Guardian. A single source of truth for when you need it most.
Guardian manages all of your internal security, config risks and changes. Out of the box it provides complete visibility of the configuration of your hybrid enterprise IT assets.
Find and fix compliance and change management issues
Guardian is a vendor agnostic monitoring tool providing insight and integrity validation alerts.This allows you to automate Security and Compliance assessments, improve resilience by checking
against highest industry policy standards, and improve change management to avoid configuration drift.
Formerly UpGuard Core, Guardian helps you find out what you have in your estate, identify what’s out of date and non-compliant and automatically achieve compliance by getting to best practice configuration.
You can then resolve incompatible applications using Cloudhouse’s core packaging solution, with Guardian continuing to monitor changes that have happened to trap configuration drift.
Guardian has been successfully implemented in more than 50 major enterprises globally including NASA, Rackspace, NYSE, AT&T, IAG and Akamai.
Drift Management
Guardian stores the total configuration state of every node, making it easy to compare systems and environments, or see how a single system has changed over time. Discover cluster consensus with a single click, and have the differences visualised for rapid troubleshooting down to the line level of a configuration file.
Custom Policies
With Guardian policies, document your expectations and execute them against your environment to see how well it complies. Guardian comes preloaded with policies for the Center for Internet Security’s 20 critical security controls, satisfying many aspects of regulatory requirements like PCI and SOX. Create a policy from an existing system with a few clicks and apply it against similar systems in minutes.
Hardening Benchmarks
Benchmarks from the Center for Internet Security (CIS) offer an established standard for testing foundational security measures. Guardian offers the capability to execute CIS policies on a user-defined schedule and includes a range of options for omitting, modifying, and supplementing the tests included in the benchmarks as published by CIS.
Challenges |
Solutions |
| Misconfigurations Most breaches are not caused by hacking, they’re caused by misconfiguration. A dangerous port is accidentally left open to the internet; a default password isn’t changed; a cloud storage instance is set to public because there isn’t time to troubleshoot permission problems—assets are only as secure as their configurations. However, auditing misconfigurations in a complex data center is difficult and time consuming, competing with other work being driven by higher priority business goals that make security a secondary concern.
|
Minimise the Risk of Misconfigurations Guardian catches misconfigurations before they can be exploited, surfacing anomalies that would otherwise go unnoticed until someone else found them. Data breaches, malware, and other threats almost always rely on misconfigured systems to succeed. Guardian provides the visibility and control necessary to monitor and remediate misconfigurations proactively, a proven strategy to reduce cyber risk. Cloud storage, local servers, websites, network devices, APIs, GitHub repositories— Guardian can audit almost anything, because every risk surface matters. |
| Configuration Drift Things change. A system imaged from a golden master quickly drifts from that image into a unique configuration based on how the system is used and managed. This drift can undermine expectations on how services behave and how secure they are. Drift is gradual and invisible, making it extremely tough to manually track. Clusters no longer have consensus; high availability pairs are running different software versions; someone installed a dangerous application on a highly secured server- things change. |
Automate Compliance Assessment The biggest problem with compliance is the overhead required to test systems and record the results in a meaningful way. Guardian automates compliance assessment and reporting, continuously auditing systems and recording the configuration state over time. Furthermore, Guardian can automatically test assets against best practices, company policy, or regulatory standards, not just one time at an audit, but all the time, so systems that fall out of compliance can be remediated as quickly as possible. Don’t just check the compliance box; actually protect your business. |
| Compliance and Hardening Many businesses operate in regulated spaces where cybersecurity and IT process audits must occur regularly to prove that customer data and services are private and secured by the best known means. Even when regulatory compliance isn’t necessary, most companies want to follow security best practices and have the evidence that they do so in the event of a data breach or other cybersecurity incident. |
Produce Reliable Systems at Scale When Guardian prevents configuration drift, it does more than solve an abstract problem— it creates reliable infrastructure, where projects can be moved from development to test to production with the knowledge that the three environments will behave the same way. It can guarantee that a cluster is behaving as a single unit, and that an errant misconfiguration isn’t a time bomb, ready to blow up when the circumstances present themselves. Businesses purchase high availability (HA) options for twice as much to reduce downtime. Guardian ensures the value of that purchase by comparing HA devices proactively, so that when a failover does occur, it occurs without incident. |
| Process Auditing The day to day work of IT is what ultimately determines whether servers, routers, applications, databases, and other assets are reliable and secure. Whether using a formal framework like ITIL or a de facto method of “how it’s always been done,” auditing the results of those processes is necessary to understand how well they are working. But controls can slow processes down, reducing productivity and creating bottlenecks in the workflow. |
Understand and Improve IT Processes Information siloing is a dangerous phenomenon in IT. When processes get obscured between people or departments who work on the same systems, problems tend to follow. Guardian provides an objective, data driven way to track processes, visualise results, and understand improvement over time. IT operations wants to make sure the right software and patches are installed; Security wants to check if the systems have been hardened; Network wants to verify the IP, subnet, and DNS settings. One Guardian procedure can validate all these automatically as a process happens, and alert the relevant parties if something goes wrong. |
Solutions
Server End-of-Support
Migrates Windows Server 2008 and Server 2008 R2 applications and workloads on-premise and in the cloud without the need to refactor, recode or upgrade.
Cloud Migration
Take all your applications to the cloud. Package once, deploy anywhere. Our solution is totally portable and works with every major cloud services provider.
Windows 10 Rollout
Is your move to Windows 10 held up or uncompleted because of incompatible applications? Our application compatibility packaging solution will get them going again.
Find and Fix
Guardian provides a single source of truth for when you need it most. Guardian manages all of your internal security, config risks and changes. Out of the box it provides complete visibility of the configuration of your hybrid enterprise IT assets.
HOW DOES GUARDIAN WORK?
Discover your IT assets
Automatically find and scan thousands of assets. From desktops to servers, databases to network appliances. Stop spending time manually maintaining asset registers, and hoping that IT teams will maintain theirs. Discover the complete view of your IT landscape.
Monitor and track changes to all your IT assets
Track changes to your systems over time to validate expected changes. Instantly catch configuration drift, before your systems start leaking information. Prevent security vulnerabilities, by automatically assessing your software versions.
Automate compliance with configurable policies
Use configurable policies to keep your systems compliant with security best practices such as CIS benchmarks, and regulatory requirements such as PCI-DSS and NERC. With configurable policies and templates, you can start with the framework of your choice then tailor it to your organisation’s specific needs.
WHO WE WORK WITH
