Cloud Blog Data Center Automation Blog

ZipKits: First Aid Kits for VENOM and Other Ills

Mitchell Sherfey
by Mitchell Sherfey

Zip Kits: Pre-packaged First Aid kits from BMCFaster is pretty much always better, and that’s particularly true when it comes to instituting patches and remediating when new vulnerabilities are identified. The longer it takes to eliminate identified vulnerabilities, the longer there’s the potential that attackers can wreak havoc in an organization. Today’s digital enterprises are more connected and more exposed than ever, so speeding these efforts is getting increasingly vital. Automation plays a key role in keeping the digital enterprise lean, focused on innovation, and hardened against new threats.

Through our automation capabilities, we help make it a lot easier for IT teams to respond efficiently, consistently, and, yes, quickly when these issues arise. By taking a policy-based approach, customers can make complex changes across vast, and varied infrastructures within minutes. In addition, through our timely release of ZipKits (pre-packaged content from BMC—more detail below), we’ve been helping hundreds of organizations respond most effectively when trouble strikes.

Consider the recent case of the VENOM vulnerability, which has the potential to enable an attacker to move beyond a compromised virtual machine guest and expand the compromise to the physical machine. Obviously, mitigating this type of vulnerability is critical. The vulnerability was announced on many sites on May 14, 2015. Within 48 hours, BMC developers had published a ZipKit which provided the necessary patches as well as templates and scripts that significantly streamlined the process of patching the VENOM vulnerability. Over 450 unique visitors came to the BMC Community to learn more about this threat and download the Venom ZipKit.

Simply by leveraging our solutions and the ZipKit, organizations could quickly and uniformly eliminate the risks posed by VENOM. Other ZipKits, such as the Shell Shock or Ghost ZipKits, were provided by BMC Community members within a few days of the security alert. Hundreds of BMC Community members benefited from this rapid response. This follows similar results when issues like Heartbleed and others arose.

A lot of times, remediating vulnerabilities isn’t simply a matter of installing a patch. Scripts may need to be run, configurations checked and modified, and so on. Our ZipKits go beyond basic patches to help take the guesswork, not to mention a lot of the work, out of these efforts. These ZipKits are made by and made for the BMC community. For instance, there are numerous community-created ZipKits that address anything from agent deployment across different platforms to applying ACL policies to components.

Automation and quick response times are critical to the success of the digital enterprise. If you haven’t checked out the available ZipKits, be sure to stop by the BMC Community page to see what’s available.

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn how you can maintain better security and compliance in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

About the author

Mitchell Sherfey

Mitchell Sherfey

As Principal Product Manager at BMC Software, Mitchell Sherfey is responsible for new innovation in IT Automation and the BMC Portal. He has 16 years of experience in high tech software.