Announcement Pandora FMS CVE-2021-44228: The critical Apache Log4j vulnerability
In response to the vulnerability tagged as CVE-2021-44228, known as “Log4Shell”, from Artica PFMS we confirm that Pandora FMS does not use this Apache log component and therefore it is not affected.
Discovered by the Alibaba security team, the problem refers to a case of remote execution of unauthenticated code (RCE) in any application that uses this open source utility and affects unpatched versions, from Apache Log4j 2.0-beta9 up to 2.14. 1.
It is true that if we used it, we would be compromised, but fortunately it is a dependency that is not necessary for the operation of our product.
In turn, we must also state that the Elasticsearch component for the log collection feature is potentially affected by CVE-2021-44228.
Recommended solution
There is, however, a solution recommended by the Elasticsearch developers:
1) You can upgrade to a JDK later than 8 to achieve at least partial mitigation.
2) Follow the Elasticsearch instructions from the developer and upgrade to Elasticsearch 6.8.21. or 7,16,1 superior.
Additional solution
In case you can’t update your version here we show you an additional method to solve the same problem:
- Disable formatMessageLookup as follows:
- Stop the Elasticsearch service.
- Add -Dlog4j2.formatMsgNoLookups = true to the log4j part of /etc/elasticsearch/jvm.options
- Restart the Elasticsearch service.
In the event of any other eventuality we will keep you informed.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
Version 2 Singapore – Simplifying Cyber Security for the Mining Industry
Cybersecurity Trends for 2022
In recent years, the technological dependence of companies and society has only increased. Companies have increasingly invested in digitizing their processes and providing the best experience for customers, partners, suppliers, and employees.
The digital transformation process and new technologies such as Cloud, Big Data, Internet of Things, and 5G have brought an increase in cyber threats with them. And the migration to remote work models driven by the Covid-19 pandemic has made people and businesses even more vulnerable to malicious attacks. This makes the cybersecurity issue remain on the rise and the protection of this entire infrastructure is increasingly essential in organizations’ strategies.
Thus, as the end of the year approaches, security leaders are looking for the main information security market trends and the challenges that await them for 2022 to be prepared for this threat scenario. According to a Flexera study, cybersecurity will be the top IT initiative for half of the organizations surveyed.
Therefore, in times when data is considered the new oil, it is essential that organizations know the market trends and then outline their cybersecurity strategies to protect this very valuable asset and ensure the continuity of their business.
Next, we present 9 information security topics that will be highlighted in 2022, which should be considered by organizational leaders in their cybersecurity strategies.
1. Greater Coverage of Data Protection Laws
With the exponential growth of data volume, news on data leaks will become more and more frequent. Consequently, the demand for data security and privacy is sure to grow. To respond to this trend, governments tend to increase regulatory pressures through the publication of personal data protection laws. So much so that Gartner estimates the personal information of 75% of the world’s population will be covered by specific data protection laws by 2023. In 2021, China, Saudi Arabia, and Brazil were some of the countries that put specific data protection laws in force. Europe already regulated the transfer of personal data from European Union countries to non-member countries. On the other hand, the United States remains on the list of countries without a specific federal law to guarantee the protection of personal data, depending only on states like California, Colorado, and Virginia to legislate on the subject.
2. Remote Work Protection
Work environments have undergone the greatest transformation in recent decades. Dining rooms were adapted so that we could share workstations and accommodate a remote workforce. According to research by Tenable and Forrester, 74% of security leaders recognize that the remote work measures implemented as a result of the pandemic have left their infrastructure vulnerable to malicious attacks. And even with the end of the pandemic and the return to face-to-face work, the expectation is that there will be a hybrid work adoption. Also, according to the survey, 70% of organizations plan to have their employees work from home at least one day a week.
3. Cyber Awareness
It is jargon in the cybersecurity market that “it is impossible to invest in state-of-the-art security solutions without addressing the weakest link in this chain: people”. Furthermore, as security vendors develop new technologies to protect infrastructure, attackers devise methods to bypass them and carry out their malicious actions. According to Verizon’s Data Breach Investigations Report 2021, 85% of data leaks surveyed involved the human factor, with social engineering accounting for more than a third of those leaks. Phishing was present in 36% of data leaks surveyed by Verizon.
