Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

1
COTS Application Profiling
Post Flair (click to view more posts with a particular flair)
Post Body

Looking for a solution that can automate the following....

Right now we have a highly manual process for reviewing/approving COTS applications before they are added to golden images and/or approved for distribution. We manually load the apps in a sandbox environment, manually review the DLLs that are changed on install, manually monitor the the traffic and look for any unusual outbound/inbound connections. This is all highly time consuming (very inefficient) and the quality of the review is subject to the level of precision provided by the person testing the COTS application at any given time (highly variable).

Ideally we'd like to find something that can automate all of that - improving consistency, thoroughness, and efficiency. We'd like to find something that automates all the checks we are currently doing manually, while interfacing with known bad IP address lists, threat intel, etc. to automatically flag risky behaviors for the apps and establish a security score.

Anyone have any recommendations on solutions we should consider? We are an enterprise shop - 30,000 users.

Reiterating that this is for COTS and COTS only. We have SCA, SAST, DAST in our custom application development environment.

Author
Account Strength
50%
Account Age
1 year
Verified Email
Yes
Verified Flair
No
Total Karma
3,347
Link Karma
669
Comment Karma
2,678
Profile updated: 2 days ago
Posts updated: 2 weeks ago

Subreddit

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
9 months ago