Health Care Supplies Industry case: Improve and Automate Several Security Aspects.
1 – Server updates
Setup
- Current state assessment and reporting of all Servers
- Deployment of a new Azure Automation instance for Client X
- Definition of Patch Management Process (Includes all steps from initial gap reporting until prod final deploy or rollback)
- Rollout of update management agents
Operations
- Evaluate existing vulnerabilities, patches and KB releases and evaluate for incompatibility with the Client X environment
- Evaluate newly documented vulnerabilities, patches and KB releases and evaluate for incompatibility with the Client X environment
- Identify and Evaluate existing and new Day Zero vulnerabilities and patches as documented in Microsoft Security communications, patch description or other communications.
- Deploying the patches within 10 days after Client X formal approval
- Participate on patch update cycle meeting
- Prepare environment protections pre-deployment
- Deploy patches accordingly to process definition
- Post deploy steps
- Troubleshoot up to OS level when necessary
- Troubleshoot up to Product when necessary (depending on product documentation)
- Reporting
Example Reports
2 – Automation of the remediation for the following vulnerabilities through scripts or GPO’s:
- Install Microsoft Patches required to remediate EternalBlue and BlueKeep immediately. Ensure computers are restarted after the patch is installed.*
- Disable Server Message Block version 1 (SMBv1) on all machines.
- Patch all machines, applications, and services ensuring all security updates are installed. This includes Windows, Linux, Cisco devices, JBoss instances, and VMWare Esxi instances. Ensure patched machines are restarted so the updates take effect.
- Disable SSL 2.0 and 3.0 and ensure all SSL Certificates are valid and using ciphers of acceptable strength.
- Disable SSHv1, and ensure weak ciphers are disabled on SSH instances.
- Disable SNMP if it is not used or change the default community string.
Example Reports
Through automation, all new servers and new computers that join the domain are updated and secured. Even though, for testing purposes, some protocols are manually enabled, within the next hour all best practices are reinforced.
Live dashboards and reports on PowerBI enable a live holistic assessment of the environment.
