Open main menu

Wikipedia β

UpGuard Inc. is a cyber resilience startup company[1] based in Mountain View, California that determines a company's cyber-risk factors by scanning both internal and external computer systems.[2] UpGuard’s award-winning Cyber Resilience platform automatically scans every server, application, network and mobile devices in IT environments to create a living model of their configuration state. The platform continually assess this system of record for security vulnerabilities, configuration drift and procedural changes, and then dynamically provides a unified cyber security risk score, CSTAR, that determines the cyber risk posture of IT assets against multivariate factors.[3][4]

Formerly called
Industry Computer security
Founder Mike Baukes, Alan Sharp-Paul
Headquarters Mountain View, United States
Key people
Mike Baukes, Alan Sharp-Paul
Products UpGuard Discover, UpGuard Control, UpGuard Predict
Number of employees
100+ (2017)


UpGuard, formerly ScriptRock, is an Australian IT company based in Mountain View, California.[5] While working at investment firm Colonial First State, company founders Mike Baukes and Alan Sharp-Paul, met on-the-job in Sydney, Australia. Sharp-Paul was a web developer and Baukes was a systems administrator.[6] After spending years in financial services in Australia and the UK, the pair developed a system for corporations to understand business software portfolios and the consequent risk of breaches and outages due to poor configuration management.[7] The first release of the system was initially name guardrail and allowed for the automation of typical cybersecurity DevOps practices, focusing on deep analysis into all relevant servers and software applications settings.[8]

In 2016, the company raised $17m in a series B funding round co-led by Pellion that included August Capital, Square Peg Capital and Insurance Australia Group.[9] In early 2017, UpGuard then, signed an exclusive distribution partnership with ACA Pacific in order to establish a stronger presence in the APAC region[10] and Baukes and Sharp-Paul opened an UpGuard office in Sydney, Australia, bringing the company back to the region "where it all began."[11] In June 2017, UpGuard announced that it had found an unsecured server containing data from Deep Root Analytics, which contained information on almost 200 million American voters.[12][13]


UpGuard helps companies stand up securely configured systems and guard against outages and breaches.[14] The product uses a resilience supervisor that integrates checks into every step of the technology lifecycle whilst continuously assessing for risk factors such as misconfiguration, configuration drift, and process vulnerabilities.[15] The approach is unique as the platforms architecture allows the dynamic capture of large configuration datasets continuously in order to difference, visualize and report on potential breaches and outages proactively.

At the products core configuration information can be transformed into security policies, procedural validations or automations to ensure the desired integrity of IT environments is maintained and auditable. This is further enhanced by identifying authorized change vs unauthorised change and dynamically reconciling entire environments against ticketing systems for ITSM processes or SDLC processes, UpGuard summarizes key insights across this data dynamically and includes a proprietary risk modeling method called CSTAR that aggregates all relevant risk factors into a score between 0-950, similar to a credit score, allowing companies to effectively predict and prioritize high-risk impact areas, track risk hotspots over time, and compare scores to similar companies in like industries for comparison.[16]

UpGuard ships three products that interoperate to form a deployable cyber resilience strategy, Discover, Control, and Predict. Each aims to address a different source of risk related to information technology.

- Discover: collects detailed configuration state information of IT assets such as servers, desktops, network devices, cloud services and websites. The data is gathered through API's, installed agents or agentlessly over SSH or WinRM through what UpGuard calls "connection managers." The product then analyzes that collected data to track change over time, discover differences between entities or validate the integrity of a file system.

- Control: monitors company processes and related procedures through a user interface designed for speed and user context, Users can create "policies" that are human readable, descriptions of the desired state for configurations and then combines them into steps of "procedures" to continuously assess that appropriate standards are being followed.

- Predict: uses a proprietary technology called "cloudscan" to externally and noninvasively assess internet facing technology assets such as web servers, ssl certificates and mail servers for security risks. The facts collected by the cloudscanner are used by a proprietary scoring algorithm integrated with multiple data sources to assign risk scores to vendors, companies or technologies which are then assessed against private or public known breach factors and aggregated to provide a relative score against industry peers or technologies used by companies.

Digital business rely on creating resilient and trustworthy services that provide not only functionality, but context to understand which pieces of their digital environments pose risks and how to improve them. UpGuard uses multiple strategies algorithmically at multiple levels by providing data driven insights into technology risks to enable effective decision making whilst encapsulating IT security & cyber insurance outcomes.


  1. ^ "UpGuard brings cyber resilience expertise back to APAC 'where it all began'". SecurityBrief Australia. Retrieved 22 May 2017. 
  2. ^ "Meet Chris Vickery, the internet's data breach hunter". ZDNet. Retrieved 22 May 2017. 
  3. ^ "Leaked GOP Data On 198 Million Americans". Forbes. Retrieved 19 June 2017. 
  4. ^ Whittaker, Zack. "Meet the internet's data breach hunter". ZDNet. Retrieved 2017-06-19. 
  5. ^ "To Help DevOps-ify The World, ScriptRock Raises $8.7M". Forbes. Retrieved 15 August 2014. 
  6. ^ "UpGuard Out To Disrupt $7.5 Billion Global Cybersecurity Insurance Market". Forbes. Retrieved 11 February 2016. 
  7. ^ "UpGuard Out To Disrupt $7.5 Billion Global Cybersecurity Insurance Market". Forbes. Retrieved 11 February 2016. 
  8. ^ "UpGuard Out To Disrupt $7.5 Billion Global Cybersecurity Insurance Market". Forbes. Retrieved 11 February 2016. 
  9. ^ "Security specialist UpGuard returns to Australia". Computerworld. Retrieved 12 June 2017. 
  10. ^ "Aussie-born security vendor signs exclusive ACA Pacific deal". ARN. Retrieved 12 June 2017. 
  11. ^ "UpGuard brings cyber resilience expertise back to APAC 'where it all began'". SecurityBrief Australia. Retrieved 12 June 2017. 
  12. ^ Fung, Brian; Timberg, Craig; Gold, Matea (June 19, 2017). "A Republican Contractor's Database of Nearly Every Voter Was Left Exposed on the Internet for 12 Days, Researcher Says". Washington Post. Retrieved June 19, 2017. 
  13. ^ Cameron, Dell; Conger, Kate (June 19, 2017). "GOP Data Firm Accidentally Leaks Personal Details of Nearly 200 Million American Voters". Gizmodo. Retrieved June 19, 2017. 
  14. ^ "To Help DevOps-ify The World, ScriptRock Raises $8.7M". Forbes. Retrieved 15 August 2014. 
  15. ^ "To ScriptRock GuardRail, First Take: Cloud-based server monitoring and diagnostics". Retrieved 6 December 2013. 
  16. ^ "UpGuard offers a rating score of risk preparedness". NetworldWorld. Retrieved 27 January 2016.