Q: How can I trust you with access to my servers?
That's a really tough question to answer. If I just told you that I was trustworthy, would you believe me? Probably not. What I can tell you is this.
I promise to do my best to always do the right thing, whatever that might be.
Here's why you should believe me. Search Google for Mike Taber and you'll find me all over the place. Sure there are a few other Mike Taber's. But overwhelmingly, my name and history is plastered all over the internet. I have a podcast I've been running for two years, a blog I've been running for six years, I run a popular software conference, I own my own company and I support my wife and two children through this business. I stand to lose a lot if I violate your trust because my past, present, and future is on the internet. I've spent a great deal of time building up my reputation and I have absolutely no intention of doing anything that would force me to start over.
Q: How do I know that AuditShark is accurate?
There's always a risk that either a False Positive or a False Negative result comes back from AuditShark. This isn't a lot different than anti-virus software that thinks a virus isn't a virus, or a valid executable is a virus. I can't promise I'll never make a mistake. But I'll sure as heck do my best to put as much automated testing in place as I can to verify that things are accurate.
Q: How do I know that AuditShark is secure?
This is another hard question to answer because there's so much that goes into security. To start off, I've personally written nearly all of the core AuditShark code, which helps to make sure that nothing went in that I wasn't aware of. I spent a lot of time and effort making sure that the core engine handles things that are improperly formatted, or unexpected. There are roughly 200 unit tests that do nothing but try in numerous ways to break the core auditing engine that executes the AuditShark scripts. All data is transmitted over a secure SSL connection. The back end database is walled off to the point that it can only be accessed by my web server, which is also heavily firewalled. Wherever I'm storing application level passwords, they are 256 bit AES encrypted. In short, I've tried really really hard to make it as secure as possible.
Q: If you find a vulnerability, I still need to know what to do about it. Why not just hire a security expert in the first place?
I'll do my best to provide you with information on what the impact of those vulnerabilities are, the associated risks, and if possible, detailed instructions for how to fix it. Keep in mind that there are going to be some things that you can't do anything about. If there's a vulnerability in a piece of software, but no patch for it, there's nothing you can do short of uninstalling the software. But it's important to know that there is a risk that exists.
Q: Can it really detect everything?
If it is programmatically possible, if the system has access to the data and it is possible to provide a definitive Ok or Not Ok result, then yes.
Q: Can you monitor SQL Servers?
Yes. So long as the software is provided with the credentials needed to get into the database, AuditShark can evaluate whever rules you put in place.
Q: I've been hacked! Can you help me?
Chances are good that we can't. Using AuditShark is preventative, not restorative. In a way, it's kind of like insurance. You don't need it until you do. And then it's too late. If you're worried, sign up for an account.
Q: Do you have the ability to perform ISO 27001, NERC, SCAP, etc audits?
The list of what we can look for is always changing. If you have specific requirements, contact us directly and we'll see what we an do for you.
Q: Is it possible to white-label the AuditShark service for my clients?
We don't have any plans to do that at this time. However, if there is enough demand, it's something we may consider in the future.
Q: Can I pay for a year in advance?
Absolutely. Contact us and we'll take care of you.
Q: How often do you audit my servers?
We audit your servers on a scheduled basis once per day. You also have the option to run Ad Hoc audits at any time using any of the Library Policies, or your own custom policies.
Q: How much system resources are used by AuditShark?
For most of the policies in our library, the impact to your server will be virtually unnoticed. We have implemented a governing mechanism in the software so that it intentionally holds back on what it does to minimize the impact. In most cases, the checks being implemented are no more invasive than querying a registry key or parsing a file. Those two actions are performed thousands of times per second on most computers.
Q: Do you offer SMS or email alerts?
Not at this time, but those features are on our roadmap.
Q: Do I need to install software on my server?
Yes, you probably will. Fortunately, the software is self-updating so you will only ever need to do this once. Check our installation guide for specific requirements.
Q: Do I need to open up ports in my firewalls?
Generally speaking, the answer is No. Computers with an agent installed will need outbound access to our servers via port 443. Our servers do not reach into your environment. AuditShark is implemented using a "pull" mechanism. If you are enabling SSH access for your Linux/Unix servers, then we need to be able to reach that port from our servers or you need to install an agent.
Q: What operating systems do you support?
Currently we support: Windows 2008, Windows 2012, Red Hat Enterprise Linux, CentOS and Ubuntu. Other Linux and Unix distros are supported, but we do not have policies available out of the box to support them at this time and would require custom policies..
Q: Can you accurately detect and read configuration files, even in non-standard installation locations?
Yes. Our auditing engine is rules based, so if you know that something is in a non-standard location, you can specify the location and we'll take care of it from there. Otherwise, we can perform searches and cache the location information we find for the next audit.