5 Fantastic Features Introduced in 2018

It’s been another great year for Opmantek Software with our products again proving to be a favourite with MSPs and large scale organisations.  We have loved working with the community this year and delivering a variety of awesome new features and improvements that continue our tradition of delivering software that is easier to implement, more scalable, more flexible, able to operate in more diverse environments, saves time and provides faster ROI than our competitors.  Here are a few of our awesome product team’s accomplishments in 2018.

Real time delivery of the information you want to see.

Open-AudIT continued to go from strength to strength in 2018, with new enterprise features making the automation of network auditing and compliance even simpler and the presentation of key information more streamlined.

Custom dashboards were added in version 2.2 allowing users to present interactive real-time charts and graphs of the information that they care most about. For auditing teams, the dashboards may be focused on devices not seen.  For security teams, it may be file changes that are the focus.

Open-AudIT also reached for the cloud, with new AWS auditing features.

We do the work for you with automated event remediations.

opEvents became even more powerful with a new in-app editor for Event Actions and policies that validates your commands as you go and shows the console output for event action validation. If you do make an error the editor will generate a new backup of your last revision so that you can start again!

Pre-configured event actions also make sure that common remediations can be sequenced and activated in just minutes.

Smart Interpretation of Configuration data.

opConfig has always been a powerful tool with its ability to visually monitor and compare configuration differences between devices or against standards to ensure compliance policies are being maintained.  This year we made it even smarter by allowing users to create custom plugins for the postprocessing of data.  There are several pre-configured plugins that can be used to collect or transform configuration data and present them in an easy to digest information pane on your opConfig dashboard.

Intuitive set up and configuration wizards.

This year we brought user experience into focus, looking at how we can make the Opmantek product suite easier to implement.  The latest VM that was released at the end of last year has a new, more informative product activation dashboard and setup wizards that make sure that you are monitoring key devices within minutes of installing and activating NMIS and other modules.

Download the VM

Uncategorized

Surviving Dangerous (event) Storms

With the recent onslaught of weather events to hit North America, I would be remiss to not bring up events that we have the ability to control. Network events can storm a control center and often lead to support teams being inundated with support tickets. Every engineer has felt this way at some point where control has slipped and you are just reacting to anything that comes your way.

These times should reinforce the need to turn your operational environment from a reactive atmosphere to a more controlled, proactive environment. One of the easiest ways to start this process is by implementing opEvents and leveraging the built-in event deduplication, correlation and synthetic event features.

A clearer example of how these features would operate in an environment can be theorised based on the weather mentioned above. For example, you may have to monitor two data centers located in the United States, one in Chicago and one in Miami. You are quite lucky because you are based in Australia where it is summer and very warm in comparison.

During the night, there have been major issues in the Chicago data center and there are a number of devices that have been experiencing issues. With this in mind, it would be desirable to have a single alert that notifies us that the Chicago site is experiencing a problem, versus many (10 ~ 500+) alerts from individual nodes.  This would cut down on the noise and it would also automate a component of the troubleshooting process, enabling your team to focus in on a common symptom in order to remedy the problem.

All the tools to set up this process are standard features that ship with opEvents. The process takes into account three key features that will increase the intelligence and automation surrounding your event management; Event deduplication, event correlation and synthetic event generation.

Event Deduplication

The principle behind event deduplication is that if there are two events that have occurred, in a given window, that are considered identical, you should only be notified once. opEvents handles this out of the box and it is really valuable when similar events are re-occurring, such as node flapping. This type of deduplication is essential for dealing with event storms; it is therefore always active and non-adjustable.

Event Correlation

Similar to how event deduplication will reduce the number of your events, the in-built event correlation rules will also help reduce mass event notifications. The correlation engine can group events together based on a number of different factors, such as event type, location, name or customer. When a combination of events occurs a synthetic event will be generated.

Synthetic Event Generation

A synthetic event is an event that has been intelligently created by the system that is a combination of multiple other events. Once synthetic events are created in your system you will now log into a system that will provide you with knowledge and not just data.

Imagine after your morning coffee, logging into your event management software and seeing one event, ‘Chicago Site Issues’ or similar compared to logging in and seeing hundreds of notifications and flashing lights. Not only is this a lot easier on the stress levels, but you will also be able to solve the issue at hand quicker due to the focused wisdom that has been generated.

Next Steps:

Uncategorized

Five ways to ensure your cyber security incident response plan stays relevant

Cybercrime is on the rise – attacks are becoming more frequent, methods more sophisticated, and impacts more severe. And while tools and technologies go a long way in protecting your business data and IT infrastructure, effective planning is also vital to risk mitigation and management.

A cyber security incident response plan can help you protect and restore business operations when and if an attack occurs. With new threats continuing to emerge, it is not only critical for your business to have a cyber security incident response plan, but for it to be regularly reviewed and updated. An outdated plan is rarely useful to anyone.

