You only have to read regular news reports about the multiple outages across household names in banking and financial services, resulting in customers being unable to access their bank accounts, to know that cyber security resilience has never been more important and is on every organization’s radar. The threat of regulatory action, heavy fines, and the potential loss of banking licenses is very real.

A number of improvements have been made to the Puppet Report Viewer add-on for Splunk since it was initially released. The most notable changes added in version 3.1 of the add-on are the tracked metrics, allowing for better troubleshooting of performance issues in your Puppet installation.

I’m excited to share Puppet’s increased commitment to government agencies through a new relationship with Carahsoft. Through this relationship, Puppet, the industry leader in infrastructure automation, will increase its availability of Puppet Enterprise on preferred government purchasing vehicles, like the General Services Administration (GSA) Schedule 70, NASA SEWP, and a number of other federal, state, and local contracts.

It’s Cyber Security Awareness Month, and many IT professionals are being haunted by the thought of gearing up for a security and compliance audit. Preparing for an IT audit can take months of planning. It can be time-consuming, uncomfortable, and stressful. Guess what else takes a long time and can be uncomfortable and stressful? Creating a human!

It seems that virtually every day, another threat to cybersecurity presents itself. In response to this ongoing concern, the Australian Cyber Security Centre has developed prioritized mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organizations protect themselves against various cyber threats.

Since we launched Puppet Comply last year, we’ve been working hard to build out the solution’s capabilities so that we can provide our customers with more options in implementing a continuous compliance program, and become more proactive and efficient in how they manage compliance. A key activity in any strong continuous compliance program is remediation.

Yet another Puppetize Digital is in the (online only) books. Our second annual virtual conference drew attendees from around the globe, bringing together the people at the center of automation. If you weren’t able to attend this year’s event live, worry not! You can watch the entire conference on-demand here. Read on for Puppetize highlights!

Apache has disclosed a critical actively exploited path traversal flaw in the popular Apache web server, version 2.4.49. This path traversal means that an attacker can trivially read the contents of any file on the server that the Apache process has access to. This could expose highly sensitive information, even as critical as the server's own private SSL certificates. See the Sonatype blog for more technical information on the vulnerability.

It can be challenging to manage enterprise infrastructure across hybrid cloud and on-premises environments with accurate and timely tracking asset details — especially if you don't know what you have. The more systems deployed, the more visibility is necessary for your IT operations teams to meet critical business Service Level Agreements successfully.

Hi, it’s me... Back again with something exciting: Puppet’s new Compliance Enforcement Modules, or CEMs. We’ve been working on some pretty cool stuff since we launched Puppet Comply last year. Lots of great feedback has come in, and we’re thankful for every opportunity we get to show our customers how we can help. This feedback comes in many forms, but one of the things we’ve heard time and time again is that achieving compliance is still hard.