Peb muaj ib tug loj 4th ntawm lub Xya hli ntuj . Niaj hnub no peb tab tom tshaj tawm cov ntawv sau tseg ntawm kev hais lus ntawm Andrey Novikov los ntawm Qualys. Nws yuav qhia koj txog cov kauj ruam uas koj yuav tsum tau ua los tsim kom muaj kev tswj hwm kev ua haujlwm tsis zoo. Spoiler: peb tsuas yog mus txog ib nrab ntawm qhov taw tes ua ntej scanning.
Kauj Ruam 1: Txiav txim siab txog qib kev loj hlob ntawm koj cov txheej txheem tswj qhov tsis zoo
Thaum pib, koj yuav tsum nkag siab tias theem twg koj lub koom haum nyob rau hauv cov nqe lus ntawm kev loj hlob ntawm nws cov txheej txheem tswj qhov tsis zoo. Tsuas yog tom qab qhov no koj tuaj yeem nkag siab tias yuav tsiv mus nyob qhov twg thiab cov kauj ruam twg yuav tsum tau ua. Ua ntej pib ntawm kev soj ntsuam thiab lwm yam dej num, cov koom haum yuav tsum ua qee yam haujlwm sab hauv kom nkag siab tias koj cov txheej txheem tam sim no raug teeb tsa li cas los ntawm IT thiab cov ntaub ntawv kev nyab xeeb.
Sim teb cov lus nug yooj yim:
- Koj puas muaj cov txheej txheem rau cov khoom muag thiab kev faib khoom vaj khoom tsev;
- Yuav ua li cas tsis tu ncua IT infrastructure scanned thiab yog tag nrho cov infrastructure them, koj puas pom tag nrho cov duab;
- Puas yog koj cov kev pabcuam IT raug saib xyuas?
- Puas yog ib qho KPIs tau siv hauv koj cov txheej txheem thiab koj nkag siab li cas tias lawv tau ntsib;
- Puas yog tag nrho cov txheej txheem no tau sau tseg?
Kauj Ruam 2: Xyuas kom tag nrho Infrastructure Coverage
Koj tsis tuaj yeem tiv thaiv yam koj tsis paub txog. Yog tias koj tsis muaj daim duab tiav ntawm koj qhov IT infrastructure yog ua los ntawm, koj yuav tsis muaj peev xwm tiv thaiv nws. Niaj hnub nimno infrastructure yog complex thiab tas li hloov ntau thiab zoo.
Tam sim no IT infrastructure tsis yog tsuas yog nyob rau hauv ib pawg ntawm classic technologies (chaw ua hauj lwm, servers, virtual machines), tab sis kuj nyob rau hauv kuj tshiab - ntim, microservices. Cov ntaub ntawv kev ruaj ntseg cov ntaub ntawv tau khiav tawm ntawm qhov kawg hauv txhua txoj hauv kev, vim nws nyuaj heev rau nws ua haujlwm nrog lawv siv cov cuab yeej uas twb muaj lawm, uas feem ntau muaj cov scanners. Qhov teeb meem yog tias ib qho scanner tsis tuaj yeem npog tag nrho cov txheej txheem. Txhawm rau kom lub scanner ncav cuag ib qho ntawm cov txheej txheem, ntau yam yuav tsum sib koom ua ke. Cov cuab tam yuav tsum nyob rau hauv lub koom haum lub cheeb tsam thaum lub sij hawm scanning. Lub scanner yuav tsum muaj lub network nkag mus rau cov cuab tam thiab lawv cov account txhawm rau sau cov ntaub ntawv tiav.
Raws li peb cov ntaub ntawv txheeb cais, thaum nws los txog rau cov koom haum nruab nrab lossis loj, kwv yees li 15-20% ntawm cov txheej txheem tsis raug ntes los ntawm lub scanner rau ib qho laj thawj lossis lwm qhov: cov cuab yeej cuab tam tau txav mus dhau ntawm ib puag ncig lossis tsis tau tshwm sim hauv chaw ua haujlwm txhua. Piv txwv li, lub laptop ntawm tus neeg ua haujlwm uas ua haujlwm nyob deb tab sis tseem muaj kev nkag mus rau cov tuam txhab network, lossis cov cuab yeej cuab tam nyob hauv cov kev pabcuam huab sab nraud xws li Amazon. Thiab tus scanner, feem ntau yuav, yuav tsis paub dab tsi txog cov cuab tam no, vim lawv nyob sab nraum nws qhov pom kev.
