Skip to content

What is WMIC and why will it be discontinued?

As we already explained on one occasion in this blog, Windows Management Instrumentation, WMI, is a technology owned by the company Microsoft®.

But there’s even more!

Things have changed and we are going to tell you all about it!

Do you already know what WMI is and why it will be discontinued?

WMIC was the WMI command-line utility, which provided an interface for the  Distributed Component Object Model (DCOM) Remote Protocol.

This protocol, in turn, allows remote procedure calls (RPC) with a set of extensions overlaid on Microsoft Remote Procedure Call Extensions.

DCOM is used for communication between software components such as Pandora FMS and networked devices.

The benefits of monitoring are unavoidable and this type of technology (communication and connection protocols) are used to work, prevent problems and progress.

However, it all depends on the use it is given:

In January 2021, the MITRE corporation registered the CVE-2021-26414 vulnerability, which recognizes that there was a possibility to access the privileges of a normal user, a non-MS Windows® system administrator user.

*Common Vulnerabilities and Exposures is a list of registered U.S. government information about known security vulnerabilities, in which each reference has a CVE-ID identification number.

The exploitation of this weakness  is not given by fortuitous conditions.

Never, right at first, an attacker who manages to gain access, stays only as a normal user, no, they usually become system administrators.

Thus, time and commitment are required to study the victim and achieve the task.

The company Microsoft®, concerned about the peace of mind of their customers, decided to publish and distribute the security patch called KB5004442 (February 2022), which increases user authentication.

Therefore, WMIC is not able to connect despite being a product from that same software brand.

However, that’s actually a side effect, not the main reason why the WMIC software was discontinued.

For some time now, Microsoft, progressively, has been updating, deleting and improving each of its components, and has even created new utilities.

This is the case of PowerShell, which will bear the new responsibilities inherited from WMIC from now on.

At Pandora FMS, always respecting our security architecture, we presented PandoraWMIC. Improved software for the new WMI connection requirements, which avoids this type of inconvenience, both in the Open version and in the Enterprise version.

Absolutely no one is safe from security attacks. This is only a small edge from the whole picture.

You may check our official documentation on this topic:

https://pandorafms.com/manual/en/documentation/07_technical_annexes/15_security_architecture

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Pandora FMS at the very top of G2

Bring it on Pandora FMS! If we have previously told you about our success at the Open Source Awards 2022 and the Peer Awards 2021, today we are here to tell you that we are at it once again!

We are at the top of G2 of Monitoring Software!

“Why is it easier to get unbiased information about a hotel room than about software?”

In 2012, five entrepreneurs asked themselves this question. The next day, they founded G2.

Una plataforma que en la actualidadA platform that currently has more than 60 million visits per year, and on which users can read and write quality reviews on 100,000 software products and other professional services.

More than 1,500,000 reviews have already been published, which help companies around the world make better decisions about how to reach their full potential.

That is why it is so important and honorable that Pandora FMS has become part of its Top 10 of the best Network Monitoring software.

  1. Ninja One
  2. Atera
  3. Logic Monitor
  4. Auvic
  5. Solar Winds
  6. Domotz
  7. Progress WhatsUp Gold
  8. Pandora FMS

Above many other already recognized companies. Such as Microsoft, Datadog, Zabbix, Nagios, Dynatrace, Catchpoint, Entuity, PRTG, Checkmk, Wireshark, Smokeping, OPManager, Netreo, Munin, Cacti and many more.

A badge that appoints Pandora FMS once again as the total monitoring solution:

  • Cost-effective, scalable and able to cover most infrastructure deployment options.
  • Find and solve problems quickly, whether you come from on-premise, multi cloud or a mix of both of them.
  • In hybrid environments where technologies, management processes and data are intertwined, a flexible tool capable of reaching everywhere and unifying data display is needed to make its management easier.

That’s Pandora FMS

You knew it, and now all G2 users know it too!

How did we get into the Top 10 of the G2 platform?

For now, to be included in the category of Network Monitoring, a product must, among other things:

  • Constantly monitor the performance of an entire computer network.
  • Create a baseline for network performance metrics.
  • Alert administrators if the network crashes, or varies, from the baseline.
  • Suggest solutions to performance issues when they arise.
  • Provide network performance data display.

Then comes the usability score of a product, which is calculated using their own algorithm that takes into account the satisfaction ratings of real users.

This rating is also often used by buyers to quickly compare and identify on the page the top-rated products.

The number of reviews received at G2 is also important, buyers rely more on products with more reviews.

Higher number of reviews = Higher representativeness and accuracy of the customer experience

In turn, G2, apart from rating the products based on the reviews collected in its user community, also does so with the aggregated data from online sources and social networks.

And then, participate in the different categories where you can earn badges like the ones we have won:

  • Best Usability. 
  • Easiest to Use.
  • Easiest Admin.
  • Best Meets Requirements.

And as they say over there:

That would be it!

Today we have reached this milestone, and since 2020 we have been winning these categories, all seasons! Let the Himalaya tremble in fear, we continue climbing to the very top!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

ESET named an Overall Leader in KuppingerCole’s report for its endpoint protection, detection and response capabilities

Bratislava, May 18, 2022 – ESET, a global leader in digital security, announced that it has been named an Overall Leader in the KuppingerCole Leadership Compass Endpoint Protection, Detection & Response (EPDR) 2022 report, where the business’ EPDR solutions were awarded Leader status in all categories of Product Leadership, Innovation Leadership and Market Leadership. KuppingerCole analyzed vendors based on a correlated view of Market and Product Leadership rankings, where ESET was recognized as a Market Champion. Furthermore, based on a correlated view of the Product and Innovation Leadership rankings, ESET came out as a Technology Leader.

KuppingerCole, an international and independent analyst organization, helps IT organizations by defining leaders amongst market vendors and the KuppingerCole Leadership Compass EPDR 2022 report provides a specific overview of vendors’ EPDR solutions. The report covers the trends influencing this segment and the essential capabilities required of EPDR solutions, and also provides ratings on how well the solutions meet expectations.