4. Talents Wanted
In recent years, we have seen an increase in the number of projects related to digital transformation and connected devices, as well as a migration to cloud-based environments. Additionally, the risk landscape includes cyberwars and attacks such as ransomware, which increasingly affect business continuity. However, security budgets have not kept up with this escalation. To adequately respond to these risks and ensure infrastructure protection, there is an increased demand for cybersecurity professionals. According to an Information Systems Security Association (ISSA) study, 57% of professionals surveyed said that the lack of cybersecurity talents had impacted their organizations in some way, while 10% recognized this impact as significant.
5. It is All About Connection
The development of 5G and the Internet of Things has led to a growth in the number of connected devices. These devices have enabled connectivity and have become increasingly essential in the daily lives of people and businesses. According to a Cisco report, the number of connected devices is expected to surpass 29 billion by 2023, resulting in a larger attack surface to be exploited by malicious attackers through vulnerabilities and malicious software. According to Gartner, by 2025, cyberattackers will turn Operational Technology (OT) environments into weapons to cause even human deaths. In this way, attacks on the so-called critical infrastructure, such as the generation and distribution of energy, water, and gas, can have serious impacts not only on organizations but also on governments and society.
6. Mobile Attacks
The spread of smartphones has made our personal and professional life easier, stimulating the development of a series of applications for communication, shopping, finance, and travel. In addition, the shift to remote work has led to increased use of mobile devices by employees, bringing benefits such as faster speed and productivity improvements. In 2020, the percentage of internet traffic through these devices surpassed that of desktop computers and laptops for the first time. Cybercriminals have taken advantage of these facts to increasingly use mobile devices as an attack vector.
7. (Even) More Ransomware
Each year, we have seen new records in ransomware-related numbers. And in 2021, that was no different. SonicWall recorded a 148% increase in attacks involving ransomware in 2021, reaching the number of 495 million attacks with this type of malicious software, which is expected to exceed 700 million by the end of the year. It is worth remembering that the techniques used in these pieces of software have also become more sophisticated, showing an evolution in cybercriminals’ planning and execution of this type of attack. Moreover, the Ransomware-as-a-Service models have allowed scaling the development of this type of malicious software, allowing criminals without programming knowledge to develop their own ransomware. In September 2021 alone, SonicWall’s malicious software detection tools discovered more than 370,000 new malware variants, with governments and critical infrastructure being a top target.
8. Social Freedom
In recent years, we have seen social media influencing important events in some way, such as Brexit and the Brazilian and American elections via the Cambridge Analytica scandal. And with new occurrences involving Facebook and its employees, we will continue to see increasing pressure on social media to perform proper controls on their users’ posts. These posts include the dissemination of fake news and crimes such as selling illegal items, financial scams, and child pornography. This will undoubtedly influence governments to regulate and establish better-defined controls on how content is published, including the verification of facts posted on social media and facilitating access by authorities to the respective sources.
9. Artificial Intelligence and Machine Learning for Cybersecurity
The elimination of the security perimeter and the migration to distributed work models, driven by the Covid-19 pandemic, made devices even more vulnerable to cyber threats. And with the increase in these threats, boosted by the lack of specialized security staff, it is essential to use tools based on Artificial Intelligence and Machine Learning to detect cybersecurity risks. Through the use of these technologies, one can analyze and recognize patterns for the prevention and adequate response to these threats. In this way, the cybersecurity process becomes much more proactive and effective.
You can see that 2022 will not be easy in terms of cybersecurity. With the trend of increasing attacks and scarce resources, security teams will have a tough mission to detect and adequately respond to the growing demands in the industry. Now, the question is not whether, but when organizations will suffer a cyberattack. Thus, adequately responding to cyber threats not only must be considered by the security teams but also be part of the business strategies.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
What is Role-Based Access Control?
Most of us have visited a hotel at some point in our lives. We arrive at reception, if we request a room, they give us a key; if we are going to visit a guest, they lead us to the waiting room as a visitor; if we are going to have dinner at their restaurant, they label us as a customer; or if we attend a conference on technology, we go to their conference room. It would not be the case that we would end up in the pool or enter the laundry room for a very important reason: we were assigned a role upon arrival.
