A few months back I wrote a paper for my employer, Foundstone, on how we used the Foundstone software product (previously called "Foundscan," now known as "Foundstone Enterprise) when doing incident response. We found that after collecting IR data (not before, as some advocate) we could determine if the remediation action we recommended would be worthwhile. It's no use discovering an intruder has gained access via an unpatched IIS vulnerability if the organization also runs unpatched versions of OpenSSH! This whitepaper describes how best to use vulnerability assessment products to assist incident response actions. I apologize for the small font -- Foundstone's marketing people love tiny letters...
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar