Episode VII - Vulnerability assessment & remediation management integration

"Ahhh, lunch hour on the banks of Impervious. What a sensational day!" thought Dame Domaine, as she took in the light breeze and rolling clouds animating her view of the land's tree lines and restful pastures. Unfortunately, lunch hour lasts only a half hour for knights. And so, it was back to the Kingdom's defense lines and not-so-restful posture.

Meanwhile, Sir Pokehole, having skipped lunch as usual, was starting to feel the stress. His relentless discovery tasks could not be continued on only a bagel and two hours' sleep a day. Likewise, Dame Domaine was feeling perturbed by the patching proliferation posed by Pokey's pen tests.

"D-Day," as she became informally known, heard mumbling.

"What say you, old Poke?" D-Day asked as she entered the Castle NOC.

"My shoes are chocolate bunnies! My shoes are chocolate bunnies!" an incoherent Sir Pokeahole wailed.

It was clear to Dame Domaine that it was time to investigate a better way. So after one last look at Pokey's feet, she called in a consultant...and ordered him a pizza.

"You need patch management! And I'm here to help you," cried the masked consultant as he arrived pushing past the pizza delivery guy.

"But we do patch management. We use tools!" said D-Day.

"Allow me to explain, my lady. I speak of management for patch management. Yes, your tools are only as good as the fiber of your Kingdom, your systems and your protocol allow. And what's more, you will find it manages more than patches!

    Requires Free Membership to View

Ultimately, in real-time, all vulnerabilities can be monitored, managed and eradicated. The inspector's scans we'll render incapacitated! The bugs and pests emaciated! Accurate reporting shall be substantiated!

"I call it 'Vulnerability Assessment & Remediation Management INTegration' or VARMINT for short. A varmint will never quit, ever. VARMINT will solve the 'hole plugging problem' and more. But I must be going. I need to prepare the case, examine the environment, know the inventory, devise a policy, procedures and guidelines, define requirements, ROI...Oh my! I apologize, my lords and lady, for I have tee time in ten minutes with his honor, Judge Smails. I'll be back. Toodaloo and Billy Baroo!" Then the consultant rode off on his high horse.

"You know, D-Day, I think he's on to something."

"What are you talking about, Pokey? That guy's got holes in his head!"

"No, no, think about it," Pokey interrupted. "Real-time knowledge of our inventory -- the configurations, patch status, password compliance...it's security nirvana! Who was that masked man?"

About the author
Bill Kirkendale, CISSP, has been an IT professional for 14 years and is a former United States Marine. He is a senior consultant at BearingPoint.

Last episode: No peasant (or princess) left behind
Next episode: The masked man returns to accomplish his mission and submit to a deposition (turns out the pizza guy was a third-year law student).

This was first published in May 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.