Do you know what Role-Based Access Control or RBAC is?
In the field of computing too, since its inception, all this has been taken into account, but remember that the first machines were extremely expensive and limited, so we had to settle for simpler resources before Role-Based Access Control (RBAC) arrived.
Access Control List
In 1965, there was a timeshare operating system called Multics (created by Bell Laboratories and the Massachusetts Institute of Technology) which was the first to use access control lists (ACL). I wasn’t even born at that time so I will trust what Wikipedia has to say about this topic. What I do know, first-hand, is the filesystem access control list (filesystem ACL) that Netware Novell® used in the early 1990s and that I already told you about in a previous article on this blog.
But let’s go back to the access control list: What is an access control? This is the easiest thing to explain, it is nothing more and nothing less than a simple restriction on a user regarding a resource. Either by means of a password, a physical key or even your biometric values, such as a fingerprint, for example.
An access control list then is to write down each of the users who can access (explicitly allowed) or not (explicitly prohibited, under no circumstances) something. As you may imagine, this becomes tedious, constantly staying aware of noting the users one by one and also the processes of the operating system or the programs that run on it… You see, what a mess to write down all the entries, known as access control entries (ACEs).
Following the example of rights on files, directories and beyond (such as full resources: optical disks or entire “hard drives”), I came to work, last century, with Netware Novell®. This is a Filesystem ACL (Network File System access control list). Then came the millennium shock, the NFS ACL version 4 that picked up and expanded, in a standardized way, everything we had used since 1989 when RFC 1094 established the Network File System Protocol Specification. I think I have summarized a lot and should name, at least, the use that MS Windows® gives to ACLs through its Active Directory (AD), the Networking ACLs for the cases of network hardware (routers, hubs, etc.) and the implementations that some databases make.
All these technologies, and more, make use of the concept of access control lists, and as everything in life evolves, the concept of groups sharing some similarities emerged, and thus it was possible to save work by keeping the lists of access. Now imagine that you have one, or more access control lists, that only support groups. Well, in 1997 a man named John Barkley demonstrated that this type of list is equivalent to a minimum Role-Based Access Control, but RBAC at the end of the day, which brings us to the core of the issue…
Role-based access control RBAC
The concept of role in RBAC goes beyond permissions, it can also be well-defined skills. In addition, you may have several assigned roles, depending on the needs of the protagonist (user, software, hardware…). Going back to the billing department example. A salesperson, who already has a corresponding role as such, could also have a collection role to analyze customer payments and focus their sales on solvents. With roles this is relatively easy to do.
Benefits of RBAC
• First of all, RBAC dramatically reduces the risks of breaches and data leaks. If the roles were created and assigned rigorously, the return on investment of the work done in RBAC is guaranteed.
• Reduce costs by assigning more than one role to a user. It is unnecessary to buy new virtual computers if they can be shared with groups already created. Let Pandora FMS monitor and provide you with information to make decisions about redistributing the hourly load or, if necessary and only if necessary, acquire more resources.
• Federal, state, or local regulations on privacy or confidentiality can be required of companies, and RBACs can be a great help in meeting and enforcing those requirements.
• RBACs not only help efficiency in companies when new employees are hired, they also help when third parties perform security work, audits, etc. because beforehand, and without really knowing who will come, they will already have their work space well defined in one or more combined roles.
Disadvantages of RBAC
• The number of roles can grow dramatically. If a company has 5 departments and 20 functions, we can have up to a maximum of 100 roles.
• Complexity.Perhaps this is the most difficult part: identifying and assigning all the mechanisms established in the company and translating them into RBAC. This requires a lot of work.
• When someone needs to temporarily extend their permissions, RABCs can become a difficult chain to break. For this, Pandora FMS proposes an alternative that I explain in the next section.
RBAC Rules
To take full advantage of the RBAC model, developing the concept of roles and authorizations always comes first. It is important that identity management to be able to assign these roles is also done in a standardized way, for this the ISO/IEC 24760-1 standard of 2011 tries to deal with it.
There are three golden rules for RBACs that must be displayed according to their order in time and enforced in due course:
1. Role assignment:Someone may exercise a permission only if they have been assigned a role.
2. Role authorization:The active role of a person must be authorized for that person. Along with rule number one, this rule ensures that users can only assume the roles for which they are authorized.
