Using CIS Benchmarks in Cloudhouse Guardian

Back To Resources

What is Cloudhouse Guardian?

Cloudhouse Guardian is designed to help you keep on top of monitoring your IT infrastructure and ensuring everything is compliant. It allows you to track and discover changes and ensure your estate complies with policies.

It does this by scanning the entire estate – servers, desktops, laptops, boundary devices, network infrastructure, storage and cloud platforms – and detecting and tracking the configuration of each component.

This data provides a single pane of glass through which you can see accurate configuration data across the whole of IT, from endpoints, servers, network and cloud to logical items such as security groups and AWS S3 buckets.

Cloudhouse Guardian identifies if systems are configured correctly, and when a change has taken a system out of compliance with your policies. With this valuable insight, you can manage configuration drift, for example ensuring that your DR site stays consistent with your production configuration.

CIS Benchmarks

And that’s not all: with Guardian scanning in place, it is simple to add industry standard CIS Benchmark scanning, ensuring your estate is compliant with best practice for secure configuration.

The Centre for Internet Security provides a fantastic range of best-in-class benchmarks or configuration guidelines for IT components. These benchmarks provide detailed guidance to safeguard your systems against cyber threats – you can read more about them here:

Cloudhouse Guardian Benchmark scanning allows you to scan elements of your estate against these Benchmarks.

How to implement Benchmark scanning

Withing Cloudhouse Guardian, you can access Benchmarks on the left of the screen here:

You can then attach a Benchmark policy to a Node Group, for example a group of Active Directory Servers, and Guardian will scan the nodes for compliance with the Benchmark.

Guardian ships with a lot of CIS Benchmarks out of the box, covering many different types of devices:

The CIS Benchmarks include a lot of recommended changes to improve security (also known as “hardening”), so please be aware that if you have not already hardened your servers and are running in a default configuration, you can expect to see a LOT of red in the report!

This image shows output from a Guardian CIS Benchmark Report:

When you drill down further into a report, the results include details of all benchmark tests and recommendations on how to remedy any issues identified:

The CIS Benchmarks tool is a fantastic way to apply industry best practice to your environment, and this functionality is included free for all Guardian users.

If you are already using Guardian, but haven’t yet explored the Benchmark tool, why not check it out and see what you find? Don’t hesitate to contact us if you have any questions or want to discuss how to get the most value from this capability.

And if you are not a Guardian subscriber but would like to find out more about how it can help to ensure your organisation remains compliant and secure, contact us for a no-obligation chat. You can also learn more about Cloudhouse Guardian on our website here: Cloudhouse Guardian.

About Cloudhouse

Avatar photoCloudhouse is experienced in problematic application migration and config monitoring systems to fix the unfixable and modernise any IT estate – whether it’s run on-premises or in the cloud. With two proven solutions; Alchemy: Cloudhouse Application Packaging Solution modernises IT estates by fixing unfixable apps and moves them onto a supported operating system.

Load More


How much does Cloudhouse cost? Down Arrow

Cloudhouse costs are split into two elements – the licensing required to deploy application compatibility packages, and the professional services needed to create the application compatibility packages.

Licensing is offered on a per user basis for desktop applications and a per server basis for server applications. There are discounts available based on volumes.

Professional Services costs are dependent on the nature and complexity of the application. We quote a cost for packaging once we have been able to see the application, or portfolio of applications.

Contact us here with your requirements and we will provide you with a quote.

Packaging and Maintaining Applications
Who is responsible for packaging desktop and server applications? Down Arrow

Cloudhouse provide the Professional Services to package applications.

Requirements for Test and Development Down Arrow

Cloudhouse recommend packaged applications are tested in the standard UAT environments used for natively installed applications, or applications packaged in App-V. The more representative the test environment is of the live environment, the greater the chance of finding any issues prior to go-live.

Updating Applications Down Arrow

Service packs and updates can be applied to the applications in a package using the Editor, refer to Updating, Editing and Maintaining Containers which describes how a new snapshot is created for the update, and how it is then applied to the package.

Who manages Cloudhouse operationally within an account? Down Arrow

Cloudhouse recommends the same team who manage the operations of native apps.

Automation and Deployment Down Arrow

Applications running in Application Compatibility Packages can be deployed, and managed with same tools, or scripts used to deploy natively installed applications e.g. SCCM, InTune, LAN Desk. Please refer to Supported 3rd Party Products and Versions for details.

How do we know which of our departments/ teams should support the Package? Down Arrow

The Cloudhouse Package does not include OS components, it only contains the packaged application plus Cloudhouse components. Cloudhouse recommend the same team that is responsible for supporting applications packaged with App-V, or delivered as natively installed applications, support Cloudhouse Application Compatibility Containers.

Documentation for Service Desk & Service Management Down Arrow

Full documentation is made available to Cloudhouse partners and customers as required.

Do Cloudhouse provide training? Down Arrow

Cloudhouse offers a full packaging service that can scale to meet any requirement. In the event, however, that a partner wishes to offer application compatibility packaging as part of a wider solution, Cloudhouse will work with that partner. Please contact us here for details.