: – Live Update Server on Tier 3 with Internet connectivity – Pushes out to 'Distribution share' on a server within the Secure Enclave (use for 4th box!).

19. LUA = Def Pusher

20. Live Update Server

21. Live Update Server (cont.)

22. Live Update Server (cont.)

23. Live Update Server (cont.)

24. LUA Issues 1. Postgres.exe 100% 2. Troubleshooting def’s (3-4 2 T bl h ti d f’ (3 4 spots) 3. Patch s 3 Patch’s more difficult 4. 12/31 disaster 5. No ‘delta’ benefit

25. Solutions – 3) Ticket Automation • Challenge: – No ‘flip switch’ options to escalate alerts. – L Laughed at for not having SEM/SIM solution. h d tf th i l ti • Solution: – Syslog server – Remedy server reads Syslog

26. Steps: 1. Configure ‘External Logging’ 2. Point to Syslog server IP/port o t Sys og se e /po t 3. SLOWLY turn on Log Filters 4. 4 Request tickets be pulled 5. Verified ticket generation 6. Solid Security Incident Response Process in place.

27. External Logging - Config

28. External Logging Ticket

29. Other Issues • Firewall Change Requests = > 80% of time • Client P k Cli t Packages sometimes h ld ‘ ti held ‘master’ SEPM t ’ in Sylink.xml file. • Opened ticket – Due to TS installation. • Use CD Package with custom Sylink

30. Sylink Issue

31. Sylink Issue

32. Resources: Exclusion Process

33. Resources: Exclusion Form

SEPM Outsourcing

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie SEPM Outsourcing

Ähnlich wie SEPM Outsourcing (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

SEPM Outsourcing