Business Security Weekly (Audio) Say Easy, Do Hard, Minimum Viable Security - Part 2 - Jon Fredrickson - BSW Vault
10 snips
Dec 30, 2024 Jon Fredrickson, former Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, dives deep into minimum viable security strategies amidst tight budgets. He sheds light on essential areas like asset and patch management, emphasizing their critical roles in fortifying security systems. The conversation navigates the complexities of securing cloud environments and the integration of backup strategies against ransomware threats. Furthermore, it explores the impact of risk management tools like ServiceNow, highlighting their evolution and importance in modern cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
ServiceNow As The Asset Hub
- ServiceNow as a CMDB becomes powerful when integrated with discovery tools like Qualys to create a proactive asset inventory.
- Mapping relationships (parent-child, virtual, APIs) in ServiceNow reveals business impact and supports faster incident response.
Feed Scanners Into Your CMDB
- Use vulnerability scanners (Qualys, Rapid7, RunZero) to feed unknown assets into your CMDB and trigger investigation workflows.
- Build automated workflows so discovered assets create tickets and prompt human verification and remediation.
Patching Goes Beyond Endpoints
- OS patching often lives in platform-native tools like SCCM for Windows and yum for Linux rather than in VM-focused scanners.
- Patch management must extend to virtualization and firmware, which are often neglected but critical layers.