This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
Looking for a solution that can automate the following....
Right now we have a highly manual process for reviewing/approving COTS applications before they are added to golden images and/or approved for distribution. We manually load the apps in a sandbox environment, manually review the DLLs that are changed on install, manually monitor the the traffic and look for any unusual outbound/inbound connections. This is all highly time consuming (very inefficient) and the quality of the review is subject to the level of precision provided by the person testing the COTS application at any given time (highly variable).
Ideally we'd like to find something that can automate all of that - improving consistency, thoroughness, and efficiency. We'd like to find something that automates all the checks we are currently doing manually, while interfacing with known bad IP address lists, threat intel, etc. to automatically flag risky behaviors for the apps and establish a security score.
Anyone have any recommendations on solutions we should consider? We are an enterprise shop - 30,000 users.
Reiterating that this is for COTS and COTS only. We have SCA, SAST, DAST in our custom application development environment.
Subreddit
Post Details
- Posted
- 9 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/cybersecuri...