Category Archives: Blog Posts

Posted on

Cybersecurity Roadmap for The Assimilation System Management Suite

Past Present And Future Signpost Showing Assimilation Cybersecurity Evolution (Roadmap) 2016 Security Roadmap

The Assimilation System Management Suite (ASMS) provides integrated capabilities in monitoring, general system management, network management, and cybersecurity. The next few releases will concentrate on strengthening our cybersecurity portfolio of low-noise automated security tools. The new capabilities include security best practice analyses, checksum integrity analyses, and patch tracking and management and integration with a few SIEM products. This post talks about our plans for those releases in more detail.

Posted on

The IT Zombie Apocalypse is Here!

Zombie outbreak sign (for an article about Zombie servers)

Although this article and title are a bit tongue-in-cheek, the reality behind the title is serious. In the average data center, 30% of their servers are mainly space heaters [they had their brains eaten ;-)]. Given that many data centers are strictly limited on power, cooling and floor space, and that power and maintenance are significant costs, this is a big deal. This happens primarily because the staff managing those servers have don’t have a clear idea of what all their servers are doing.

Posted on

Security compliance: No more drama!

No security compliance drama illustration

Getting into security compliance is a big effort. Worse yet, Verizon says 80% of those who get in compliance have trouble staying there. When you discover you’re out of security compliance, there’s typically high drama if an auditor notices, or even higher drama if your security team discovers you’ve let an intruder in. Too much drama and too much elapsed time reduces security and impairs organizational learning.

What’s needed is a way to find these problems right after they’re created – while the people involved still remember what they did and why they did it. This changes the whole dynamic and creates teachable moments instead of high stress drama – before an intruder or auditor finds the weakness.

Posted on

Security Automation at OSCON on Thursday July 23rd!

OSCON 2015 Logo - Security Automation talk

One of the key things that make DevOps deployments possible is more automation to make things more reliable. These tools include things like Jenkins, Ansible, Chef, Puppet, SaltStack, and even tools like Hubot, and concepts like Infrastructure as Code, Test Automation, and Test Driven Development, Continuous Integration, Continuous Delivery, and ChatOps. These tools have changed the face of system administration in the last decade. Unfortunately, security automation has lagged significantly behind the DevOps movement.

Posted on

Eating the Security Compliance Elephant

How to eat an elephant? One bite at a time

Getting your organization into security compliance is a lot like eating an elephant. It’s a daunting task, but there’s really not much you can do but eat it one bite at a time. A recent Verizon survey indicated that 80% of all organizations surveyed indicated they have trouble staying in compliance. For these organizations, they get to eat that elephant again and again – and worse yet, under the critical eye of an auditor. Once you eaten the elephant, you don’t want it to become an annual event.

Posted on

There Is Always Another Way

always another way

When it looks like you’re stuck and it seems like you have no way out, if you’re willing to admit you were wrong, perhaps you can find another way to solve your problem. Although the story I tell below is a software development, manufacturing and product management story, the moral applies in lots of places. Solve the problem you actually have, not the one you think you have. I learned something important from this story that I value to this day – there’s always another way.

Posted on

Finding what’s hidden in plain sight

Back in the 90s I was involved with about 100 other people in a project to develop a new voice mail system – software, hardware and firmware. The hardware was a completely new design, and the software was about 70% new. Along the way we stumbled into something that improved our end quality in a way that can reasonably be described as stunning. What we discovered was how to ask questions in a way that brought important things that “everyone knows” (and are effectively hidden in plain sight) to the attention of those who can do something about it.

Posted on

Announcing the IT Best Practices Community

Cybersecurity best practices community

Computer security is problematic today, is expected to get worse for years to come. The security field is widely acknowledged to be suffering from a shortage of qualified security experts. Many people believe that significant improvements in automation are the only way to address this growing problem. Compared to the level of automation that system management has experienced in recent years, security has been estimated to be at least a decade behind.

Our IT Best Practices community was created to help support security automation efforts. We aim to collect, categorize and curate mechanically-verifiable best practices for servers, services and networking, in support of the idea of “best practices as code”.

Posted on

The Incredible Power Of The Right Questions

The Incredible Power of Good Questions

There is incredible power in asking the right questions, and following the answers where they lead – especially when they lead to uncomfortable places.

As you probably remember, in March, 2011, a magnitude 9.0 earthquake hit Japan resulting in a massive tsunami which damaged the Fukushima nuclear power plant. Some of the most serious damage occurred because there was no power to cool the reactor.

Posted on

Scalability from Doing Nothing?

Scalability is the ability to respond gracefully to increased workload. When you have enough of it, life is good. When you have trouble scaling up and your workload goes up, as it inevitably does, life becomes complicated, sometimes miserable. In this blog post I tell you why doing nothing can be the best way to scale…