I attended the DevOpsDaysRox (Rockies) conference last year, and it was a great conference – great speakers, interesting people at the conference in a good venue. This year, I’ll be giving a talk at DevOpsDaysRox 2016 – about the intersection of DevOps and security. This is a challenging space, since security has trouble keeping up with “normal” IT, […]
Securing your systems is a daunting task – it feels like eating an elephant. When compared to hardening guidelines like the DISA/NIST STIGs, a single out-of-the-box system can have a hundred or more issues. When you multiply that by a large number of systems, despair and paralysis can easily set in. This article (fifteen minutes to better security) is first in a series which outline a process for efficiently measuring, triaging, and managing your journey towards a better security posture for your servers.
No matter your threat model, you need to understand what you have (“know yourself”). We help you begin this journey with activities which will teach you a surprising amount about your current status and the work ahead of you in 15 minutes. This article is not designed to teach you about security – I assume you know why you want to secure your servers, and have general background on system hardening.
We just put out a new Assimilation release with a few bug fixes, and a few new features. The new features center around visualization, security, with even more emphasis on helping you “eat the elephant” of getting you into a better security posture. In this post, we’ll explain more in detail what these features are and how they will help you improve and maintain your security posture.
Although the phrase “a picture is worth a thousand words” is a bit trite – it’s true. With 70% of our sensory data coming from vision, and having brains that are good at visual pattern recognition, humans are better at processing visualizations than we are at poring over numerous different text data sources. In this blog post, we’ll explore an attack surface visualization we’ve put together to help you better understand and manage server security.
According to Verizon, there’s an 71% chance that you are already out of compliance with your security guidelines – assuming you complied with security best practices in the first place. If not, the chances are higher. A few weeks ago, we did a security survey. I’ll share a little of that data, and how people’s perceptions seem to be out of line with the Verizon study.
If you manage, secure, or plan for IT environments or DevOps, we’d love for you to take our System Management survey. Right now, we’re busy planning on how to make the Assimilation Suite better in 2016. Your responses will be a huge help in giving us a sharp focus on how best to improve IT management for you and others in the IT community. If you can help us out, we’ll send you a small token of our appreciation
Those of you who’ve been following my blog for a while know something about the Assimilation System Management Suite – how it provides an always up-to-date CMDB, integrated monitoring, continuous security monitoring, and an up-to-date network map – in an incredibly scalable way with near-zero configuration – and how it does all this without setting of network security alarms.
If you haven’t given it a try yet, now is the perfect time – because we just announced version 1.1.0 of the Assimilation Suite, and to celebrate we’re offering a limited number of supported free trials.
I just got an email from Bernd Erk, saying that the 2015 Open Source Monitoring Conference is filling up. From my perspective, that’s a good thing, because we have a great talk and demo to give there and are excited to be speaking there again. From your perspective, this may be a good thing only if you hurry up and register – since this is the only conference we’ve spoken at outside the US this year.
Although Linux systems are by-and-large more secure than many other systems, they still need to be administered intelligently. Stupid configurations often lead to unfortunate results. According to Akamai: “As the number of Linux environments has grown, the potential opportunity and rewards for criminals has also grown”. As part of the IT best practices project, I’ve recently added a rule which disallows password authentication over ssh. This blog post explains this, and why people who manage Linux systems should care.
Last weekend, I had the honor of giving the opening keynote on Friday at the 2015 Ohio LinuxFest and a session presentation on the Assimilation project the next day. Both talks were very well-received, but the reception the Assimilation project talk received from the standing-room audience was extraordinary. So it seems good to give a summary of the talk and why I think they resonated so strongly to it.