Analyzed in the report, ESET Inspect is the foundation of ESET’s extended detection and response (XDR) capabilities and works together with ESET PROTECT to offer a complete security solution that is optimized for customers’ ease of use. Furthermore, the latest MITRE Engenuity ATT&CK® Evaluations for Enterprise demonstrate that ESET Inspect is able to provide organizations with excellent visibility and context throughout all attack stages. As an XDR-enabling solution, ESET Inspect is a sophisticated tool with advanced threat hunting and incident response capabilities, and together with ESET PROTECT offers deep network visibility, cloud-based threat defenses, and more. Overall, ESET has continuously been named a top player and a leader in the industry for its balanced protection, detection and response security offering.

“We are honored to be recognized as a Leader in all the categories of KuppingerCole’s report, because at ESET, we believe in taking a multi-layered, high performance approach to our technologies, working closely with our customers for an optimized and complete security solution,” said Ignacio Sbampato, chief business officer at ESET. “Since our inception, we have been a pioneer in developing our machine learning capabilities to fight the toughest digital security challenges of today. And this recognition is testament to our relentless drive for progressive and innovative solutions for our customers.”

For more information on ESET’s results in this report, click here.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Interview With SCADAfence’s New Field CTO, Paul Smith

OT and ICS Industry veteran Paul Smith, author of “Pentesting Industrial Control Systems” has recently joined the SCADAfence team in the role of Field CTO. We interviewed Paul to get his thoughts on the current state of OT security, challenges that need to be addressed and his predictions for the future.

He was interviewed by content marketing manager, Joan Weiner Levin.

Continue reading

AI in Cybersecurity: Transformation is Now

We live in a world where businesses suffer a ransomware attack every 40 seconds, and total malware infections have been on the rise for the last ten years. Withstanding such a heavy barrage of cyberattacks requires an intelligent and robust approach to cybersecurity. And as cybercriminals continue to sharpen their skills and sophisticate their techniques, safeguarding critical enterprise systems is only becoming more challenging.   

Luckily, artificial intelligence (AI) is increasingly playing a significant role in cybersecurity, offering powerful and efficient threat detection and elimination. And with artificial intelligence in the cybersecurity market expected to reach an eye-watering $46.3 billion by 2027, AI should be part of your strategic IT plan, if not already implemented in some areas.  

With this in mind, let’s look at how AI in cybersecurity is evolving and creating a safer world for businesses today and in the future.  

AI in Cybersecurity – Use Cases and Advantages 

Artificial intelligence and its subsets like machine learning and deep learning are vital to information security today. These technologies can rapidly analyze millions of data sets and uncover a wide variety of cyber threats. This section will dive into how AI is being leveraged in cybersecurity and its advantages.  

Threat Detection 

Perhaps the most significant use case for AI in cybersecurity is threat hunting. Typically, these systems use historical data, machine learning (ML), and statistical modeling of networks to create a baseline of expected network traffic. With the baseline established, the AI can rapidly identify anomalies and alert the relevant security teams of suspicious behavior. Critically, machine learning excels at spotting patterns in data that traditional approaches miss and can find these patterns much faster than human security analysts.  

Network Security 

Leading on from the last section, let’s look at some more specific ways AI is used in networking. Network security encompasses many elements, including network access controls (network authentication and authorization), perimeter security, data privacy, security monitoring, and policy management.   

With so many moving parts, maintaining strong network security can be challenging, but AI helps overcome much of this complexity. Additionally, AI makes enterprise networks more efficient by leveraging data-driven algorithms to identify critical patterns within the organization’s infrastructure. Here are the primary ways AI is changing network security: 

  • Log analysis: AI and ML algorithms can analyze logs from all over the enterprise environment, whether they be routers, switches, WAN optimization devices, or others, to provide real-time network performance insights. Armed with this information, network engineers can respond to problems at lightning speed.  
  • Traffic management and prioritization: Automated, AI-driven tools help manage traffic to optimize performance. AI built into smart switches can analyze Ethernet packets and automatically assign different priority levels to different types of network traffic.  
  • Scanning and patching: Many modern switches rely on AI to automate maintenance tasks, including patching. However, fully autonomous self-patching AI systems are also garnering more attention. These systems use AI to self-scan for vulnerabilities and deploy patches for these vulnerabilities without human involvement 
  • Supporting cloud-managed networks: Network architectures are increasingly moving towards centralized management structures like cloud-managed networks and Software Defined Networking (SND). AI can help fully realize the benefits of these architectures, offering increased ease of management and improved network flexibility 

In summary, AI helps improve network performance and reduce downtime and does this more accurately and quickly than a person ever could.  

Hunting Zero-Day Exploits (Identifying Unknown Threats) 

Defending against zero-day exploits is one of the most challenging aspects of modern cybersecurity. A zero-day exploit is a cyberattack targeting an unknown software vulnerability. Naturally, defending against something you don’t know exists presents significant hurdles. For example, the signature-based tools usually deployed by cybersecurity teams won’t be effective in catching Zero-days.   

AI, ML, and deep learning are increasingly being utilized to find relationships and patterns that human analysts and conventional security tools miss. Rather than using pre-defined criteria to identify anomalies, this type of AI is typically unsupervised and will teach itself what activity is expected within the organization. If it spots something unusual, like exfiltrating data to outsider servers or users visiting websites they have never visited before, it will flag this quickly. In some cases, these attacks will be cybercriminals exploiting Zero-day vulnerabilities to inject malicious software into the network 

Vulnerability Management 

A colossal 28,695 vulnerabilities were disclosed in 2021, a significant rise from the 23,269 disclosed in 20207. And alarmingly, more than 4000 of these flaws are remotely exploitable. But luckily, they’re also patchable. Security teams often struggle to keep up with the influx of new vulnerabilities and decide where to focus their efforts. But with AI scanning user accounts, endpoints, and servers for abnormal behavior, security teams get an in-depth insight into which flaws are most keenly targeted by cybercriminals.  

