Skip to content

Pandora FMS a remedy for drought?

As you know, this summer half of Spain has been on drought alert. A consequence, without a doubt, of the extreme summer heat and rain scarcity. 

Andalusia was one of the most affected.

Therefore, companies and public administrations in the area have raised the alarm. Especially because of environmental and economic effects. 

Thank heaven and science, technology experts already point out some solutions to reduce the impact of this type of phenomenon.

Pandora FMS and drought monitoring

Nowadays, many cities go for digital and technological help to improve resource management. 

One of the most popular practices among companies is monitoring. It is known that this can work, without a doubt, as a defense against catastrophes such as the one that devastated Andalusia this summer. 

“Monitoring systems improve the effectiveness of any workforce. And, therefore, their resource management.” 

Indicates Sancho Lerena, general director of the monitoring company Pandora FMS

“Monitoring how reservoirs are falling, the level of rainfall compared to the usual figures, or even finding out whether household water consumption is increasing significantly can help anticipate scenarios such as the current lack of water.”

This type of approach, monitoring, is increasingly used. For now public administrations are adapting, but this is already something common in the business field

Monitoring can reduce the workload in the retail sector by 30%. In addition, it can triple the response time to citizen service. Which, frankly, would be very good for any public administration.

Andalusia and its battle against drought

Andalusia has already referred to the year 2022 as one of the driest of the last 50 years

The Doñana National Park has been one of the most affected scenarios, along with the rest of the reference reservoirs, which are below 11% of flow.

These circumstances are also having a negative economic impact. For the time being, olive oil production in 2022 is expected to be reduced by 50%. The poorest year of the last decade, compared to over one million tons in 2021.

But initiatives to alleviate these problems have already been set in motion, many of them proving the effectiveness of monitoring. 

Malaga, just as any other example, has recently started a test project to monitor the operation of the counters of 8,000 households with older residents or dependents. The administration will be able to identify strange behaviors through this method. Such as families with long periods of inactivity in water consumption or households in which an increase in consumption may be a sign of a resident accident.

And the CSIC is leading a different case focused exclusively on environmental control. A monitoring system that analyzes meteorological drought nationwide, providing experts with additional information to predict the phenomena of the coming months.

This is where Pandora FMS is proposed as the key to measure, for example, how widespread water use is in particular months and therefore predict some measures in case a drought is foreseen during the year.

Do you think Pandora FMS could help you too?

We tell you how:

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Why Should You Participate in the Cybersecurity Awareness Month

Reading time: 8min33

For some time now, the cybersecurity aspect has not been restricted to the environment of large organizations. Malicious attackers have been targeting their criminal activities on companies and individuals every day, greatly increasing cyber risks. In this case, the main motivations of these agents are to improperly steal personal and sensitive data, modify settings on devices, and gain unauthorized access through privileged credentials. And with cyber risks increasingly associated with business risks, the consequences of phishing or ransomware attacks can be disastrous for any company.

For these reasons, since 2003, October has been established as the month of cybersecurity awareness in places like Europe and North America. This initiative was conceived through a partnership between governments and the private sector, to increase the level of awareness regarding digital security and empower individuals and organizations to protect their data from the action of digital criminals. And when it comes to cybersecurity, small actions can make a huge difference in ensuring digital sovereignty over data.

According to Verizon’s 2022 Data Breach Investigations Report, 82% of cyberattacks involved the human aspect. This is because it is useless for organizations to increase their cybersecurity budgets and invest in state-of-the-art cybersecurity solutions without addressing the weakest link in the chain: people. Yes, cybersecurity may seem like a complex issue, but at the end of the day, it is all about people.

Precisely for this reason, the Cybersecurity and Infrastructure Security Agency (CISA) in the United States has elected the theme “See Yourself in Cyber” for the cybersecurity awareness month campaign in 2022. This year, the American campaign focuses on four user behaviors that can make a big difference between being a victim of a cyberattack and not.

