How the right CMDB can improve your security posture

How the right CMDB can improve your security posture

In a couple of earlier blog posts, I wrote an article about what characteristics would make a CMDB suitable for a “modern” DevOps-like environment. The first article talked about what characteristics one would like in such a CMDB. The second article evaluated the Assimilation Suite in terms of those characteristics. This article discusses how a CMDB can improve your security posture.

In today’s blog post, I’d like to do something similar – but looking at a CMDB from a security perspective. That is, this blog post is the first part of a discussion of what a security-oriented CMDB ought to look like and how it can improve your security posture.

Resilience Testing Distributed Systems with Fuzzy Monkey Testing

Fuzzy Monkey testing distributed systems - Red Colobus from Wikipedia

One of the keys to good software is good testing. There are well-known testing suites for back end code – things like junit and py.test. There are also good front-end testing tools – things like Selenium. But for testing distributed systems there aren’t so many well-known tools – because the problem is quite different, and harder. In this blog post we’ll cover the “Fuzzy Monkey” methodology used for testing three different successful distributed systems (including the Assimilation Suite) – its history and how and why it works.

SLC DevOpsDays 2016 – Come Get Assimilated!

2016 DevOpsDays SLC 2016 SLC DevOpsDays 2016

In June, I’ll be giving a talk at SLC DevOpsDays 2016 (Salt Lake City) – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, and one of the common goals of DevOps is greater velocity – more changes faster. At SLC DevOpsDays 2016, I’ll be giving practical how-to talk, where you can learn how to begin securing your systems in 15 minutes, andwill cover two new features I’ve never demonstrated or talked about before – detailed Docker discovery, and subgraph queries. Although I have a blog post on Docker discovery, I haven’t talked about our new canned subgraph queries. They help you understand and visualize how all your servers and networks are related to each other.

Assimilation Talk at the 2016 DevOps Rockies Conference

2016 DevOpsDaysRox 2016 DevOps Rockies Conference

I just got back from the 2016 DevOpsDaysRox conference last week. I’d like to talk a little about my presentation on the Assimilation suite from the cybersecurity perspective, and how what I learned and heard at the conference will influence future Assimilation development – particularly regarding Docker. After the conference, Docker even entered my dreams, morphing into how best to support it in Assimilation. It was a bit surreal, but so was giving my talk – which I’ll explain a bit later in this article.

Last Thursday, I had the privilege of speaking at DevOpsDaysRox (Rockies) at the Fortrust data center in Denver. A bit weird speaking in undeveloped space in a data center, but somehow fitting for a DevOps conference. The talk was about 10 minutes worth of talk (slides on speakerdeck), and about 20 minutes worth of live demonstration. The live demonstration covered some of the same things that I’ve covered in our blog before.

A Half-Day To Better Security

a half-day to better security - grab hold of your network before the bad guys do

In previous articles we gave some introductory material on how to get started with the Assimilation software for security. In this article, we go into more depth and suggest a good way to improve your security by spending a half-day with the Assimilation software. We cover setting up email alerts for security changes, fixing your security issues, and setting up the Assimilation software on more systems.

DevOpsDaysRox 2016

2016 DevOpsDaysRox 2016 DevOps Rockies Conference

I attended the DevOpsDaysRox (Rockies) conference last year, and it was a great conference – great speakers, interesting people at the conference in a good venue. This year, I’ll be giving a talk at DevOpsDaysRox 2016 – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, […]

Writing an Assimilation Discovery Agent

assimilation discovery agent image: grabbing cogs

One of the coolest things about the Assimilation System Management Suite is that it can discover nearly anything – and it’s easy to write your own Assimilation discovery agent and discover something new. Now, you can finally know it all! In this blog post, I’ll explain how to write a discovery agent, and how to fully integrate it into the suite.

Linux Magazin highlights “Innovative” Assimilation Suite

Picture of Alan Robertson from the German publication Linux Magazin

Back in November of last year, I presented at the Open Source Monitoring Conference (OSMC) – and the talk went really well. Just today I found out we’ve been featured in the German publication Linux Magazin – and they said some very nice things about us in their article about the OSMC. I wrote a bit […]

System Management Survey

Survey form - for taking surveys ;-)

If you manage, secure, or plan for IT environments or DevOps, we’d love for you to take our System Management survey. Right now, we’re busy planning on how to make the Assimilation Suite better in 2016. Your responses will be a huge help in giving us a sharp focus on how best to improve IT management for you and others in the IT community. If you can help us out, we’ll send you a small token of our appreciation

Assimilation Release 1.1.2 “Happy 2016” is out!

Download Assimilation Release 1.1.2 - the Happy 2016 release

On January 2nd we put out version 1.1.2 of the Assimilation System Management Suite – the Happy 2016 release. This release adds enhancements related to best practice analyses and adds support for openSUSE, Scientific, and ScientificFermi Linux – along with a few bug fixes. We also have some surveys that we’d love for people to take – to help direct us in our future work.
As we have in the past, we offer supported free trials of the Linux version of our system management suite – just follow the download link and the instructions you’ll find there.