Threat Prioritization  

Depending on how sensitive an organization’s threat detection system is, security analysts could potentially receive an overwhelming number of threat alerts on any given day. In fact, a survey by Trend Micro found that 51% of IT security professionals said they were overwhelmed by the volume of threat alerts they received. Additionally, 55% of respondents said they weren’t confident in their ability to prioritize and respond to these alerts 

AI can help by leveraging machine learning to triage low-risk alerts, suggest solutions, and call for immediate attention to high-risk alerts. This means security analysts can spend less time manually combing through alerts and more time combating them.  

Reducing Pressure on the Cybersecurity Workforce 

AI reduces or entirely eliminates much of the manual labor involved in many cybersecurity tasks. The main drivers here are automation and AI’s ability to process copious amounts of data in minutes or even seconds.  

Wrapping Up 

While cybercriminals use AI to attack enterprise networks, we can use it to protect them. AI is emerging as a critical technology in the information security space and with good reason. It provides the analysis, speed, and detection needed to protect the dynamic enterprise attack surface. 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Keepit Achieves Enterprise-Wide ISO/IEC 27001 Security Certification

Certification by BSI Group Ensures that Keepit Meets Stringent, International Information Security Standards
Copenhagen, Denmark – May 17, 2022 – , the market leader in cloud backup and recovery, and the world’s only independent, vendor-neutral cloud dedicated to SaaS data protection with a blockchain-verified solution, today announced that the company has earned International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001:2013 certification for information security management systems (ISMS). By achieving the certification, Keepit continues to demonstrate its dedication and ability to deliver best-in-class security technology to its customers.

“We are pleased to announce Keepit’s ISO/IEC 27001 certification. This accomplishment, the work for which has been underway for years, conveys how committed we are to implementing the highest level of internal security and compliance, and to satisfying industry-leading standards for security and privacy,” said Keepit Chief Technology Officer, Jakob Østergaard.

“When it comes to backup and recovery, businesses seeking solutions need to be incredibly thorough in their due diligence processes. The ISO/IEC assessment report for Keepit acknowledged that our company already had a tradition of a high level of based on long-term work within our industry and with our partners, and we are pleased that our ISO/IEC certification will further reassure our customers and streamline their due diligence processes. Additionally, we are extremely proud that we met our distinct and ambitious goal of certifying our entire organization, including our entire software development lifecycle and the physical locations of the primary development offices”

 

A worldwide information security management standard jointly published by the ISO and IEC, the 27001 certification specifies a comprehensive set of best practices and controls — including policies, procedures, and staff training — that structure how businesses should manage risks associated with information security threats. The certification also outlines requirements for developing, operating, maintaining, and continually improving an ISMS. Benefits of Keepit’s 27001 certification include:

  • A systematic, verified approach to information security that results in superior customer data protection;
  • Ongoing performance evaluations and internal audits that ensure Keepit continues to meet the requirements of the ISO/IEC 27001 standard;
  • Continued improvement of business continuity management and disaster recovery plans;
  • Risk, vulnerability, and security incident management practices that enhance overall information technology (IT) operations security;
  • Compliance with current and future legal and regulatory requirements.

To attain ISO/IEC 27001 certification, Keepit engaged in a rigorous, multi-faceted audit conducted by The British Standards Institution (). Comprising a framework that includes 150 controls, the audit evaluated Keepit’s ISMS information security, cybersecurity, and privacy protection processes, and encompassed the entire company, including services and technology, business continuity and operations, disaster recovery, and sales and legal operations. For more information on ISO/IEC 27001, please visit.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

What is ISO 27001 and how can it benefit your business?

The International Organization for Standardization is an internationally known and respected agency that manages and structures standards for various areas, including cybersecurity.

ISO 27001 is a systematic approach to managing confidential company information so that it remains secure. It includes people, processes and IT systems from the application of a risk management process.

But why would companies be willing to go through the ISO 27001 certification process? First, to ensure that your cybersecurity program is secure enough. So the certification process looks for weaknesses and adjusts cybersecurity to work for the company, not against it.

Second, compliance with ISO 27001 facilitates the two most important things for every business – customer and employee trust. Who would choose to buy your service or work for your company if you couldn’t guarantee the security of their private data?

Finally, ISO 27001 certification is a great tool for optimizing your internal workflow, eliminating obsolete processes and driving your business towards continuous improvement. Read on and learn more about the benefits of ISO 27001 compliance for your business.

What is the ISO 27001 standard?

ISO 27001 is actually a set of a dozen standards designed to protect a company’s confidential information assets.

The International Organization for Standardization considers ISO 27001 the leading information security management standard. During the course of this text, you will know the particularities of the requirements related to the Information Security Management System (ISMS) necessary for compliance with the ISO 27001 standard.

The implementation of ISO 27001 should facilitate the security management of sensitive assets. This could be financial data, staff information, intellectual property files, or data about your business partners. Attending the requirements of this standard should enable the company to protect itself against any loss, theft or unauthorized alteration of its confidential data and any associated risks.

Like any standard, ISO 27001 is not mandatory for companies. However, it is particularly useful when it comes to establishing information security controls. Some companies also use it to show their customers and partners how committed they are to cybersecurity.

In detail, the ISO 27001 standard is designed to protect a company’s information systems by preventing cyber risks. In addition the pattern:

  • Specifies the information technology protection measures that can be considered by Information Security teams.
  • Prevents the risk of intrusion and disaster in computer systems.
  • It also disseminates organizational best practices regarding cybersecurity.

All of this is part of the Information Security Management System (ISMS), and applies to information systems and processes as well as to people affected by cybersecurity. This system is a powerful tool for managing risk and anticipating cybersecurity breaches.

Why is ISO 27001 compliance important?

While ISO 27001 compliance is not mandatory for any organization, companies may choose to achieve and maintain ISO 27001 compliance to demonstrate that they have implemented the necessary security controls and processes to protect their systems and the confidential data in their possession. .

Achieving compliance with ISO 27001 is important as a differentiator in the market and as a basis for compliance with other mandatory requirements and standards. An organization that complies with ISO 27001 is likely to be more secure than one without it, and the standard provides a solid framework on which to build many of the security controls required by other regulations.