They are as follows:

Enable Multi-Factor Authentication (MFA)

MFA adds a layer of security to the user authentication process, and is one of the simplest methods of increasing the level of cybersecurity. For this, the user is required to combine two or more forms of identity verification. This can be through something the user knows (a password), something associated with who they are (such as biometrics), or something they have (such as an access token);

Use Strong Passwords and a Password Manager

Using a strong password makes it very difficult for malicious agents to guess the password or carry out brute-force attacks. However, it is worth remembering that, if the user uses the same strong password in several services, they may still be the victim of an attack called credential stuffing. In this type of attack, an attacker uses a leaked password from one service to perform an attack attempt on another service the user has access to. Therefore, to further increase the level of security, it is recommended that users use password generation and management solutions, including Privileged Access Management (PAM) tools.

Upgrade Software

Malicious agents try to exploit vulnerabilities in device operating systems such as computers, tablets, and smartphones every day. This is not surprising, considering that these devices store a huge amount of information from people and organizations, such as their online habits as well as personal and financial data. Thus, enabling automatic updating mechanisms to keep your devices’ software up-to-date is an effective way to protect yourself against financial, data, and credential theft.

Recognize and Report Phishing.

Who does not know someone who has been the victim of a phishing attack? In this type of cyberattack, attackers use emails, social media posts, or messages to trick the user into clicking a link or downloading a malicious file. When this occurs, the user may allow the attacker to steal the data stored on the devices or even encrypt data, preventing access by the victim until a ransom amount is paid. In this case, it is important not to click on any link (including an unsubscribe button) or open attachments until the veracity of the message can be verified. If a phishing attempt is detected, the user must delete the message immediately and report the attempt to the respective provider.

In Europe, the European Union Agency for Cybersecurity (ENISA) is organizing the tenth edition of the cybersecurity awareness month together with the European Commission and member states. In 2022, the themes of the campaign in the European Union are phishing and ransomware, subjects in common with the American campaign.

Moreover, through the campaign’s official website (https://cybersecuritymonth.eu/), one can have access to a series of materials and resources that address the topic of cybersecurity. These resources include blog articles and rich content, as well as tests to verify user knowledge of cybersecurity, and a help session with frequently asked questions about the subject.

Here at senhasegura, it is no different: throughout October, we will offer exclusive content on the subject of cyber awareness. This content includes tips on how to create an efficient cybersecurity awareness campaign, as well as topics that should be present in these campaigns. In addition, we have content presenting what solutions should be implemented in companies to increase the level of cybersecurity and a webinar describing what Information Security leaders should do if they are victims of a cyberattack.

Download the guide

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Ensuring secure remote access at Hospital del Mar

The Hospital del Mar is a hospital in Barcelona (Spain) with more than 4,000 employees that is part of the group Parc de Salut Mar. This organisation is located on the Barcelona coast and brings together one of the city’s most dynamic health education, knowledge and research centers.

At the end of 2019, they started looking for a secure solution to replace their current remote access setup, and they found Awingu!

Hospital Del Mar Birds View
The Hospital del Mar is one of Barcelona’s largest healthcare institutions.

Punctual remote access and the impact of the pandemic

In 2019, Hospital del Mar used several solutions to be able to give remote access to virtual applications and desktops to a specific group of employees in an exceptional way. They needed a tool that would make this external access more secure, since the current solution did not respond to all of their needs.

After doing market research, they concluded that Awingu was the solution that suited their needs the best, due to its simplicity and affordable price. Thanks to Awingu, the hospital was able to ensure remote access to a group of 50 users in a very simple way and without high costs.

With the arrival of the pandemic in March 2020, the need for remote access grew exponentially and the volume of users increased to 400. Hospital del Mar managed to do it in approximately one week, since the implementation and ‘roll-out’ were very simple.

With Awingu, Hospital del Mar could fulfill its main objective: to have a portal where professionals could connect and have access to all the necessary information and resources in an easy and secure way.

Simple solution for both users and administrators

Prior to the implementation of the Awingu solution, the Hospital’s professionals did not often work remotely, but rather on a very occasional basis. However, due to the pandemic, everything changed and for the hospital it was essential to adapt to this new reality allowing this safe and easy access.

The SSII department highly appreciates several of the many security capabilities that our product offers. One of the features that they are using the most today is two-factor authentication (MFA). Regarding this, Albert Márquez Colomé (SSII and Communications Director at Hospital del Mar) commented that: “We trust Awingu; It is a solution that gives us security.”