Txhawm rau npog tag nrho cov txheej txheem, koj yuav tsum siv tsis tau tsuas yog scanners, tab sis tag nrho cov sensors, suav nrog kev mloog xov tooj cua nkag mus los txhawm rau txheeb xyuas cov cuab yeej tshiab hauv koj cov txheej txheem, tus neeg saib xyuas cov ntaub ntawv sau cov txheej txheem kom tau txais cov ntaub ntawv - tso cai rau koj kom tau txais cov ntaub ntawv online, tsis muaj. qhov xav tau rau scanning, tsis muaj qhov tseem ceeb ntawm daim ntawv pov thawj.
Kauj Ruam 3: Categorize cov cuab tam
Tsis yog txhua yam khoom muaj nqis tsim muaj sib npaug. Nws yog koj txoj haujlwm los txiav txim siab yam khoom twg tseem ceeb thiab yam tsis yog. Tsis muaj cuab yeej, zoo li lub scanner, yuav ua qhov no rau koj. Qhov zoo tshaj plaws, cov ntaub ntawv kev ruaj ntseg, IT thiab kev lag luam ua haujlwm ua ke los txheeb xyuas cov txheej txheem los txheeb xyuas cov kev lag luam tseem ceeb. Rau lawv, lawv txiav txim siab qhov kev ntsuas pom zoo rau kev muaj, kev ncaj ncees, tsis pub lwm tus paub, RTO / RPO, thiab lwm yam.
Qhov no yuav pab koj ua qhov tseem ceeb ntawm koj txoj kev tswj hwm qhov tsis zoo. Thaum koj cov kws tshaj lij tau txais cov ntaub ntawv ntawm qhov tsis zoo, nws yuav tsis yog ib daim ntawv nrog ntau txhiab qhov tsis zoo nyob thoob plaws tag nrho cov txheej txheem, tab sis cov ntaub ntawv granular suav nrog kev thuam ntawm cov kab ke.
Kauj Ruam #4: Ua Kev Ntsuam Xyuas Cov Txheej Txheem
Thiab tsuas yog nyob rau theem thib plaub peb tuaj yeem soj ntsuam cov txheej txheem los ntawm qhov pom ntawm qhov tsis zoo. Nyob rau theem no, peb pom zoo kom koj ua tib zoo mloog tsis yog rau software vulnerabilities xwb, tab sis kuj rau configuration yuam kev, uas tuaj yeem yog qhov tsis zoo. Ntawm no peb pom zoo rau tus neeg sawv cev txoj kev sau cov ntaub ntawv. Scanners tuaj yeem siv thiab yuav tsum tau siv los ntsuas qhov kev nyab xeeb ntawm ib puag ncig. Yog tias koj siv cov peev txheej ntawm cov chaw muab huab, ces koj kuj yuav tsum tau sau cov ntaub ntawv ntawm cov cuab tam thiab teeb tsa los ntawm qhov ntawd. Ua tib zoo saib xyuas tshwj xeeb rau kev txheeb xyuas qhov tsis zoo hauv cov txheej txheem siv Docker ntim.
Kauj Ruam #5: teeb tsa kev tshaj tawm
Qhov no yog ib qho tseem ceeb hauv cov txheej txheem kev tswj hwm qhov tsis zoo.
Thawj qhov taw tes: tsis muaj leej twg yuav ua haujlwm nrog ntau nplooj ntawv tshaj tawm nrog cov npe random ntawm qhov tsis zoo thiab cov lus piav qhia txog kev tshem tawm lawv li cas. Ua ntej tshaj plaws, koj yuav tsum sib txuas lus nrog cov npoj yaig thiab nrhiav seb yuav tsum muaj dab tsi hauv daim ntawv tshaj tawm thiab yuav ua li cas nws yooj yim dua rau lawv kom tau txais cov ntaub ntawv. Piv txwv li, qee tus thawj coj tsis xav tau cov lus piav qhia ntxaws txog qhov tsis zoo thiab tsuas yog xav tau cov ntaub ntawv hais txog thaj thiab qhov txuas rau nws. Lwm tus kws tshaj lij tsuas yog saib xyuas qhov tsis zoo uas pom muaj nyob hauv network infrastructure.