3. Permission authorization:Someone can exercise a permission only if the permission is authorized for the person’s active role. Along with rules one and two, this rule ensures that users can only exercise the permissions for which they are authorized.
The Enterprise version of Pandora FMS has an ultra complete RBAC and authentication mechanisms such as LDAP or AD, as well as double authentication mechanisms with Google® Auth. In addition, with the tag system that Pandora FMS handles, you may combine RBAC with ABAC. The attribute-based access control is similar to RBAC but instead of roles, it is based on user attributes. In this case, assigned labels, although they could be other values such as location or years of experience within the company, for example.
But we leave that for another article…
Before finishing this article, remember Pandora FMS is a flexible monitoring software, capable of monitoring devices, infrastructures, applications, services and business processes.
Would you like to find out more about what Pandora FMS can offer you? Find out clicking here: https://pandorafms.com/
If you have more than 100 devices to monitor, you may contact us through the form : https://pandorafms.com/contact/
Also, remember that if your monitoring needs are more limited, you have Pandora FMS OpenSource version available. Learn more information here: https://pandorafms.org/
Do not hesitate to send us your questions. Pandora FMS team will be happy to help you!
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
How Application Management Needs are Driving Edge Computing
Last month, Scale Computing’s CEO and co-founder Jeff Ready joined up with Rob High, IBM Fellow, VP, CTO IBM Network and Edge Computing for a video meetup with Spiceworks.
This past Summer, Scale Computing and IBM announced a collaboration to help organizations adopt an edge computing strategy designed to enable them to move data and applications seamlessly across hybrid cloud environments, from private data centers to the edge.
In this informative and wide-ranging conversation, Jeff and Rob explore some of the trends driving the edge computing market — from the proliferation of connected devices generating voluminous amounts of data and the need to have greater application resiliency to ensuring compliance with an ever evolving regulatory environment — it’s no longer a question of ‘if’ edge computing will transform how we work and live, but when.
What follows are some of the highlights from their conversation. You can watch the video meetup in its entirety here.
What impact has the abrupt shift to remote work had on the edge computing market?
Jeff Ready (JR): First, it’s probably worth defining what we mean by edge computing which we can sum up as simply any place that you’re going to run a mission critical application that’s outside of the data center so the edge just means not in the data center. What’s happened through the pandemic is all of a sudden you have to run these applications in all sorts of different places.
The big challenge here is that the ‘edge’ by that definition just has some fundamental differences from the data center where you have redundant internet connectivity and reliable power and when something breaks, someone can walk into a room and fix it relatively quickly. But what if I have to do that same task across 500 locations and those locations are only online sometimes? This problem of horizontal scalability in which you have to replicate infrastructure tasks across a lot of locations is a serious issue and an area where we’re seeing a lot of very interesting use cases, especially in industries like manufacturing where for instance, industrial robots are generating tons of data.
Gartner says that today less than 10% of all data is generated at the edge, or outside of a data center but over the next four years, they expect 75% of the data to be generated at edge locations, which is a radical shift. This is the big wave that’s coming.
Rob High (RH): Much of what we’ve been talking about lies within the context of knowledge workers where our place of work has traditionally been the office. However, the vast majority of businesses are not about housing knowledge workers – they’re about running factories and retail stores and distribution centers. These businesses are fundamentally physical. And so when we think about the edge, we ought to be thinking about those kinds of places almost as much, if not more than remote office workers.
There’s not only a tremendous amount of data being generated at these locations and all that data is being used to make decisions. And the question becomes, how much data is being generated and how much are we having to transmit across the network? What’s the cost of that transfer? The latency of that transfer? What privacy issues are they being exposed to? All these places where there is an opportunity to take advantage of not only the increased volume of data but to do that locally so we can make better and faster decisions.
Since the cloud is everywhere, why not just go full cloud?
JR: There are a number of reasons why some of these applications are running out at the edge. On a practical level, it just makes more sense – think of a point of sale system in a retail store. You could run it in a cloud but in most retail stores, the internet is one of the least reliable components within that environment. The point of sale system is pretty critical obviously and it’s often linked to an EBT system, which is the food stamp system. And if both systems go down there are two compounding problems.
