UpGuard Blog

Assessing Critical Cyber Risks with UpGuard

Given the complexity of modern information technology, assessing cyber risk can quickly become overwhelming. One of the most pragmatic guides comes from the Center for Internet Security (CIS). While CIS provides a comprehensive list of twenty controls, they also provide guidance on the critical steps that "eliminate the vast majority of your organisation's vulnerabilities." These controls are the foundation of any cyber resilience platform and at the center of UpGuard's capabilities.

Filed under: configuration, configuration management, upguard, cyber risk, vulnerabilities

UpGuard and Puppet - Fits Like a Glove

Going from nothing to automation using one of the many tools available can be a daunting task. How can you automate systems when you’re not even 100% sure how they’ve been configured? The documentation is months out of date and the last guy to configure anything on that box has since left the company to ply his trade somewhere that will more fully appreciate his Ops cowboy routine.

Filed under: IT automation, configuration management, puppet, upguard

Vulnerabilities vs Misconfigurations

Vulnerability assessment is a necessary component of any complete security toolchain, and the most obvious place to start for anyone looking to improve their security. Ironically, starting with vulnerability assessment can actually degrade an organization's overall defense by shifting focus from the cause of most outages and breaches: misconfigurations.

Filed under: configuration testing, system misconfiguration, configuration management, vulnerabilities, misconfiguration

Important Changes in NERC CIP Compliance Between v3 and v5

While it’s not certain that society would become a zombie apocalypse overnight if the power grids failed, it is hard to imagine how any aspect of everyday life would continue in the event of a vast, extended electrical outage. Part of what makes electrical infrastructure resilient against these types of events are the North American Electric Reliability Corporation (NERC) regulatory standards, especially the Critical Infrastructure Protection (CIP) standards, which provide detailed guidelines for both physical and cyber security. The CIP standards evolve along with the available technology and known threats, so they are versioned to provide structured documentation and protocols for companies to move from one iteration of the standards to the next. But the jump from version 3 to version 5 involves many new requirements, so we'll look at some of the differences between the two and what they mean for businesses in the industry.

Filed under: security, configuration management, compliance, cybersecurity, NERC

5 Things About Configuration Management Your Boss Needs To Know

As IT managers and engineers, we can sometimes get so deep in the details of what we do that we struggle to answer the simple questions for our user base and the higher ups. Sure, we can write scripts to automate builds and we can train users on the tools to implement configuration management, but we can also freeze when asked why organizations should have configuration management teams, processes and tools. If this has ever happened to you, remember that you’re not alone.

Filed under: IT automation, configuration management

Controlling DNS Configuration Drift

We received a lot of positive feedback regarding our last article on Controlling SQL Configuration Drift so thought it might be a good idea to continue along that same theme of analysis and follow it up with an article about DNS configuration and some simple steps you can take to prevent configuration drift.

Filed under: guardrail, configuration management, Configuration Drift, dns

Configuration Management in the Real World – One Company’s Story

Trying to translate the concept of Configuration Management for those who do not understand its efficacy is like explaining surfing to an Inuit. It is simply not an inherent part of their culture. Without question, the benefits of Configuration Management can be challenging to grasp to the uninformed. One of the best ways to understand the benefits and use cases is to learn from other enterprise's experiences.

Filed under: configuration testing, configuration management

Monitoring Database Nodes to Remediate Configuration Drift

Controlling database configuration drift is a tricky subject. It's a topic that comes up frequently for us here at UpGuard and customers are always keen to know how they can go about taking control and simplify their configuration management processes. We've all experienced at some time or another that issue that was the result of a database migration that didn't complete, a column that has mysteriously changed data type or an old version of a stored proc or view being restored to a new database.

Filed under: guardrail, SQL, configuration management, Configuration Drift

UpGuard Your ASP.NET Applications

ASP.NET Applications get many configuration settings from their web.config or app.config file. Being able to run the same application across multiple environments used to mean keeping control of different copies of the config file to deploy or even worse manually editing the settings after deploying to each new environment. In recent years it has become possible to do transformations of the web.config files at deploy time using Visual Studio. No matter which method you use, deploying to a new environment and detecting drifting config settings has always been a problem. UpGuard helps to quickly and easily detect these sorts of problemsand make configuration management a breeze.