Qhov thib ob: los ntawm kev tshaj tawm kuv txhais tau tias tsis yog ntawv tshaj tawm xwb. Qhov no yog ib hom ntawv tshaj tawm rau kev tau txais cov ntaub ntawv thiab zaj dab neeg zoo li qub. Ib tug neeg tau txais tsab ntawv ceeb toom thiab tsis tuaj yeem cuam tshuam li cas cov ntaub ntawv yuav raug nthuav tawm hauv tsab ntawv ceeb toom no. Yuav kom tau txais daim ntawv tshaj tawm hauv daim ntawv xav tau, tus kws tshaj lij IT yuav tsum hu rau tus kws paub txog kev ruaj ntseg cov ntaub ntawv thiab hais kom nws rov tsim daim ntawv tshaj tawm. Raws li lub sij hawm mus, tshiab vulnerabilities tshwm. Tsis txhob thawb cov ntawv ceeb toom los ntawm lub tuam tsev mus rau chav haujlwm, cov kws tshaj lij hauv ob qho kev qhuab qhia yuav tsum tuaj yeem saib xyuas cov ntaub ntawv hauv online thiab pom tib daim duab. Yog li ntawd, nyob rau hauv peb lub platform peb siv dynamic cov ntaub ntawv nyob rau hauv daim ntawv ntawm customizable dashboards.
Kauj Ruam #6: Ua ntej
Ntawm no koj tuaj yeem ua cov hauv qab no:
1. Tsim ib lub repository nrog golden dluab ntawm systems. Ua haujlwm nrog cov duab golden, tshawb xyuas lawv rau qhov tsis zoo thiab txhim kho kev teeb tsa tsis tu ncua. Qhov no tuaj yeem ua tiav nrog kev pab los ntawm cov neeg sawv cev uas yuav cia li qhia txog qhov tshwm sim ntawm cov cuab tam tshiab thiab muab cov ntaub ntawv hais txog nws qhov tsis zoo.
2. Tsom ntsoov rau cov khoom muaj nqis uas tseem ceeb rau kev lag luam. Tsis muaj ib lub koom haum hauv ntiaj teb uas tuaj yeem tshem tawm qhov tsis zoo hauv ib qho mus. Cov txheej txheem ntawm kev tshem tawm qhov tsis zoo yog qhov ntev thiab txawm tias nyuaj.
3. Txo qhov chaw nres. Ntxuav koj cov infrastructure ntawm cov software tsis tsim nyog thiab cov kev pabcuam, kaw cov chaw nres nkoj tsis tsim nyog. Peb tsis ntev los no tau muaj rooj plaub nrog ib lub tuam txhab uas muaj txog 40 txhiab qhov tsis zoo uas cuam tshuam nrog cov qub version ntawm Mozilla browser tau pom ntawm 100 txhiab khoom siv. Raws li nws tau tshwm sim tom qab, Mozilla tau nkag mus rau hauv cov duab golden ntau xyoo dhau los, tsis muaj leej twg siv nws, tab sis nws yog lub hauv paus ntawm ntau qhov tsis zoo. Thaum lub browser raug tshem tawm ntawm cov khoos phis tawj (nws txawm nyob rau qee lub servers), cov kaum tawm txhiab qhov tsis zoo no ploj mus.
4. Rank vulnerabilities raws li kev hem thawj. Xav txog tsis yog tsuas yog qhov kev thuam ntawm qhov tsis zoo, tab sis kuj tseem muaj kev siv pej xeem, malware, thaj chaw, lossis sab nraud nkag mus rau lub kaw lus nrog qhov tsis zoo. Txheeb xyuas qhov cuam tshuam ntawm qhov tsis zoo no rau cov kev lag luam tseem ceeb: nws tuaj yeem ua rau cov ntaub ntawv poob, tsis kam lees txais kev pabcuam, thiab lwm yam.