If cash registers are running slow people will abandon their shopping carts which is bad in its own right. If there are refrigerated items in that cart, by law they can’t be put back onto the shelves and that’s typically the most expensive stuff. The other thing is that if the EBT system goes down, by Federal law in the US, the food is now free so they’re losing money there as well. An hour of downtime across their stores can quickly result in hundreds of thousands of dollars in lost revenue.
Then there’s the issue of latency which comes down to a physics problem of moving packets of data 2,000 miles away to a data center. Until we can figure out how to go faster than the speed of light, the only solution is to move the decision-making closer. Finally there’s the issue of data privacy regulations which we haven’t seen as much here in the US as we are in Europe but will likely become more of an issue in the near future. For instance, there was recently a story in the news in Australia in which a convenience store had a kiosk where you could take a survey and it took a picture of you at the beginning and end of the survey to help the retailer gauge a consumer’s facial expressions. They then sent those images to the Azure cloud to process but that was a big no-no as sending that image with personal data to the cloud is against the law.
We’re moving to a true hybrid kind of world. In this context, hybrid simply means run the application where it makes the most sense to run the applications – whether it’s cloud, at the edge, or in a traditional data center, shouldn’t really matter.
RH: It’s important to remember that the edge is not just one thing. There are multiple potential tiers where you can locate compute which might be in a server in a retail store or on the factory floor. Most IoT equipment these days now includes some kind of general purpose compute embedded in the device itself – we’re seeing this with everything from cameras to industrial robots.
That becomes important to think about as on the other end you’ve got a number of Metro hosting environments, basically data centers located in metropolitan areas where the majority of businesses and users live. So it lives in between because it’s an edge to the data center. So now we can back to the line of business and understand the application requirements and choices about where it makes the most sense to place these applications considering the trade-offs of latency, network throughput, resiliency and privacy issues that they might care about. And it’s not going to be a one-size fits all approach.
We’re moving to a true hybrid kind of world. In this context, hybrid simply means run the application where it makes the most sense to run the applications – whether it’s cloud, at the edge, or in a traditional data center, shouldn’t really matter.
Can you tell us about the partnership between Scale Computing and IBM? How will the combination of your solutions really help some organizations out?
JR: The magic of the Scale Computing platform is in its self-healing capabilities. The challenge as it relates to edge and on-premise computing often comes down to manageability. What the Scale Computing platform does is lets you manage thousands of sites just as easily as a single site, all through a centralized portal. You can see exactly what’s going on, deploy an application to multiple sites at once, update the application, or spin up new locations. Take for example the grocery store chain I was talking about earlier. They don’t have to send a tech on-site when to deploy a new cluster. Someone can just literally plug it in and it will automatically reach back out to the management portal, download configuration files and applications and report back when it’s done. Our goal is to really simplify the management while maintaining that high availability.
The IBM edge application manager is the tool that allows you to manage these applications in the cloud, whether it’s a Kubernetes app or a legacy virtual machine, and deploy them to the location of your choice – whether that’s on-premises, on AWS, or the IBM cloud.
RH: The beauty of this partnership is that we both share this common understanding of the edge marketplace and the needs that are there – particularly, the need to get the right software to the right place at the right time. Scale Computing has been working on this for VM-based applications and we’ve been concentrating on that problem for containerized applications. And so we just brought those two things together and now the Scale Computing platform, you can do both. You can manage both your VM-based applications and your containers as an application from a single, centralized control point. There’s no need for IT specialists to be present at a remote location to manage this process.
Any parting thoughts?
JR: I think there is a natural inclination to think that edge computing is only suitable for a large enterprise or some big deployment. And that is just not the case. It certainly applies there, right? I mean, an 8,000 store deployment is one thing. But then, I’ve got a manufacturing customer that’s just a single location. It’s a large factory that has got about a dozen different edge computing deployments. There are a lot more use cases out there than you might naturally think of
RH: The cost of delaying the automation process far exceeds the cost of actually just putting the automation in place, even for the first one and getting to know it from day one and organizing your practices and processes around using the automation system for managing these edge environments.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Scale Computing
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.
How to Prevent a Data Leak by Internal Users?
