Just surveying the community here...IN general, What's everyone's approach to desktop scanning?
From within MVM Doees anyone really scan for everything? If not, what do you shoot for. SANS top 20, "popular software", Highs only?
Do you scan vpn connected devices?
Just wanted to get a general feel for what is most common..
Thanks everyone in advance.on 4/18/12 8:47:12 AM EDT
We're relatively new to MVM, so I don't have a tried-and-true answer for you. But how about:
Where I hope to go with our desktop scanning:
I would like to be able to say:
These are our configuration and patching policies/procedures/schedules for our desktops
Here's how we provide a check on that via MVM
Here is a count of high-level vulnerabilities, graphed over time (excluding those we have deemed to ignore or that we consider false positives); This provides a reasonable risk metric for our desktops and a reasonable measure of patching effectiveness.
Bear in mind that MVM is not really a patching or configuration-managment product.
MVM has detected vulnerabilities with software that we use but that isn't managed by our patching utility; that makes MVM a useful adjunct to the patching product. MVM has also picked up on situations where the patching product was having a detection issue and simply not applying patches to certain products on certain workstations.
Perhaps others will chime in.
We're looking for an approach strategy and wondering what is the most common. The initial goal of our worktastation scanning is design a scan to reduce scan time due to host volume and change mgmt constraints, reduce risk, and provide value to the process rather than adding too much overhead
-or any iteration of the above
Uncredentialed scans are an easy way to start, and will detect a small(er) volume of vulnerabilities; this could be a manageable approach, depending on your situation.
You won't see most of the vulnerabilities (e.g. Adobe products, most Microsoft issues) without a credentialed scan.
I think it all depends on what your organisation is looking to find or comply with as the case may be. You may want to do a Full vulnerability scan and of course, a network discovery scan (to detect what you really have on your network, as if you do not know what you even have on your network, how will you be able to organise your scan).
You may want to set up MVM to sync with your ePO if you have one installed or get some details from the Active Directory.
As earlier, it all depends on what the organisation counts as important, in terms of reports that come to the Management at the end of the process.
I understand that the approach depends on the goal. The purpose of this post is to see what the most popular/most common approach is, particularly in mid to large sized companies.