If you’re lucky enough to be using both CloudPassage and Puppet in tandem, you know how much easier it is to both automate security for DevOps, while gaining better visibility into workloads. Meaning you can use CloudPassage’s workload protection to detect any vulnerabilities right when they happen, and then use Puppet’s configuration management to have better control over workloads when it comes time to remediate, which should always be as soon as possible!
We make a great team, which is why we joined the Puppet Technology Alliance Partner Program.
So if your organization was one of the many impacted by WannaCry, you would be able to use CloudPassage Halo to effectively detect which servers are vulnerable to such an attack, and which have been compromised. This information is then used by Puppet to update and remediate those servers by upgrading the SMB package to the latest version.
It’s all based on the REST API that Halo provides, (which we might add is extremely easy to integrate with). To begin, all you need to do is:
- Create an API integration server to pull the software vulnerability related issues from Halo.
- Create a ticket within your ticketing system based on the security events collected in the step #1.
- For example, if Halo reported software vulnerabilities, you can commit new Puppet code that ensures the package is at the updated version and then orchestrate the change to your infrastructure using the direct control workflow.
- The diagram below illustrates this process.
The workflow here is simple and something that should be taken advantage of.
WannaCry, and breaches like it, can quickly be dealt with with the right tools to know where you’re vulnerable and how to quickly respond when new vulnerabilities are found. Always make sure that your software has been updated, and use tools like CloudPassage Halo and Puppet to automate as many of your security process as possible, fixing as you go rather than at the end of the month, or year.