What are the phases for ISO 27001 compliance?

To get started with ISO 27001 compliance it is essential to understand some of the key concepts of ISO and what they can mean for a company that is looking to implement them.

Framework

To be certified by ISO 27001, a company must follow several procedures structured in an Information Security Management System (ISMS):

  • Precisely define the scope of your ISMS.
  • Conduct internal audits on information security risks to better ensure data protection.
  • Estimate the probability and impact of each of these possible events, for example by risk mapping.
  • Design a Risk Treatment Plan based on this mapping.
  • Write the Declaration of Applicability (SoA), a document through which the general management expresses its commitment to the cybersecurity measures described in the Risk Treatment Plan.
  • Convert the Risk Treatment Plan into an action plan, providing performance indicators and regular updates throughout the ISMS lifecycle.

The main objective of the ISO 27001 regulation is to guide organizations in the creation, implementation and application of an ISMS. This ISMS describes the controls, processes and procedures that the company has implemented to ensure the confidentiality, integrity and availability of the data in its possession.

Documentation 

To achieve compliance with ISO 27001, an organization must also document the steps that were taken in the ISMS development process.

Key documentation includes:

  • Scope of the ISMS
  • Information Security Policy
  • Information Security Risk Assessment Process and Plan
  • Information security objectives
  • Evidence of Competence of Persons Working in Information Security
  • Results of the Assessment and Treatment of Information Security Risks
  • Internal Audit Program and Results of Conducted Audits
  • Evidence from ISMS leadership reviews
  • Evidence of Identified Nonconformities and Results of Corrective Actions

Process

ISO 27001 defines a set of audit controls that must be included in a compliant ISMS. These include:

  1. Information Security Policies. This control describes how security policies must be documented and reviewed as part of the ISMS.
  2. Information Security Organization. Role responsibilities are an important part of an ISMS. This control divides security responsibilities across the organization, ensuring there is clear accountability for each task.
  3. Human Resources Security. This control addresses how employees are trained in cybersecurity when starting and ending roles in an organization, including onboarding, termination, and job changes.
  4. Asset Management. Data security is a primary concern of ISO 27001. This control focuses on managing access and security of assets that affect data security, including hardware, software, and databases.
  5. Access control. This control discusses how an organization manages access to data to protect against unauthorized access to sensitive or valuable data.
  6. Cryptography. This is one of the most powerful tools for data protection. Companies should implement data encryption whenever possible using strong cryptographic algorithms.
  7. Physical and Environmental Security. Physical access to systems can undermine digital security controls. This control focuses on securing buildings and equipment within an organization.
  8. Operations Security. Operations security focuses on how the organization processes and manages data. The organization must have visibility and control over the flows of data in its IT environment.
  9. Communications Security. Communication systems used by an organization (email, video conferencing, etc.) must encrypt data in transit and have strong access controls.
  10. Acquisition, Development and Maintenance of Systems. This control focuses on ensuring that new systems introduced into an organization’s environment do not jeopardize the company’s security and that existing systems are maintained in a secure state.
  11. Relationships with Suppliers. Third-party relationships create the potential for supply chain attacks. An ISMS must include controls to track third-party relationships and manage risks.
  12. Information Security Incident Management. The company must have processes in place to detect and manage security incidents.
  13. Information Security Aspects of Data Management Business Continuity. In addition to security incidents, the company must be prepared to manage other events (such as fires, power outages, etc.) that could negatively impact security.
  14. Conformity. As part of ISO 27001 compliance, the organization must be able to demonstrate full compliance with other mandatory regulations to which the organization is subject.

What are the main benefits of reaching ISO 27001?

There are obvious benefits for companies that comply with this standard. This requires actively implementing the necessary measures, processes, and policies for an improved security posture.

This reduces the chance of a company experiencing a data breach and, if it does, ensures that the company is fully prepared with incident response and business continuity plans to minimize damage.

Here are the key benefits of achieving ISO 27001 compliance.

Data Security Enhancement

By implementing the standard, you will understand your own security landscape and the most up-to-date digital defense mechanisms. You’ll learn about data management best practices through an audit of what you’re doing right, but more importantly, what needs improvement.

Threats that put your organization at risk will be assessed and you will learn how to protect your assets through tactics that involve confidentiality, safeguard and authorization procedures.

Improvement of Processes and Strategies

ISO 27001 puts cyber strategy at the forefront of its certification. Qualified auditors seek to address your risks to mitigate security breaches. They map goals and objectives into an actionable approach to defining data security accountability across your team. The certification process will also help you create documentation that can be used as a guide and updated for years to come.

Alignment with Management Systems

The good news is that ISO 27001 aligns with any current ISO management system you may already have in place. Because this standard fits so easily and has many overlapping clauses with other ISOs, it eliminates the need for constant verification and auditing of all your management systems.

Culture of Continuous Improvement

In the ever-evolving world of cybersecurity, this is a weight off your shoulders as you are assured that with the help of ISO 27001, you can always meet new requirements and obligations.

Development of a Quality Brand

Another big advantage of getting ISO 27001 certified is the benefits it does to your reputation. This standard is internationally recognized and externally assured, conveying to the business world that it is a credible and trustworthy organization.

It will automatically increase customer trust by demonstrating your commitment to cybersecurity and compliance with legislation such as GDPR. This will help you win new business, keeping you ahead of other organizations that are not certified, opening you up to new industries and contacts.

Cost Reduction

The ISO 27001 standard also helps in implementing policies to organize and improve business processes. This ends up causing a reduction in costs, as a result of the implementation of a good security and management system.

By having a clear view of strategic management, it is possible to reduce risks considerably. This ends up saving the company the resources that would be spent on corrections.

This directly influences the company’s cash flow, reducing costs with this type of situation, especially considering that the expenses to resolve any data security issue are always very high.

In this way, eliminating the risk of spending on this issue already makes the situation more comfortable for the company. In view of this scenario, it is simple to see why ISO 27001 is so important for companies.

