• Home
  • >
  • DevOps News
  • >
  • SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology 2022

SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology in today’s post !

Read more about SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology at Wikipedia

You can find content about SaltStack Expands into Security Compliance Scanning and Remediation – InApps Technology from the Wikipedia website

SaltStack wants to save operations folk from “audit hell.”

A new feature of the company’s flagship configuration management software Saltstack Enterprise will include capabilities for auditing and instant remediation of configuration errors and vulnerabilities.

SaltStack debuted SaltStack SecOps, which will become generally available early next year, at the company’s annual user conference, SaltConf18, being held in Salt Lake City this week.

The feature came about as a result of getting a lot of questions from users about how to extend the Salt configuration management software to also encompass security, noted Alex Peay, SaltStack vice president of product.

An increasing number of organizations have been using scanning assessment tools from security providers. Such tools typically can scan a set of machines to ensure they are configured correctly, and issue a report listing the machines that failed the audit, and what the specific issues are. An incorrectly configured machine can offer malicious attackers and entry point to do damage.

“We approach this problem differently than all the other assessment tools out there,” Peay said, noting that it takes advantage of Salt’s complex targeting capabilities to offer a fully automated discovery and instant remediation service, a first for both configuration management and security compliance software.

While existing services from the security companies can help in meeting external or internal security and compliance requirements, they pose a challenge for operations teams, who must fix the troubled computers after a scan and rerun the scan, Peay explained. Sometimes the machine can be fixed through a tool such as SaltStack’s, or by manual scripts. But the task of moving the list of issues into a remediation process is a manual — and time-consuming — one.

Read More:   DoctorFirst

“It leads to a lot of late nights and weekends,” said Peay. And for an organization moving to an automated DevOps process, remediation can be a serious bottleneck.

SaltStack automates the process of discovery and remediation. The software can check thousands of machines, and, if configuration errors are found, immediately fix them. Or, it can generate a report, allowing the administrator to set a time to fix them (during off-hours, for instance).

Initially, SaltStack will use desired configuration settings from the Center for Information Security (CIS), the U.S. Defense Information Agency’s Security Technical Implementation Guides (DISA STIGS), and the National Institute of Standards and Technology (NIST). Such guides have thousands of checks for operating systems, ranging from shutting down a telnet port to defining settings that guide user access permissions. Users can also define their own checks, and use a mixture of external and internal compliance checklists.

Such a remediation service can be easily executed by Salt Minions, the agents installed on each Salt-controlled machine. The service will initially support most widely used Linux and Unix distributions, as well as recent editions of Windows. The configurations will be managed in-house and kept on a public repository (likely GitHub).

Initially, SaltStack SecOps will focus on configuration settings, though over time it may include other security needs, such as patch management and vulnerability remediation, Peay said.

 

Rate this post
As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...