Network security is a major expense for large companies. I must preface this by saying that I know very little about maintaining a secure network. That said, the team from AuditShark has built an incredibly simple auditing tool that can be used to programmatically determine the overall security posture of your servers. In fact it is so simple that I could use it. Anyhow, we had a chance to ask the team a few questions about their new software:
What is AuditShark?
AuditShark remotely gathers security & configuration settings or inventory information from computers on your network.
This data can be gathered from Windows, Linux and Unix machines and will assess the current state of a computer to determine whether it is configured properly using a customizeable set of standards. Any settings which are deemed to be outside of acceptable values are flagged as “Not Ok” for additional follow up and remediation.
This is particularly useful in situations where you know very little about a computer and need an instant assessment of how it is configured. By pinpointing incorrect settings, you can then fix them to prevent future problems. As an auditing tool, it can analyze hundreds of data points very quickly for security assessments or compliance purposes. These settings may be described in internal security policies or regulatory compliance standards such as PCI, Sarbanes-Oxley, HIPAA and more because AuditShark policies are completely customizeable.
If it’s programmatically possible to retrieve a piece of data from a target computer, then AuditShark can not only report on it, but can also let you know if it’s within the range of acceptable values.
Why did you build AuditShark?
When a computer is added to an IT environment, it’s impossible to know whether or not it is still configured the way that it’s supposed to be, even just minutes after the IT technician delivers the computer to the end user. Regular validation of computer settings helps to secure the network by ensuring that misconfigurations don’t propogate through the network, thus leaving it vulnerable to attacks or data breaches. The only way to verify the configuration settings of each computer is to go look at it. AuditShark ensures each computer is properly configured by using an automated suite of tests, making the auditing process far less painful than manually auditing every computer using spreadsheets and checklists.
How is AuditShark different from what is currently available?
AuditShark is unique in that the company behind it is bootstrapped and operated by a single founder with no employees. It’s unheard of to bring a new product to the security space and compete against established security vendors with one founder and no funding.
Tell us your founding story. Was there an “ah ha” moment?
AuditShark was developed after the company founder implemented major audit & compliance software solutions at dozens of companies and found that the vendors providing the software were not responding to the needs of their customers. Their solutions to were becoming so complex that they required excessive infrastructure and training to implement and operate. AuditShark addresses the needs of these companies and enables them to do the same job without weeks of professional services to implement and operate.
Tell us about your founding team and their backgrounds.
AuditShark was founded by Mike Taber, a self-funded and bootstrapped entrepreneur. He has been self-employed since 2005 and has performed major security & compliance implementations at Fortune 500 companies around the world. He blogs at www.singlefounder.com, is co-host of the Startups for the Rest of us Podcast, and is the co-host of MicroConf, a conference for self-funded and bootstrapped software entrepreneurs.