Privileged Access Management as a key to ISO 27001 compliance

ISO 27001 covers a broad scope of information security. The framework includes controls for security policy, asset management, encryption, human resources, environment recovery, and more.

Access control, however, figures prominently in the framework. Specific controls deal with access, but authorization and authentication issues are crucial to almost every aspect of the framework. After all, effective data encryption is impossible if you cannot control who has access to encryption mechanisms.

Altogether, ISO 27001 provides 14 controls, five of which may be related to Privileged Access Management (PAM). Let’s investigate them more closely.

Section A.6 Information Security Organization

It requires a company to provide a transparent and detailed management framework that regulates and enforces cybersecurity programs. The company must be fully aware of what roles, responsibilities and tasks employees can and actually perform.

How can Privileged Access Management (PAM) help? Through the use of access policies and permissions, the software regulates and manages users and their rights and responsibilities. In fact, PAM restricts the ability to perform any unauthorized actions.

Section A.9 Access Controls

The company must regulate and, if necessary, restrict employee access to different types of resources and information.

How can Privileged Access Management (PAM) help? In fact, PAM can control which resources, which time period, and which users access should be granted. It helps to granularly distribute access rights as required by business needs and cybersecurity programs.

Section A.12 Security of Operations

Regulates the processes linked to the flow and storage of information.

How can Privileged Access Management (PAM) help? The solution is capable of tracking any user’s activities, such as attempts to relocate and change company data. It can also log all events, which contributes to faster incident response. In short, these features provide another layer of verification and transparency of data flows.

Section A.15 Supplier Relations

Describes the process of secure interaction between the company and third parties (vendor technical support, contractors, remote workers outside the network).

How can Privileged Access Management (PAM) help? To protect the confidential company data from third parties and prevent unauthorized access, the software can define the list of policies that define with clear permissions of third parties within the company’s information systems. In fact, PAM can also track users’ activities.

Section A.16 Information Security Incident Management

It controls and verifies how the company can act on alert security events and if response workflows are configured effectively.

How can Privileged Access Management (PAM) help? Using the out-of-the-box event recording mechanisms and video and text recordings of sessions, the software provides a quick way to understand the reason for the incident. By acting immediately, the company can mitigate the consequences of the security incident.

In fact, Privileged Access Management can simplify the ISO 27001 certification process because it is a ready-to-use instrument capable of mitigating threats associated with misuse of privileged access and adjusting the internal cybersecurity plan according to the requirements.

senhasegura solution for ISO 27001

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard 27001 is an internationally recognized standard for specifying Information Security Management Systems. Complying with this standard helps any organization to meet its obligations to customers and business partners.

For service providers, from cloud data centers to law firms, being able to operate requires attesting to their responsibility for their customers’ sensitive information. Auditors around the world also rely on the ISO 27001 standard as the basis for evaluating control and verifying compliance to a range of regulations and standards.

A PAM solution protects an organization against accidental or deliberate misuse of privileged access, and should be a critical element of an ISMS. The senhasegura solution tracks privileged users, enabling the implementation of ISO 27001 through a secure, centralized and simplified mechanism to authorize and monitor all privileged users for all relevant systems. In addition, senhasegura:

  • Grants and revokes privileges to users only on systems on which they are authorized.
  • Avoids the need for privileged users to have or need local passwords.
  • Quickly and centrally manage access to a set of heterogeneous systems.
  • Creates an unalterable audit trail for any privileged operation.
  • It is a critical element of the ISMS, allowing organizations to track every action of privileged users on their IT infrastructure.

Request a demo now and discover the benefits of senhasegura for your company.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Why Social Engineering Attacks are on the Rise & How to Prevent Them

You can build the tallest walls around your castle and equip it with the most advanced defense technology, but if an insider opens the gates to your enemies, all your efforts will go wasted.

This logic equally applies to cyber security: Even when a business uses state-of-the-art antivirus & malware protection software and implements robust technical security measures, one employee’s mistake of disclosing his login details to an intruder or downloading malware-infected attachments may lead to the compromise of valuable information assets, result in financial loss or disrupt business continuity. 

This is why social engineering attacks are on the rise: Instead of trying to find and exploit system-related vulnerabilities which may require significant resources, cybercriminals increasingly play into exploiting natural human tendencies such as greed, trust, fear, and feeling obliged to reciprocate so that they can easily exfiltrate data. 

In this article, we will talk about: 

  • How do social engineering attacks work? 
  • What are the main types of social engineering attacks? 
  • Rise of social engineering attacks 
  • Why are social engineering attacks on the rise? 
  • How to prevent social engineering attacks

I. How do social engineering attacks work?

Social engineering attacks refer to the use of deceptive techniques and arts by cybercriminals to persuade victims to take specific actions such as disclosure of sensitive information, downloading malware-infected attachments, allowing intruders entry into secure areas, or clicking on a link that directs them to a fake website, which is then used to steal sensitive data such as their login credentials. 

By deceiving employees into taking these actions, malicious parties can infiltrate corporate networks, gain access to valuable information assets, steal credentials of high-level management or even transfer funds to themselves. A successful social engineering attack requires both technical skills such as crafting a phishing email and soft skills such as building trust with the target. 

Overall, a social engineering attack consists of four phases: 

Phase 1: Gathering of information about the victim

In this step, the cybercriminals collect information about the victims from different sources such as publicly available data on social networking sites, online directories, or via special tools such as OSINT.  

Phase 2: Building a relationship with the victim

In this phase, cybercriminals earn the victim’s trust by using the information gathered previously and then applying principles of psychological manipulation to influence the victim into taking a particular action such as disclosing sensitive information like login credentials. 

For instance, people like to reciprocate a favor, they want to be useful to others and they act without diligence when there is an imminent threat. Understanding these basic principles of human instincts helps cybercriminals trick their victims with ease. 

Phase 3: Exploiting the relationship

In this stage, cybercriminals deploy their technical skills to attain results. This may include crafting a spear-phishing email, cloning a legitimate website, or persuading the victim into opening a malware attachment. 

