One of the keys to good software is good testing. There are well-known testing suites for back end code – things like junit and py.test. There are also good front-end testing tools – things like Selenium. But for testing distributed systems there aren’t so many well-known tools – because the problem is quite different, and harder. In this blog post we’ll cover the “Fuzzy Monkey” methodology used for testing three different successful distributed systems (including the Assimilation Suite) – its history and how and why it works.
In June, I’ll be giving a talk at SLC DevOpsDays 2016 (Salt Lake City) – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, and one of the common goals of DevOps is greater velocity – more changes faster. At SLC DevOpsDays 2016, I’ll be giving practical how-to talk, where you can learn how to begin securing your systems in 15 minutes, andwill cover two new features I’ve never demonstrated or talked about before – detailed Docker discovery, and subgraph queries. Although I have a blog post on Docker discovery, I haven’t talked about our new canned subgraph queries. They help you understand and visualize how all your servers and networks are related to each other.
Docker is one of the hottest up-and-coming IT trends around. Sometimes when you see a trend, it turns out to be more hype than reality. Since we use Docker in the Assimilation Suite for building and for testing, we’ve had a chance to examine Docker in some detail. Although there is plenty of hype around Docker, there is also a good bit of reality to the excitement around it as well. Since our current release provides minimal support for Docker containers, we’re excited to announce that our next release will fully support Docker. This article provides an overview of how we are adding full Docker support to the Assimilation Suite.
I just got back from the 2016 DevOpsDaysRox conference last week. I’d like to talk a little about my presentation on the Assimilation suite from the cybersecurity perspective, and how what I learned and heard at the conference will influence future Assimilation development – particularly regarding Docker. After the conference, Docker even entered my dreams, morphing into how best to support it in Assimilation. It was a bit surreal, but so was giving my talk – which I’ll explain a bit later in this article.
Last Thursday, I had the privilege of speaking at DevOpsDaysRox (Rockies) at the Fortrust data center in Denver. A bit weird speaking in undeveloped space in a data center, but somehow fitting for a DevOps conference. The talk was about 10 minutes worth of talk (slides on speakerdeck), and about 20 minutes worth of live demonstration. The live demonstration covered some of the same things that I’ve covered in our blog before.
In previous articles we gave some introductory material on how to get started with the Assimilation software for security. In this article, we go into more depth and suggest a good way to improve your security by spending a half-day with the Assimilation software. We cover setting up email alerts for security changes, fixing your security issues, and setting up the Assimilation software on more systems.
I attended the DevOpsDaysRox (Rockies) conference last year, and it was a great conference – great speakers, interesting people at the conference in a good venue. This year, I’ll be giving a talk at DevOpsDaysRox 2016 – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, […]
No matter your threat model, you need to understand what you have (“know yourself“). In An Hour Towards Better Security, we’ll go past the initial Assimilation installation and attack surface visualization and show you how to triage your security issues to create an efficient attack plan to get your site to follow security best practices.
Securing your systems is a daunting task – it feels like eating an elephant. When compared to hardening guidelines like the DISA/NIST STIGs, a single out-of-the-box system can have a hundred or more issues. When you multiply that by a large number of systems, despair and paralysis can easily set in. This article (fifteen minutes to better security) is first in a series which outline a process for efficiently measuring, triaging, and managing your journey towards a better security posture for your servers.
No matter your threat model, you need to understand what you have (“know yourself”). We help you begin this journey with activities which will teach you a surprising amount about your current status and the work ahead of you in 15 minutes. This article is not designed to teach you about security – I assume you know why you want to secure your servers, and have general background on system hardening.
We just put out a new Assimilation release with a few bug fixes, and a few new features. The new features center around visualization, security, with even more emphasis on helping you “eat the elephant” of getting you into a better security posture. In this post, we’ll explain more in detail what these features are and how they will help you improve and maintain your security posture.