sb-au logo
Story image

Puppet launches vulnerability remediation product

22 Aug 2019

Puppet has announced its first vulnerability remediation solution, Puppet Remediate, with initial channel partners, Bitbone and Fishtech.

According to Forresters 2018 security survey published in 2018, 58% of enterprise organisations suffered a breach at least once in the previous year, and over 41% of those external breaches exploited some software vulnerability.

The problem is that the vulnerability management workflow from vulnerability reports run by security teams to vulnerability remediation done by IT operators is fragmented and manual, making vulnerability remediation slow and leaving IT infrastructure exposed to external attacks for too long. 

A 2018 report by the Ponemon Institute found organisations spend around 320 hours a week on vulnerability responses.

The vulnerability management process most organisations use today is not sustainable for reducing the security risk of external attacks.

“There is a major gap between sophisticated scanning tools that identify vulnerabilities and the fragmented and manual, error-prone approach of fixing these vulnerabilities,” says Puppet product head Matt Waxman.

“Puppet Remediate closes this gap giving IT the insight they need to end the current work associated with vulnerability remediation to ensure they are keeping their organisation safe.”

Puppet Remediate reduces the time from vulnerability detection to remediation across a company’s infrastructure through key integrations with security partners to unify infrastructure and vulnerability data, quick identification of what infrastructure resources are impacted by vulnerabilities, and the ability to take immediate action to remediate vulnerable packages without requiring any agent technology on the vulnerable systems on both Linux and Windows through SSH and WinRM.

Key features of Puppet’s product include:

Shared vulnerability data between Security and IT Ops

Puppet Remediate unifies infrastructure data with vulnerability data from Tenable, Qualys and Rapid7 to prioritise vulnerabilities.

This also allows IT Ops to get access to vulnerability data in real-time, reducing delays and eliminating risks related to manual handover of data.

Risk-based prioritisation

IT can prioritise the most mission-critical systems and identify vulnerabilities within the organisation's systems to separate signal from noise based on infrastructure context.

With a dashboard that lists the most critical vulnerabilities, IT Ops can quickly learn what assets have vulnerabilities at a glance and determine what to fix first.

Agentless remediation

In 2018, 8 out of the Top 10 CVEs reported could be remediated with a package update. Puppet Remediate includes four pre-built tasks, including the ability to update packages.

IT Ops can take immediate action to remediate a vulnerability without leaving the application or having to use a CLI or write scripts and, without requiring any agent technology on the vulnerable systems.

Remediate can also load modules from the Puppet Forge where a vast community of IT operators, security analysts, developers, and partners share ready-to-automate solutions as Bolt Tasks.

Channel partners provide an established infrastructure and infosec practice

Initial channel partners were selected based on their established infrastructure and InfoSec practices and ability to bridge the gap that exists between security and IT practices in enterprises.

The channel partners already sell into the vulnerability assessment market with products from Qualys, Rapid7 and Tenable.

A 2018 report from IDC valued the vulnerability assessment market at $1.7 billion.

"Puppet Remediate offers real added value with its new functions to our customers,” says Bitbone AG CEO Sebastian Scheuring.

“It drastically automates the workflow of vulnerability remediation through taking out the manual, mundane and error-prone steps that are required to remediate vulnerabilities. Continuous scans, remediation tasks and short cycles of update processes significantly increase the security level of IT environments."

Story image
Video: 10 Minute IT Jam - Who is Axis Communications?
Today, Techday speaks with Axis Communications ANZ country manager Wai King Wong about Axis' core products and offerings, their presence in the A/NZ market, their various product integrations, and more.More
Link image
Nine developer enablement practices to achieve DevOps at enterprise scale
Senior software engineering leader with experience at multiple Fortune 500 companies shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More
Link image
Driving cloud cost efficiency with performance monitoring
Cloud infrastructure sprawl sneaks up on organisations through a series of individual decisions that in aggregate become inefficient. Thomas Dittmer shares how performance monitoring helped TravelSupermarket reduce cloud costs by 50%More
Story image
Webinar: How IAM counters the complex threat landscape
In this webinar, experts will discuss how identity access management (IAM) and cyber hygiene best practice can help organisations fight back against escalating cybercrime activities.More
Download image
The three essentials of authentication, according to RSA
Pervasiveness, connectivity, and continuity: Without them, you may as well leave your organisation's front door wide open.More