At RedHat, due to the complexity of large amount of systems and information, there is a need for a special CMDB+vulnerability+assets inventory visability to provide a unified view for different risk activities.
In this talk, we will go through our in-house development tool that connects multiple services and attempts to provide relvent security information.
Several of the objectives we are trying to achieve with this tool include:
- Real-time inventry data from multiple cloud/environments
- Vulnerability information mapped to assets/owners
- Mapping visability of external-internal assets
- Attack surface based on assets exposure/vulnerabilties
- Predictions of future attacks
How is this tool different than others?
- Tailored to Red Hat environments (also covers others)
- Provides checks that are required for Red Hat standards & controls