Not only the IT team is happy with the tool, but also the users. As Albert explains to us:

“Users adopted Awingu in a completely transparent way. The product is easy to use, secure and it meets our needs (access to applications and desktop). It just works.”
Albert Márquez Colomé
Albert Márquez Colomé
SSII and Communications Director, Hospital del Mar

Another most notable advantage for Hospital del Mar was the fact that they could use the smart card reader (‘Smartcards’) and be able to digitally sign documents while working in the workspace of Awingu. This option was added in one of the recent versions that came out of the product and was necessary for the hospital, so they are very happy that the product continues to evolve and that they listen to their customers.

Furthermore, working with Awingu gives your employees flexibility: they can easily access applications or desktops from any device, even using their personal one (‘BYOD’).

These personal devices are not managed by the hospital, but the IT team is reassured that the connections are taking place securely through Awingu.

This is another notable advantage for the IT team of Hospital del Mar, given that they did not have the resources to provide new devices to all staff and did not want to install VPNs on personal devices either:

“For example, if someone has a virus on their own laptop, we don’t want it to spread to the hospital network, so we avoid using VPNs. Using Awingu, we respond to the need for connectivity and avoid security problems”
Albert Márquez Colomé
Albert Márquez Colomé
SSII and Communications Director, Hospital del Mar


Use of Awingu in the future

Since Awingu is allowing the access to legacy applications, the IT team is working on implementing remote access to these through our software.

In general, Hospital del Mar likes the ease of installation and use of the product. In addition, the team thinks that the solution is very profitable: “it does what it should do for an adequate cost and we really believe in the product”, they explain.



LEARN MORE ABOUT AWINGU
FOR HEALTHCARE

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Parallels 
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

5 Best Practices for Operational Technology (OT) Security

 

Why Do You Need Operational Network Security?

Modern operational technology (OT) networks are evolving due to developments such as the rise Industrial Internet of Things (IIoT), Industry 4.0, smart grid and more. In order to remain  competitive in their industries, organizations are adopting these beneficial technologies to optimize their operations and significantly cut operational costs.

These new technologies increase the connectivity and the complexity of operational environments, and as a result, their exposure to potential OT cyber attacks or damage caused by human error increases significantly. In the past, operators trusted network segmentation, isolation, or air-gapping as an effective security measure. But due to the increasing connectivity between the OT, IT and other networks, this is no longer true. Therefore adhering to OT security best practices, and deploying the most advanced OT security tools is critical for the protection, visibility, and control of OT environments.

Continue reading

Finding FortiOS, FortiProxy, and FortiSwitchManager assets on your network

News surfaced late last week of a critical authentication bypass vulnerability present in the web administration interface of some Fortinet products. Successful exploitation of this vulnerability (tracked as CVE-2022-40684) via crafted HTTP and HTTPS requests can provide remote attackers with admin-level command execution on vulnerable FortiOS devices including FortiGate firewalls, FortiProxy web proxies, and FortiSwitchManager assets.

What is the impact?

With a CVSS critical score of 9.6, attackers running admin-level commands on compromised assets may have the ability to persist presence, explore connected internal networks, and exfiltrate data. Fortinet is aware of at least one exploit of this vulnerability in the wild, and Bleeping Computer offered a Shodan search showing more than 140k publicly accessible FortiGate devices which may be running vulnerable FortiOS. Additionally, security researchers with Horizon3.ai are planning on publishing an exploit PoC this week. For admins wanting to check if a FortiOS/FortiProxy/FortiSwitchManager asset has been exploited, Fortinet does provide an indicator of compromise (see the “Exploitation Status” section).

Are updates available?

Fortinet has called out the vulnerable FortiOS, FortiProxy, and FortiSwitchManager versions in their advisory and has made updates available for affected products. Admins should ensure that affected models are updated to the latest version as soon as possible. If updates cannot be completed in the near term, Fortinet does provide some mitigation steps (see the “Workaround” section) that can be taken to secure vulnerable assets.

How do I find potentially vulnerable FortiOS, FortiProxy, and FortiSwitchManager assets with runZero?

From the Asset Inventory, use the following pre-built query to locate FortiOS, FortiProxy, and FortiSwitchManager assets that may need remediation:

os:FortiOS or product:FortiProxy or product:FortiSwitchManager

As always, any prebuilt queries are available from our Queries Library. Check out the library for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×