DevOps-Ready Platform For Configuration Monitoring

ScriptRock Blog

Subscribe to ScriptRock Blog: eMailAlertsEmail Alerts
Get ScriptRock Blog: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from ScriptRock Blog
For those still holding out for a better alternative to SSL, it’s time to give up the ghost. Though implementations like OpenSSL have seen many a vulnerability as of late, the protocol remains the best ubiquitous technology we have for end-to-end encryption. And with Google’...
From rudimentary topologies to multi-cloud deployments, ScriptRock was designed to provide end-to-end visibility for all types of infrastructures. Our platform gives organizations unprecedented macro and micro-level visibility in even the most complex and heterogeneous IT en...
This might be a little controversial, but we think software pricing should be straightforward and easy to understand. We know this is a radical stance in the world of enterprise software, but bear with us on this one. In our experience, if we're going to pay for something...
We've just released a sweeping update to ScriptRock. It's really, really big– we've changed the core visualization of our product and added large features that seemed impossibly ambitious when we started. For all the changes, the unifying purpose of every feature in ScriptRock remains ...
In a news flash buried beneath a slew of other notable security news items, UCLA Health revealed last week it was the victim of a massive data breach that left 4.5 million patient records compromised. Like previous attacks on Anthem and Premera Blue Cross, the intrusion g...
For those of you harboring secrets behind a website paywall, a word of warning: your skeletons are now easy targets for cyber criminals and nefarious 3rd parties around the globe. The recent data breach and compromise of 3.5 million Ashley Madison user accounts may turn out ...
Oracle released a critical patch on Tuesday to fix a whopping 193 new security vulnerabilities across its line of database solutions and products. Included in the update are fixes to 25 vulnerabilities in the Java platform alone, including a new high-risk, zero-day vulnerabi...
Good configuration management (CM) makes the world go 'round, misconfigurations makes it grind to a halt. If in doubt, consider for a moment that in the last couple years CM issues have crashed an Airbus, leveled a billion dollar financial firm, and somewhat surprisingl...
The OpenSSL Project Team announced a high severity bug in their open source implementation of SSL today that could allow the bypassing of checks on untrusted certificates (read: man-in-the-middle attacks). Find out which versions of OpenSSL are impacted, and what you need to...
For those of you planning on enjoying the sunset on June 30, 2015—an extra second of bliss awaits, compliments of the Earth’s inconsistent wobble. However, if Y2K sent you running for the hills, start packing again. Analysts predict technological fallout ranging from und...
Full stack development is all the rage these days, and for good reason: developers with both front-end web development skills and back-end/server coding prowess clearly offer substantially more value to their respective organizations. The ability to traverse the entire stack c...
Networking giant Cisco recently released its Annual Security Report highlighting trends in data breaches and threats from the previous year, and its findings—while similar to other recent reports (e.g., Verizon DBIR, Trend Micro Security Roundup)—offer some unique insights r...
Sports is big business, and where money and competition collide—laws will be broken. This aptly describes the latest hack involving the St. Louis Cardinals and Houston Astros, though admittedly—it sounds more like a teaser for a Hollywood blockbuster. Corporate espionage in ...
The short answer: it’s not. This was certainly the case for Kaspersky Labs, who announced yesterday that its corporate networks were hacked using a sophisticated advanced persistent threat (APT) dubbed Duqu 2.0. Though the word “sophisticated” is used rather liberally these ...
On March 18, 2015, system administrators and developers received ominous news: two high severity vulnerabilities in OpenSSL would be announced the next day. Since Heartbleed, OpenSSL had been on a bad streak, and it looked like things were only going to get worse. Operations, developme...
The question is indeed a contentious one, never failing to incite heated arguments from all camps. Many ways exist to cut the cake in this regard—WhiteHat Security took a stab at it in a recent edition of its Website Security Statistics Report, where it analyzed statistics a...
When it comes to IT security, how do you roll? Many tools exist, but the fact is that in most cases, to do it right— you have to roll your own. This is especially true in today’s environments, where infrastructures can vary widely in composition from organization to organiza...
Databases—like all IT assets—are subject to drift that can wreak serious havoc across an organization’s infrastructure. Furthermore, the usual suspects are in play when it comes to database drift: manual ad-hoc changes, frequent software updates/patches, and general entropy, a...
Home Depot. Target. Neiman Marcus. Albertsons. Michaels. Most Americans have shopped at one of these national chains recently. If you’re one of them, your credit card information may already be on the black market. And if you’re a retailer using a POS system, proposed legislat...