Phase 4: Exit step

This step involves the removal of all evidence that may have been left after the attack so the cybercriminals cannot be identified. Furthermore, concealing that an attack occurred is of critical importance for cybercriminals because it allows them to freely infiltrate the systems without getting caught. 

II. What are the main types of social engineering attacks?

Phishing

Phishing attacks are the most prevalent type of social engineering attacks. In December 2021, APWG observed 316,747 phishing attacks, the highest number since its reporting program began back in 2004. Furthermore, according to Verizon’s Data Breach Investigations Report, phishing attacks were used in 36% of all data breaches surveyed. 

Phishing attacks entail the use of communication tools such as emails, phones, SMS, or social media to deceive users into divulging confidential information, clicking on malicious web links, or downloading malware-infected attachments. 

Spear phishing

Spear phishing is a sophisticated variant of phishing attacks. Unlike traditional phishing attacks where non-personalized bulk communications are sent to thousands, spear-phishing attacks are targeted at specific individuals within an organization. Worldwide, 36% of businesses have faced at least 10 spear-phishing attacks in 2020. 

Business email compromise (BEC)

BEC refers to a type of attack where cyber attackers impersonate trustworthy senior executives via stolen credentials and then convince subordinates to transfer funds to other accounts. According to IBM’s 2021 Cost of Data Breach Report, BEC attacks cost the most to businesses worldwide, 5 million $ on average per attack. 

III. The rise of social engineering attacks

As businesses implemented stronger technical security measures such as more effective anti-virus programs, network filtering, and cloud adoption, the cost of finding and exploiting system vulnerabilities required more resources and became more costly for cybercriminals. Given that the primary motivation for cybercrime is high-margin profits, it is no surprise that cybercriminals are increasingly using social engineering attacks to infiltrate IT networks more easily and in a more cost-effective way. 

In fact, the Human Hacking Report by SlashNext shows that social engineering attacks increased by 270% in 2021. What is more interesting is that 98% of all cyberattacks involve social engineering to some degree. Another interesting trend when it comes to social engineering attacks is the growing use of more sophisticated and manual methods instead of generic and automated communications.  

Traditionally, the use of automated means to send out generic phishing emails and SMS in bulk was the norm. However, cybercriminals now collect more information about their targets, identify the most vulnerable individuals within the target organization and personalize their tactics to deceive their targets more easily. 

This is evidenced by the growing prevalence of spear-phishing attacks: In 2021, 65% of all phishing attacks worldwide were spear-phishing attacks, which entails in-depth research into the target organization and the victims to send more personalized and believable emails, SMS, and calls,   thus maximizing  the success rate. 

IV. Why are social engineering attacks on the rise?

While there are many factors contributing to the rise in social engineering attacks, three factors stand out: 

Social networks

Professionals spend more time on social media networks and are often open to connecting with people they do not know to gain more prominence on social media platforms such as LinkedIn.  This makes most employees potential targets for social engineering attacks because cybercriminals can easily open an account on these networks without ID verification, connect with the targets, earn their trust and then execute the attack. In other words, social media provides another attack vector for cybercriminals to build relationships with victims and exploit their vulnerabilities. 

Access to more data

Social media sites where people share everything about their lives are a goldmine for social engineers: This enables them to profile their targets, identify individuals most likely to fall victim, and craft a more personalized message to them to boost their chances of success.  For example, cybercriminals can set up an unofficial assistance page for a particular bank’s customers on a social media site and then target people following this page. 

For instance, 1 billion LinkedIn users’ data were compromised as a result of two data breaches. This data was then on sale on the dark web. Access to this rich source of personal information has likely fuelled the rise in spearfishing attacks in 2021. 

Social engineering requires fewer resources and technical knowledge

Compared to the exploitation of system vulnerabilities which requires technical expertise and resources, social engineering is an easier way for cyber attackers because all they need is an employee negligent enough to fall prey.  

Social engineering attacks are less likely to get detected

When cybercriminals infiltrate corporate networks by using login credentials obtained via social engineering, this may go undetected for months, giving them the time to compromise troves of data without being detected.  

Another factor that makes it easy for cybercriminals to evade email detection gateways, firewalls, and other detection technologies is that they host malicious URLs on legitimate infrastructures such as AWS and outlook.com. For instance, according to a report by SlashNext, 2.5 out of 14 million malicious websites identified were hosted on reputable infrastructure services such as Azure. 

V. How can organizations prevent social engineering attacks?

Defending against social engineering attacks and minimizing their adverse effects on a business requires a combination of strong security culture, staff training, and implementation of appropriate cyber security measures: 

Provide training to your staff

All staff should be educated on how they can recognize social engineering attacks such as phishing attacks. For email phishing, for instance, employees can be provided with training on the red flags such as incorrect email domain or grammar mistakes they need to watch out for. 

Establish reporting mechanisms and encourage employees to report suspicious calls, emails, and other similar activities

There should be a reporting mechanism in place so that employees can report any suspicious activity to the security team, making it easier to detect and prevent social engineering attacks 

Penetration testing

Carrying out regular penetration testing is useful to discover the vulnerabilities in the human element of IT infrastructure so that weaknesses can be identified and remedied.  

