In previous articles we gave some introductory material on how to get started with the Assimilation software for security. In this article, we go into more depth and suggest a good way to improve your security by spending a half-day with the Assimilation software. We cover setting up email alerts for security changes, fixing your security issues, and setting up the Assimilation software on more systems.
I attended the DevOpsDaysRox (Rockies) conference last year, and it was a great conference – great speakers, interesting people at the conference in a good venue. This year, I’ll be giving a talk at DevOpsDaysRox 2016 – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, […]
No matter your threat model, you need to understand what you have (“know yourself“). In An Hour Towards Better Security, we’ll go past the initial Assimilation installation and attack surface visualization and show you how to triage your security issues to create an efficient attack plan to get your site to follow security best practices.
Securing your systems is a daunting task – it feels like eating an elephant. When compared to hardening guidelines like the DISA/NIST STIGs, a single out-of-the-box system can have a hundred or more issues. When you multiply that by a large number of systems, despair and paralysis can easily set in. This article (fifteen minutes to better security) is first in a series which outline a process for efficiently measuring, triaging, and managing your journey towards a better security posture for your servers.
No matter your threat model, you need to understand what you have (“know yourself”). We help you begin this journey with activities which will teach you a surprising amount about your current status and the work ahead of you in 15 minutes. This article is not designed to teach you about security – I assume you know why you want to secure your servers, and have general background on system hardening.
We just put out a new Assimilation release with a few bug fixes, and a few new features. The new features center around visualization, security, with even more emphasis on helping you “eat the elephant” of getting you into a better security posture. In this post, we’ll explain more in detail what these features are and how they will help you improve and maintain your security posture.
Although the phrase “a picture is worth a thousand words” is a bit trite – it’s true. With 70% of our sensory data coming from vision, and having brains that are good at visual pattern recognition, humans are better at processing visualizations than we are at poring over numerous different text data sources. In this blog post, we’ll explore an attack surface visualization we’ve put together to help you better understand and manage server security.
One of the coolest things about the Assimilation System Management Suite is that it can discover nearly anything – and it’s easy to write your own Assimilation discovery agent and discover something new. Now, you can finally know it all! In this blog post, I’ll explain how to write a discovery agent, and how to fully integrate it into the suite.
According to Verizon, there’s an 71% chance that you are already out of compliance with your security guidelines – assuming you complied with security best practices in the first place. If not, the chances are higher. A few weeks ago, we did a security survey. I’ll share a little of that data, and how people’s perceptions seem to be out of line with the Verizon study.
S.M.A.R.T. goals are a good idea when setting goals for yourself, or for your company. In this article I discuss how to make your operational and security IT alerting more effective and less noisy by creating SMART alerting – Specific Measurable, Actionable, Relevant and Timely. In this article we explore the idea that alerts for both cybersecurity and operational issues should be SMART alerts.
Alerts that make sure you fix the things that need fixing and don’t waste resources when acting on noisy alerts.
Back in November of last year, I presented at the Open Source Monitoring Conference (OSMC) – and the talk went really well. Just today I found out we’ve been featured in the German publication Linux Magazin – and they said some very nice things about us in their article about the OSMC. I wrote a bit […]