Webinar: SecOps for Automated Compliance and Security Remediation
Security and IT operations teams must work together to keep modern data centers compliant and secure, but their efforts are often crippled by disparate toolsets, misaligned workflows, and competing priorities. It’s time for that to change, time to embrace real security remediation.
Join Mehul Revankar, SaltStack Sr. Product Manager, and Kendall Lovett, SaltStack Sr. Product Marketing Manager, as they discuss SaltStack SecOps, a powerful solution that harnesses SaltStack’s event-driven automation technology to deliver full-service, closed-loop automation for IT system compliance and security.
With SaltStack SecOps, security professionals and IT operations teams can work together to define a compliance policy, scan all systems against it, detect issues, and actively remediate them—all from a single platform.
Security automation for remediation
Says Mehul Revankar: “It’s very common for a security team to run a weekly or monthly scan and create a list of hundreds of thousands of vulnerabilities and compliance violations and create a massive spreadsheet that’s handed off to the operations team to fix. Then the operations team will take that report and create manual scripts and batch processes–that process could take days or weeks and by the time they fix all the issues that were identified, the last scan is out of date.
“Organizations now don’t have the liberty to sit on patches. Gartner says the average time to exploit a vulnerability has gone down from 45 to 3 days. The only way to deal with this at scale is with some level of automation.” SaltStack SecOps is first and foremost about security remediation through automation.
“A lot of tools can assess vulnerabilities,” Revankar continues, “but they don’t actually help you remediate. It’s almost like telling you, ‘hey, your house is on fire’ but they don’t actually give you a hose to put out that fire. A second group of vendors we analyzed has a framework where you can assess and remediate vulnerabilities, but they don’t provide any context.”