Network access control (NAC)

Implementing network access control technology can provide two distinct benefits: 

  • Preventing unauthorized access to the Network by applying multi-factor authentication: NAC systems enable businesses to restrict access to certain employees with credentials to certain areas of the network. NAC systems usually include multi-factor authentication functionality that is useful to prevent intruders from gaining access to critical IT infrastructure. Gaining account login credentials is one of the primary ways attackers use to infiltrate corporate networks. Multi-factor authentication would enable the recovery of accounts easily and prevent unauthorized access.
  • Post-admission controls can mitigate risks by restricting lateral movement across the network: NAC systems can be used to restrict access to different parts of the network, minimizing the harm an unauthorized attacker can impose. This control can make it less likely that intruder obtains confidential data such as trade secrets and can reduce the number of individuals whose personal data are compromised. Therefore, financial loss because of a data breach would be less severe. 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

SC Awards Europe Names Portnox to Best Authentication Technology Shortlist

Austin, TX – May 7, 2024Portnox, a leading provider of cloud-native, zero trust access control solutions, is proud to announce its selection as a finalist in the prestigious SC Awards Europe. The company has been recognized on the Best Authentication Technology category shortlist for its commitment to innovation and excellence in cybersecurity. The Portnox Cloud allows organizations to control who can authenticate to their enterprise network, and provides granular detail on every user’s access layer, location, device type, and more. Portnox’s cloud RADIUS service – part of the Portnox Cloud platform and its primary authentication solution – is provided through a cloud-based cluster of fully redundant RADIUS servers and is used for authentication of users accessing the enterprise network. The Portnox Cloud is fully cloud-native and requires no on-site hardware or maintenance whatsoever. No other network access control (NAC) product on the market delivers network authentication, access control, endpoint risk posture assessment and remediation in this manner. As a cloud service, the Portnox Cloud eliminates the need for the capacity planning of on-premises software or appliances. It also eliminates the need to complete on-going security updates, expand capacity, or upgrade appliances to meet future growth needs. With the Portnox Cloud, you never have to worry about software or hardware end-of-life, or costly, complex upgrades requiring hours and days of work and a never-ending checklist of to-dos. The Portnox Cloud is always running the most up-to-date version with the latest features and capabilities. “We are honored to be recognized as a finalist in the SC Awards Europe,” said Denny LeCompte, CEO at Portnox. “This acknowledgment reaffirms our relentless pursuit of excellence in delivering robust authentication and access control technology that strengthens data protection, improves endpoint and network security, streamlines user experiences, and achieves compliance with ease.” The SC Europe Awards are a celebration of the excellence, advancement, and of the incredible minds that are shaping the future of technology and cybersecurity within the UK and Europe. Being named a finalist underscores Portnox’s unwavering dedication to providing cutting-edge solutions that empower businesses to strengthen their security posture against evolving cyber threats. The winners of the SC Awards Europe will be announced during a ceremony on Tuesday, June 4 on the first evening of InfoSecurity Europe in London.
Cloud NativeFaux Cloud
InfrastructureProvided, paid, and managed by the vendor; mostly invisible to anyone utilizing the serviceProvided, paid, and managed by you through your own AWS or Azure account
ImplementationQuick time to value; much of the work is invisible to youDepends on the complexity of the app, but it is your responsibility to do the work or pay someone else to do it
PricingSubscription with lower up-front costPerpetual license with expensive up-front cost that are amortized over time.

(Note: many vendors are moving away from perpetual licensing for on-prem or faux cloud products, but as they do, their customers are getting the worst of both worlds – paying more annually while still being responsible for on-going maintenance of the product)
Total Cost of OwnershipThe price of the product reflects the genuine cost of ownershipThe price of the product is only one (and sometimes only a small) part of the total cost that is reflected in the staff time and public cloud expenses; in many instances, you may not even know what it is going to cost you until it is too late
Vendor Lock-InEasy to switch to another vendor should your business needs changeExpensive license, deployment and maintenance costs make switching prohibitive, often for years
AccessAccess anywhere via browser with internet connectionOn-premises model often requires access via VPN

(Note: what happens when there is a problem with your solution and your VPN is configured to use your on-premises system? Sounds like someone is driving into the office!)
ScalabilityAutomatically scales with usageCustomer must increase capacity to keep up with usage
UpdatesVendor regularly updates the underlying components such as servers, databases, etc. This process will often be invisible to you.You are responsible for ensuring that the entire tech stack – components, databases, servers, network – is updated with the latest patches
UpgradesYou seamlessly and transparently reap the benefit of new features, enhancements, and other improvements with zero effortAny upgrade requires you to install, test, and then deploy the upgrade in production, often during nights and weekends in case something goes wrong
AccountabilityThe vendor takes ownership of the uptime and security, performance, and availability of the serviceApart from the infrastructure as a service, you are on the hook for the performance, health, security, and availability of the solution, lock stock and barrel

Cloud Native

Infrastructure
Provided, paid, and managed by the vendor; mostly invisible to anyone utilizing the service

Implementation
Quick time to value; much of the work is invisible to you

Pricing
Subscription with lower up-front cost

Total Cost of Ownership
The price of the product reflects the genuine cost of ownership

Vendor Lock-In
Easy to switch to another vendor should your business needs change

Access
Access anywhere via browser with internet connection

Scalability
Automatically scales with usage

Updates
Vendor regularly updates the underlying components such as servers, databases, etc. This process will often be invisible to you.

Upgrades
You seamlessly and transparently reap the benefit of new features, enhancements, and other improvements with zero effort

Accountability
The vendor takes ownership of the uptime and security, performance, and availability of the service

Faux Cloud

Infrastructure
Provided, paid, and managed by you through your own AWS or Azure account

Implementation
Depends on the complexity of the app, but it is your responsibility to do the work or pay someone else to do it

Pricing
Perpetual license with expensive up-front cost that are amortized over time.

(Note: many vendors are moving away from perpetual licensing for on-prem or faux cloud products, but as they do, their customers are getting the worst of both worlds – paying more annually while still being responsible for on-going maintenance of the product)

Total Cost of Ownership
The price of the product is only one (and sometimes only a small) part of the total cost that is reflected in the staff time and public cloud expenses; in many instances, you may not even know what it is going to cost you until it is too late

Vendor Lock-In
Expensive license, deployment and maintenance costs make switching prohibitive, often for years

Access
On-premises model often requires access via VPN

(Note: what happens when there is a problem with your solution and your VPN is configured to use your on-premises system? Sounds like someone is driving into the office!)

Scalability
Customer must increase capacity to keep up with usage

Updates
You are responsible for ensuring that the entire tech stack – components, databases, servers, network – is updated with the latest patches

Upgrades
Any upgrade requires you to install, test, and then deploy the upgrade in production, often during nights and weekends in case something goes wrong

Accountability
Apart from the infrastructure as a service, you are on the hook for the performance, health, security, and availability of the solution, lock stock and barrel

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Events in MS Windows and Pandora FMS, does anyone give more?