Kauj Ruam #7: Pom zoo rau KPIs
Tsis txhob scan rau lub hom phiaj ntawm scanning. Yog tias tsis muaj dab tsi tshwm sim rau qhov tsis pom kev pom, ces qhov kev tshuaj ntsuam no hloov mus ua haujlwm tsis muaj txiaj ntsig. Txhawm rau tiv thaiv kev ua haujlwm nrog qhov tsis zoo los ntawm kev ua haujlwm, xav txog seb koj yuav ntsuas nws cov txiaj ntsig li cas. Cov ntaub ntawv kev ruaj ntseg thiab IT yuav tsum pom zoo txog yuav ua li cas kev ua haujlwm txhawm rau tshem tawm qhov tsis zoo yuav raug teeb tsa, yuav ua li cas scans ntau zaus, thaj ua rau thaj yuav raug teeb tsa, thiab lwm yam.
Ntawm tus swb koj pom cov piv txwv ntawm qhov ua tau KPIs. Kuj tseem muaj cov npe txuas ntxiv uas peb pom zoo rau peb cov neeg siv khoom. Yog tias koj txaus siab, thov hu rau kuv, kuv yuav qhia cov ntaub ntawv no rau koj.
Kauj ruam #8: Automate
Rov qab mus rau scanning dua. Ntawm Qualys, peb ntseeg tias kev luam theej duab yog qhov tsis tseem ceeb tshaj plaws uas tuaj yeem tshwm sim hauv cov txheej txheem kev tswj hwm qhov tsis zoo niaj hnub no, thiab ua ntej ntawm tag nrho nws yuav tsum tau ua kom tiav ntau li ntau tau kom nws ua tau yam tsis muaj kev koom tes ntawm tus kws tshaj lij kev ruaj ntseg cov ntaub ntawv. Niaj hnub no muaj ntau yam cuab yeej uas tso cai rau koj ua qhov no. Nws yog txaus tias lawv muaj qhov qhib API thiab yuav tsum muaj tus lej txuas.
Qhov piv txwv kuv nyiam muab yog DevOps. Yog tias koj siv lub tshuab ntsuas qhov tsis zoo nyob ntawd, koj tuaj yeem tsis nco qab txog DevOps. Nrog cov thev naus laus zis qub, uas yog lub scanner classic, koj tsuas yog yuav tsis raug tso cai rau hauv cov txheej txheem no. Cov neeg tsim tawm yuav tsis tos koj los luam theej duab thiab muab lawv ntau nplooj ntawv, tsis yooj yim tshaj tawm. Cov neeg tsim khoom cia siab tias cov ntaub ntawv hais txog qhov tsis zoo yuav nkag mus rau lawv cov kab ke sib dhos hauv cov ntaub ntawv kab laum. Kev ruaj ntseg yuav tsum tau seamlessly tsim rau hauv cov txheej txheem no, thiab nws yuav tsum tsuas yog ib tug feature uas tau txais kev hu los ntawm lub kaw lus siv los ntawm koj developers.
Kauj Ruam 9: Tsom ntsoov rau qhov tseem ceeb
Tsom ntsoov rau qhov uas coj tus nqi tiag tiag rau koj lub tuam txhab. Scans tuaj yeem tsis siv neeg, cov ntaub ntawv tseem tuaj yeem xa tuaj.
Tsom ntsoov rau kev txhim kho cov txheej txheem kom lawv hloov tau yooj yim dua thiab yooj yim rau txhua tus neeg koom nrog. Ua kom pom tseeb tias kev ruaj ntseg tau tsim rau hauv txhua daim ntawv cog lus nrog koj cov neeg koom tes, uas, piv txwv li, tsim cov ntawv thov web rau koj.
Yog tias koj xav tau cov ntaub ntawv ntxaws ntxiv txog yuav ua li cas los tsim cov txheej txheem kev tswj hwm qhov tsis zoo hauv koj lub tuam txhab, thov hu rau kuv thiab kuv cov npoj yaig. Kuv yuav zoo siab pab.
Tau qhov twg los: www.hab.com