We've covered the benefits and pitfalls of configuration management tools like Chef in many articles. But let's assume you've done your homework and decided Chef is the tool for you. How do you get started? Funnily enough, one of the inspirations for ScriptRock was a not-so-successf...
Every year, Verizon compiles data from a list of prominent contributors for its annual report highlighting trends and statistics around data breaches and intrusions from the past year. The 70-page Data Breach Investigations Report (DBIR) covers a myriad of data points relate...
Today, a new vulnerability called VENOM was announced in CVE-2015-3456. It stands for “Virtualized Environment Neglected Operations Manipulation” which sounds, frankly, like an indictment of anyone aloof enough to let it sneak up on them. And wading through other blog posts on the subj...
The Ponemon Institute just released some unsurprisingly bleak findings in its annual study on healthcare data privacy/security, including data showing deliberate criminal attacks now accounting for most medical data breaches. The report goes on to illustrate how the healthca...
Technology giant Lenovo has come under heavy criticism again for subjecting users to undue security risks-- this time in the form of three vulnerabilities discovered by researchers at security firm IOActive. Flaws in Lenovo's System Update service-- a feature that enables us...
Yesterday, open source content management system (CMS) WordPress made headlines with the announcement of yet another critical zero day vulnerability. The newly discovered flaw is markedly different than other WordPress vulnerabilities surfacing as of late― in this case, the ...
Yesterday, open source content management system (CMS) WordPress made headlines with the announcement of yet another critical zero day vulnerability. The newly discovered flaw is markedly different than other WordPress vulnerabilities surfacing as of late― in this case, the ...
In a widely publicized report released last week titled "FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen," the US Government Accountability Office (GAO) details the potential vulnerabilities and dangers of offering in-flight wi...
In a widely publicized report released last week titled "FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen," the US Government Accountability Office (GAO) details the potential vulnerabilities and dangers of offering in-flight wi...
Whenever there's a lot to lose, GuardRail is the solution to ensure correct configuration state. Often this means working the enterprises in banking, transportation, and ecommerce, but the Internet of Things introduces risks to the most mission critical system of them all: your home.&n...
Last week, we repped our set at ChefConf 2015 and gave a couple hundred live GuardRail demos to attendees. We saw a few talks and caught up with some old friends, too. It was a great time and we’ll definitely be back next year.
Last week, we repped our set at ChefConf 2015 and gave a couple hundred live GuardRail demos to attendees. We saw a few talks and caught up with some old friends, too. It was a great time and we’ll definitely be back next year.
As a group of concepts, DevOps has converged on several prominent themes including continuous software delivery, automation, and configuration management (CM). These integral pieces often form the pillars of an organization’s DevOps efforts, even as other bigger pieces like overarching...
If you're one of the unfortunate ones who woke up to a frantic text from their boss this morning, there's some small consolation: today's OpenSSL vulnerabilities probably aren't as horrific as Heartbleed! Hooray, great job everyone! The bad news is that you still have to patch...
Sarbanes-Oxley (SOX) compliance—it’s like checking for holes in your favorite pair, but with consequences beyond public embarrassment. For publicly traded companies, the ordeal is a bit like income tax preparation for the rest of us: a painful, time-consuming evil that—if not ...
This week, Apple’s App Store and iTunes Store suffered a downtime of about 10 hours. For the better part of the day, customers were unable to access the stores, purchase music or apps, or make payments using the Apple Pay payment system. The problem has been attributed to “a c...
Audits are one of life’s greatest pleasures, right up there with root canals and childbirth. Firms love them, too; alongside tax audits-- financial audits, records audits, and compliance audits make life splendid for businesses. Unfortunately, compliance is an unwieldy but nec...
We recently rewrote the GuardRail agent as a connection manager to reap the benefits of agentless monitoring. Why get rid of agents? Because agents must be updated. They are like a free puppy–it's easy to take them home but you have to feed them, take them to the vet, and clea...
Microsoft has announced a vulnerability in Samba, the widely used SMB/CIFS protocol for Windows/*nix interoperability. The vulnerability exists in versions 3.5.0 to 4.2.0rc4 and allows malicious clients to manipulate the host such that clients can execute code via a netlo...
We know you're sick of updating OpenSSL so we'll keep this short. There is a new SSL vulnerability named FREAK with a published proof of concept. FREAK affects a significant portion of websites, including big names like American Express and the NSA. Like POODLE, FREA...
In Part 1 of this article, we presented an overview of Amazon AWS and GuardRail, and discussed how the two marry the best in cloud computing and DevOps. We also learned how GuardRail is not just the premier solution for configuration monitoring, control and automation of AWS o...