Filed under: guardrail, configuration testing, configuration management

Catch My Configuration Drift

I shouldn't have to explain the concept of configuration drift to most of you, but just in case, it is the phenomenon where running servers in an infrastructure become more and more different as time goes on, due to manual ad-hoc changes and updates, and general entropy. If you're more of a visual learner, I strongly encourage watching this video from Sesame Street.

Filed under: configuration management, Configuration Drift

Gmail outage reminds us that IT automation is not enough

So you do a bit of IT automation. Maybe you throw in some functional testing for that IT automation too. You have monitoring. You have a top notch engineering team. You're doing enough then, right? Nothing could go wrong?

Filed under: configuration management, devops

Cormac McCarthy on Application Configuration

OK, it's Labor Day weekend. I don't suppose any of you want to read about application configuration. Time to bring a bit of culture into matters then. Arts and culture are very important to us here at UpGuard. OK, so that's a stretch. We may not be brogrammers but we have a lot of Australians working here. Art appreciation often only extends as far as stubby holder (koozie) design. Having said that, and contrary to some rumors that are currently doing the rounds, we can read. I'm a bit of a Cormac McCarthy fan myself (insert disclaimer here that I was into his stuff before Oprah tarnished his cool), and my favorite book of his is Blood Meridian. I won't go into too much detail other than to say if you're into epic tales of debauchery you should check it out.

Filed under: configuration management

Puppet vs CFEngine

While most people think of Puppet and Chef when they’re thinking about Configuration Management tools, other alternatives exist. One notable example is CFEngine. In this post, we’ll compare

Filed under: configuration management, puppet, cfengine

5 Important Skills for Automation Experts to Have

IT testing automation is an important concern of businesses, and a growing field in which IT professionals are able to make a name for themselves. If you are not already involved in automated IT testing, here are a few of the most important skills to have when holding an automation related position.

Filed under: IT automation, chef, configuration management, puppet, devops, ITIL

Weekly Recap – Cloud Computing, SDN, DevOps, and More

Here’s some of the news we came across that interested us this week

The Open DayLight Project – A pretty big development for Software-Defined Networking:

Filed under: configuration management, cloud, devops, SDN

Techno Arms Dealers & High Frequency Traders

Today represents the hottest time to be in financial markets - nanosecond response times, the ability to affect global markets in real time, and lucrative spot deals in dark pools being all the rage. For companies who do business in these times, it is a technical arms race, worthy of a Reagan era analogy.

Filed under: ALM, High Frequency Trading, SDLC, configuration management, devops, HFT

Why Configurations Must be Tested

Configuration testing should not only be an essential step in the overall development process, but also important in the process of installation of new apps for use on web and application servers. Without proper testing, apps can often fail or be open to vulnerabilities. Exposure to attack by hackers or viruses can lead to needless expenses and excessive time correcting these problems. It is not unusual for app developers to overlook the need for configuration testing. This is because they believe that using automated methods, like Chef and Puppet (or other systems that test the deployment of their products), will work just fine. They feel that by using these fully automated processes they can test consistency, reproduce outputs adequately, and determine if things are working as predicted or not. This kind of thinking can delay a timely product delivery, produce unnecessary costs, and create additional workloads to address vulnerabilities that can occur later in production.

Filed under: configuration testing, configuration management, automated testing, automation

DevOps and ITIL Basics

There is a gap that exists between developers and operations in any enterprise dealing with complex and legacy system environments.

Filed under: chef, configuration management, puppet, ITIL, automation

DevOps Basics


Filed under: DevOps Basics, configuration management, ITIL

Infrastructure as Code! You've Got Tests, Right?

You've used Chef/Puppet to automate your infrastructure, you can provision your virtual environment from scratch and deploy all your applications in minute. It’s magical. You've achieved Configuration Management Nirvana. What you've built is repeatable, saves time, increases efficiency and removes human error.

Filed under: configuration testing, chef, configuration management, puppet, automated testing, desired configuration state, IaaS