Data leaks are extremely harmful to your company and users, therefore, actions to avoid such failures and information collection is crucial for your company to have a respectable image and become a reference in this segment.
How to Prevent a Data Leak by Internal Users?
A good company must have efficient ways of monitoring data, so they know who and when certain information was accessed, creating a network that limits hostile actions and improper copies.
In order to avoid such harmful practices, measures are needed to improve the security structure. For this, senhasegura can help you with those that should be taken to remedy such complications.
Recording and Monitoring
In most cases of information leaks by internal users, improper copies of the information contained in their company’s database are made, but using complex password recording actions and monitoring of who had access to the specific file, it is possible to prevent illegal collection.
Proper Configuration for The Network Environment
Companies all over the world have gone through hostile attacks and one of the gateways is the network environment, as they are easily accessed by individuals who wish to practice illegal activities, but a suitable configuration can solve such problems.
Another way of prevention is to configure the device used so that its internet connection is limited and data is not transferred improperly. In case the individual needs to be online at all times, it is possible to use WEP encryption, although it is considered weak by professionals in the field.
Education for Implementing a Security System
Although it seems banal, it is always important to explain to the internal user that, just having access to the data contained in a file makes them responsible for handling the information responsibly.
Along with basic network security training, the employee must be aware of the legal measures that may fall on them in case inappropriate actions are taken with confidential data, and even with these actions, monitoring and recording are of paramount importance.
The Access Privilege
With the aid of monitoring, certain information can be further protected through the right of access. This action is intended to determine who should or should not access information contained in a given file.
With it, only one group will be able to have access to the data, making the verification of suspicious actions in the system faster in order to determine possible failures in the security of information.
Constant Changes to Passwords
Every time a certain individual has suspicious actions and ends up being dismissed from the company, the access passwords must be changed so that they do not end up remotely accessing the network.
This practice should become commonplace, as access logins can often be known by unscrupulous people and the constant change of passwords helps keep your company data secure.
Protect Yourself from External Devices
Information can often be improperly archived on mobile devices such as USB sticks or SSDs, but through simple processes such as blocking USB ports and wireless, it can make data protection more effective.
These devices are not of paramount importance for your company’s daily activities, therefore, it is possible to forbid the use of the aforementioned options, and with this, all data transfer will be done over the network, where they can be monitored and blocked as needed by the company.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
Version 2 Singapore – Wishes You a Merry Christmas & Happy New Year 2022
Detecting & Alerting Log4J with the SCADAfence Platform
Until two weeks ago, Log4j was just a popular Java logging framework, one of the numerous components that run in the background of many modern web applications. But since a zero-day vulnerability (CVE-2021-44228) was published, Log4j has made a huge impact on the security community as researchers found that it’s vulnerable to arbitrary code execution.
The good news is that the Apache Software Foundation has already fixed and rolled out the patch for the vulnerability. On top of the patch, thanks to SCADAfence’s research and R&D team, our latest build supports the detection of Log4j exploit attempts.
Quick Recap of CVE-2021-44228 in Log4j
Log4J is an unauthenticated remote code execution (RCE, code injection) vulnerability in the popular Log4j logging framework for Java. By exploiting it, the attacker can easily execute any code from a remote source on the attacked target. NIST has given this vulnerability (CVE-2021-44228) a score of 10 out of 10, which reflects its criticality.
Over 3 billion devices run Java, and because there are only a handful of logging libraries, many of them are likely to run Log4j. Worse still, many internet-exposed target applications can be exploited by external users without authentication.
Over the past two weeks, major OT vendors disclosed the security impact of this vulnerability on their software and equipment, and additional disclosures will continue as vendors work to identify the use of Log4j across their product lines. Originally, the Log4j vulnerability made it challenging to identify potentially impacted servers on a given network. For OT networks that have incorporated network segmentation, the risk from these protocols can be mitigated to an extent.
How To Ensure That Your Systems Are Safe
First, it’s important to understand that the root cause of this issue lies within the Log4j library. The Apache Software Foundation released an emergency patch for the vulnerability. You should upgrade your systems to Log4j 2.15.0 immediately or apply the appropriate mitigations.
