In the last seven days seeing another 200 patches from Google, Mozilla, Adobe, and Microsoft caused a gasp!
Lone SysAdmins have a tough job. They have always had among their responsibilities: hardware, software, user profiles, networking, failover, backup, disaster recovery, and very often web services. However, in the last decade SysAdmins have seen increased duties in virtualization, security monitoring, compliance, and containing the constantly growing fungal spread of 600 million unique malwares.
A decade ago a SysAdmin might have occasionally spent time in some security prevention duties: firewall ports, AV, adware updates, web-filtering, and fighting spam. In many cases some of these duties were done quite similarly between servers and end-user devices. A decade ago, the SysAdmin might have put up a Microsoft WSUS server and let it run itself mainly for OS updates. One concern a decade ago was brute force attacks and the more advanced SysAdmin might have talked about and put in place intrusion detection.
That was a decade ago. There are days brute force attacks look like the good old days!
Today, the SysAdmin has the additional duties of running a true patch management program that includes promptly looking for failures of patch application and applies across all software products, dealing with multiple browsers and their extensions on the same device, intrusion prevention knowing that only detecting an intrusion makes for a bad week, dealing with unexpected configuration vulnerabilities that a vulnerability scanner – either active or passive – detects, responding to different tool security alerts, APT monitoring, active threat capture, advanced malware detection software in case of an infiltration … and … and … and ….
System management now includes more formalized change management, patch management, vulnerability management, alert management, threat management, and compliance management. Among the challenges this brings (besides being spread as thin as a dragonfly’s wings) are new tools “crying wolf” far too often on normal operations, alert fatigue and the potential it brings to miss a critical alert, and finally working less and less with the technology that provides a solution to the users. How does a SysAdmin do it who is dizzy from spinning a chair around from monitor to monitor?
The ordinary struggle and to struggle_with_the_ordinary both take more than perseverance … it takes a plan. A SysAdmin walking into the day unprepared might meet the definition of insanity .
So how does a SysAdmin approach it? Now add “time management” and working on SysAdmin automation in addition to all those other SysAdmin-managements. Seriously!
Let a dev/ops solution take on some of the insanity and with the rest that take “eyeball-time” schedule recurring appointments on the calendar. “Sorry, I can’t meet with you right now, I have an appointment at 10a that must be completed by 11a. I’ll look you up afterwards.” Scheduled duties are completed better than unscheduled ones. Put on your schedule:
1) a recurring weekly time to advance your automation of some of the duties
2) a daily monitoring duties all at once into one daily recurring appointment with yourself: was there a daily backup failure? why did the performance alert go off on GHOST-IN-THEMACHINE_12? what’s the AV console say? Separate the nuisance alerts from the ones worthy of your time …
3) schedule separate recurring times to review those Sysadmin duties that really take diligence and patience and your mind. You know the ones where you have to backtrack through a dozen alerted IPs to see if there really is an issue, a plan to virtualize more of your infrastructure, planning some major major OS upgrades you’ve been putting off.
Systematizing a SysAdmin might be the most unrealistic duty of all but it is key to the administrative and security requirements of the current times … and it might keep those dragonfly wings beating.
Happy Thanksgiving from your Security Team that is very thankful we get to work with you!