If the spreadsheet was the essential application for accounting and massification of personal computers, MS Windows® operating system was the graphical interface that turned work into something more pleasant and paved the way for web browsers for the Internet as we know it today.

Today, in Pandora FMS blog, we discuss:

Windows Event Monitoring and Pandora FMS

Decades ae gone by but there is always a joke, among us computer scientists, that prevails in time:

“This is the year of Linux on our desktops”.

I actually think that, in the end, it is a statement that comes with a flaw from the very beginning:

The kernel (Linux in this case) has little to do with the graphical interface, the actual thing is that the applications that go along with Linux, such as GNU/Linux, are the combinations that should take their place in hundreds of millions of computers in our homes and jobs.

The MS Windows® operating system (OS), despite losing ground with Android/Linux on our mobile phones, still has it still going on on desktop computers and in the field of video games it keeps its position, faring pretty well.

Many say that desktop personal computers will disappear. I personally think that we will connect the monitor, keyboard and mouse to our cell phones at home and at the office.

But today MS Windows has a stronghold in its market position and for Pandora FMS it has implied a series of very special considerations for its monitoring.

The  overview

Monitoring with Pandora FMS can be done both remotely and locally and the MS Windows® OS is no exception. Remote monitoring can be performed through SNMP and  through WMI.

*If you are new to monitoring, I recommend you to take a few minutes to learn about Pandora FMS Basics.

For local monitoring install a small program, which is called Pandora FMS Software Agent.

Once installed in MS Windows®, the modules to collect the most relevant information (disk usage, RAM consumption, etc.) will already be installed by default.

If what you need to monitor is the basics of MS Windows® the Open version of Pandora FMS is more than enough for the task.

Windows® event monitoring

The amount of applications for MS Windows® is humongous but in a way it is easy to monitor applications and even processes, since we have a special instruction for the Software Agent called module_Proc. 

This instruction is able to tell us, either immediately or every certain period of time whether a program or process is running.

*If you want to find out more about this Pandora FMS feature, visit our video tutorial Monitor processes or applications in Windows.

So far all this is the basics for monitoring MS Windows®.

And in the case of Pandora FMS Enterprise version you can “transfer” normal events to events in Pandora FMS, which can generate alerts and warnings for us to take the necessary actions, or let Pandora FMS restart the software vital to our work or business.

* The latter is known as Watchdog: if an application for any reason stops in MS Windows®, it is re-launched and executed.

Analyzing the causes

Simplifying as much as possible:
So far we can say that we are working on true and false, on ones and zeros.

But often it is called on to us to analyze under what conditions an application collapses or find out why it does not start.

If all that related information had to be seen on your screen you simply would not be able to work with so many interruptions. For that reason there are event registries and working with them implies more specialization on Pandora FMS behalf.

MS Windows® presents an advantage as a privative software for its monitoring and it is that its events and corresponding logs are centralized after a certain routine or standard way.

Monitoring an individual event

Pandora FMS offers the instruction module_logevent that uses Windows® API and offers better performance than data collection by means of WMI.

You will obtain data from the event logs from Windows itself.

Along with additional instructions, it offers the ability to monitor very specific events identified by the fields Log Name, Source, Event ID and Level.

Remember I told you they’re standardized?

Well, in Log name they are well defined by:

  • Application.
  • Security.
  • Installation.
  • System.
  • Forwarded events.

And you must use one of them for the instruction module_source, which is mandatory in the module to be created in Pandora FMS Software Agent.

Up to this point we have only discussed simple modules of Pandora FMS agents but, depending on your needs all the above can also be done as a complement or Pandora FMS plugin.

The difference is to place module_type async_string when it is a data module and module_type log when it is a plugin.

Plugins offer flexibility as they can return multiple data at the same time, unlike Pandora FMS modules that only return a specific, normalized data type in Pandora FMS.

This is important for what we will see below:
The instruction module_regexp which has as a parameter an event log file (.log) on which you will search for keywords with the instruction module_pattern.

This is necessary because there are old applications that keep their own separate event log, although in other regards they do not escape the Windows log. 

*We explained this in detail in our tutorial video « Windows modules logevent and regexp ».

Monitoring an event channel

En MS Windows® algunos log que no están en el registro de eventos del propio Windows, pueden ser recogidos mediante los canales de registros de eventos (Windows Event Log channel  o simplemente log channels) con una instrucción especial lla

In MS Windows®, some logs that are not in Windows event log can be collected using the Windows event log channels with a special instruction called module_logchannel that does not carry any parameters but then uses module_source<channel_name> together with module_eventtype (event type), module_eventcode (event code) and even module_pattern to search by keyword. 

*For more details, our video tutorial «Windows modules: Logchannel |Pandora FMS|» quickly explains this feature.

However, I said that we are looking for or investigating the cause of some problem or inconvenience in an application that runs on MS Windows®, but the examples I have given are specific and go directly to monitor a particular point.

Alright so…

How do we do it if we don’t know exactly what we’re looking for?

Elasticsearch and log mass collection

What I needed to explain is that if you use a plugin to collect logs you must install, together with Pandora FMS, a powerful tool called Elasticsearch.

Which uses a non-relational database capable of storing and classifying all this large amount of information.

*It is well explained, again, in another tutorial video called “ Log Collector in Pandora FMS “)

But don’t think Pandora FMS just delegates the work, no:

From Elasticsearch you may go back to Pandora FMS to generate alerts and reports that you scheme and then create in Pandora FMS to finally understand what the conditions and precise values are when an application fails (or has peak workload values, or is “doing nothing”, etc.).

Conclusions

He resI have summed it up as much as possible and I recommend that you watch the tutorials over and over again until you fully understand and are able to put it into practice installing both Pandora FMS and Elasticsearch. If you have any problems, check the official documentation, which is extensive on the topic “Log monitoring and collection.”

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.