If you're one of the unfortunate ones who woke up to a frantic text from their boss this morning, there's some small consolation: today's OpenSSL vulnerabilities probably aren't as horrific as Heartbleed! Hooray, great job everyone! The bad news is that you still have to patch your environment, and before you can even do that—do you even know what you've got?
There's a kind of configuration "fog of war" over IT that's been a fact of life for as long as IT has been around, especially in established environments. Sure, you could manually dig into each machine and run openssl version, or spend the afternoon scripting a solution if you're fancy, but that amount of work will only get you through today. You need to make room in your tool chest for a universal configuration scanner and system of record.
Using UpGuard, finding every instance of OpenSSL is as simple as using the search function to locate the package and its version number anywhere it exists in your environment. (To make it even easier for today's particular crisis, we've also implemented an OpenSSL policy under the Policies menu.)
In seconds, you'll know exactly where OpenSSL exists throughout your datacenter. But UpGuard isn't just for tracking OpenSSL—it's for anything. UpGuard monitors not only packages, but user accounts, network ports, config files, and practically every other piece of information about how a device is configured. That kind of task could take a team days or weeks to do by hand for a one-time snapshot, while UpGuard routinely scans your environment and alerts you to discrepancies.
Oh, and remember Shell Shock? We used UpGuard in-house to find affected versions of bash, and knew right away what we had to patch and where. We surprised ourselves with that one. Once your entire IT configuration state is continuously catalogued and monitored, discovering your susceptibility to vulnerabilities becomes trivial.