Our OT security threat intelligence database learns about the different behavior to highlight activities attempting to leverage this vulnerability and to provide remediation guidance. Our customers are notified of log4j exploit attempts, and also on any anomaly detected by our anomalies engine. but our customers are already protected simply based on the efficacy of our anomaly detection.
The SCADAfence Platform, the Governance Portal, and the Multi-Site Portal do not use Log4J or the Apache server, and thus SCADAfence product installations are updated and secure from the Log4J vulnerability. Customers do not need to take action for any of our on-prem or hosted web solutions.
At SCADAfence, we felt network segmentation wasn’t enough to fight off the critical vulnerability. The latest build of the SCADAfence Platform detects and allows SCADAfence customers to leverage our OT security threat intelligence service to ensure they can patch and mitigate this exploit in any of their OT devices.
The SCADAfence Platform Detects & Alerts if an OT Asset is Vulnerable to the Log4Shell Vulnerability
We’ve updated our log4shells/log4j exploit detection inside the SCADAfence Platform as we have maneuvered ahead. We added CVE signatures to our database which detect and alert RCE (Remote Code Execution) exploits.
The following CVEs were added to the SCADAfence database to correlate and alert of vulnerable OT assets:
How Can You Deploy The Latest Version of SCADAfence
The latest version of the SCADAfence Platform which detects the CVE signatures relating to the vulnerability is available in build 6.6.1.167. To get the latest version, please contact your customer success representative.
If your organization is looking into securing its industrial networks, the experts at SCADAfence are seasoned veterans in this space and can show you how it’s done.
To learn more about SCADAfence’s array of OT & IoT security products, and to see short product demos, click here: https://l.scadafence.com/demo
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
What’s New Pandora FMS 759
What’s new in the latest Pandora FMS release, Pandora FMS 759
Let’s take a look together at the features and improvements included in the new Pandora FMS release: Pandora FMS 759.
NEW FEATURES AND IMPROVEMENTS
State change thresholds based on percentage
It is an improvement that many users had requested. It allows a module changing status to be specified based on a percentage change in the value of the last data received. That way, it is more intuitive to define the situations in which you consider that a module goes into WARNING or CRITICAL status.
New trend modules
These new modules compare the current average with the average of the previous period and return the difference in absolute value or as a percentage. They are useful to express in a simple way that, for example, the use of your network is currently 25% higher than last week, or that the temperature is 2ºC above normal if you compare it to the previous month.
Capacity planning modules
It makes predictions based on the time frame specified by the user, assuming a more or less linear performance of the target module. This type of predictive module allows you to find out how many days you have left until the disk is completely full, or the number of requests to the database you will have within a month if you continue as before. These modules replace the old prediction modules.
Network Configuration Manager
We improved the NCM features. Now in addition to being able to execute commands manually on different devices, firmwares can be uploaded, configuration changes can be verified and backups can be scheduled.
More IPAM improvements
Following in the wake of the previous release, we added some additional features to our IPAM such as defining SITES, isolated islands that allow duplicate addresses. We also added the possibility of defining a location of a previous list, ordering the lists, editing from the supernet browser and more improvements have also been incorporated.
Editor of special days in Metaconsole
The special days editor has been added and the way to assign special days to alert definition has been improved, making it more intuitive.
Policy auto-enforcement by group
A system of automatic application of policies has been designed so that groups can be assigned policies and when a new agent is added to the group, the associated policies are applied automatically. This improves current auto-provisioning operations and enables large amounts of agents to be handled quickly.
Metaconsole inventory
Inventory display feature has been added to the Metaconsole.
Secondary IP macros in network components and plugins
From now on, through the _address_n_ macro you may use any of the secondary (or successive) IPs of an agent in network modules or remote plugins.
New alert action history report
It complements the existing event or alert reports, offering the details of each action (send email, SMS, log) for each alert launched on an agent/module. It is based on events (which now save that information when an alert is fired).
If you have to monitor more than 100 devices, you may also enjoy a Pandora FMS Enterprise FREE 30-day TRIAL. Installation on Cloud or On-Premise, you choose!! Get it here!
Last but not least, remember that if you have a reduced number of devices to monitor, you can use Pandora FMS OpenSource version. Find more information here.
Do not hesitate to send us your questions. Pandora FMS team will be happy to help you!
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.