http://gcn.com/articles/2013/06/17/nist-dhs-push-security-automation.aspx
By William Jackson
GCN.com
June 17, 2013
The future of network security is automation, using various tools to monitor
systems and network traffic for signs of trouble, alert administrators and even
respond to attacks on their own. Automation can handle jobs that otherwise
would have to be done by IT staff members, who are then freed up for other
tasks.
Agencies face challenges in getting to an automated environment, however,
whether because of tight budgets, complex systems or automated tools that don’t
necessarily work together. The federal government is supporting the effort by
developing the standards that are necessary for interoperable tools and
offering intrusion detection and prevention as a service to agencies.
SCAP
The government is working to create a standards-based security environment
through the Security Content Automation Protocol (SCAP), a suite of
interoperable specifications developed at the National Institute of Standards
and Technology in collaboration with the public- and private-sector security
community.
Although NIST’s agenda for security automation goes beyond vulnerability
management, SCAP in its present form, Version 1.2, deals primarily with
endpoint compliance for configuration requirements. The specifications,
contained in Special Publication 800-126, support automated configuration,
vulnerability and patch checking, technical control compliance and security
measurement.
[...]
_______________________________________________
ISN mailing list
[email protected]
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