Here are five tips for staying on top of your cyber security incident response plan:

1.   Update your list of critical systems and information
A catalogue of your organisation’s most vital digital assets is an important tool for prioritising incident response efforts. Over time, your systems will inevitably change so make sure this is echoed in your plan.

2.   Update threat-specific responses
Your incident response plan needs to change to reflect the current cyber threat landscape. Remember, last year’s biggest threat may not be this year’s.

3.   Keep your contact list current
You want to be able to get in touch with the right people in a timely fashion when responding to an incident, and keeping your contacts list up-to-date is the first step for doing this.

4.   Document your discoveries
Simulated cyber attacks are an effective, proactive and risk-free way of identifying any deficiencies in your network. But you need to capture and document the results and key learnings along the way.

5.   Communicate updates to your plan
Any significant changes to your cyber security incident response plan should be shared with relevant team members.

Conclusion

While a robust cyber incident response plan can help reduce your exposure to cyber risks and mitigate the damage from cyber attacks, its efficacy is contingent upon up-to-date information. Ongoing tweaks and refinements will go a long way in helping to bolster your cyber posture.

FirstWave protects businesses and government organisations of all sizes from risk by providing rapid and affordable access to the most advanced, comprehensive and adaptive cloud-based cyber security solutions available. Get in touch with us today to learn more about how we can help your organisation get on the front foot against cyber threats.

Uncategorized

Opmantek Predicts Top Network Management Trends for 2019!

Network management will become an even more prevalent connector as more businesses shift to the cloud and move out of internal infrastructure to new monitoring requirements of emerging smart cities. This research will better predict an answer; where we are going? Why we are going there? What potential surprises are in store?

The following migrations and trends will keep IT on its toes of what to expect in network management through the year ahead.

1. Proactive rather than reactive event management as machine learning and predictive analytics make impending issues easier to predict.

It’s been a long time coming, but with big data now being embraced by organisations, the ability to analyse trends and predict issues with network infrastructure is now simpler and easier than ever before. Anomaly detection is also enhanced with systems that can ‘learn’ what is normal for a particular piece of hardware and alert engineers or any variances from the norm.

2. Linux will rule enterprise networks.

With Linux playing key roles in the Internet of Things (IoT), cloud technology, supercomputing and artificial intelligence (AI) the open source operating system will continue to dominate enterprise networks as we move into 2019. According to the Cloud Industry Forum (CIF), for the first time, businesses are spending more on the cloud than on internal infrastructure; Gartner confirms, 80 per cent of internally developed software is now either cloud-enabled or cloud-native. It is largely Linux that’s making the transition so advantageous. Set to be more significant than ever in 2019, even Microsoft’s Azure, the most popular operating system is Linux.

Reference: Henry Stocker, Sandra. (2018). What to expect from Linux in 2019 [Web log post]. Retrieved from here.

3. Smart cities and buildings bring a new era of monitoring requirements.

Electrical Contractors delivering Building Management Systems must deliver reliability and proven uptime. The Building Management Systems are the brain of modern buildings and they must have a working nervous system, the network. Contractors are continually beginning held responsible for the availability of their devices and ability to provide solutions, proving they are meeting SLAs. Opmantek’s NMIS Enterprise is winning contractor and large-scale development bids, as it ensures all your maintenance reports and SLAs are maintained. Opmantek recently worked with a national building services chain on a smart building monitoring system and we anticipate there being heightened growing demands for this in the future.

Continue reading here.

4. The rise of Network Automation.

Its sink or swim, companies will spend substantial resources in order to automate their network. Fact – manual scripting and pointed solutions will not be able to scale to match the massive increase in network demands. Innovative and smart network automation solutions will be on the rise; devices management, automation of services, enforce compliance across on-prem and hybrid deployments. Next-Gen automation will be equipped with AI and Machine Learning to combat network complexity and security challenges. In 2019 especially, automation will evolve from the traditional detect and respond to more intelligent predict and prevent strategies.

Reference: Vyakaranam, Nikhil. (2019). 5 Powerful Trends That Will Redefine Networking in 2019 [Web log post]. Retrieved from here.

5. Companies will invest significant resources in finding ways to reduce network complexity.

Cisco estimates that by the year 2021 there will be around 27 billion connected devices and 43% of all the devices will be network connected. The already complex IT network is set to become even more complicated. Hybrid and Multi-cloud infrastructures, continuous creation of innovative applications, and heavy demand for bandwidth consuming services such as streaming videos, gaming, and social media applications are all leading to unprecedented levels of interconnections – further complicating the network.

6. MSP exodus from SaaS monitoring.

In recent times, there has been a shift in the market to Software as a Service (SaaS) purchasing and many vendors now offer cloud-based solutions, a ‘simple’ network monitoring play for MSP’s. In 2019 we predict that customers will begin to feel the restrictions with SaaS platforms being less capable of supporting all network devices.

Along with pricing linked to log processing volumes and retention of historical data inhibiting, the ability to deep dive and analyse long term trends will become less desirable. With the continued popularity of enterprise cloud environments, we expect more organisations to be seeking a self-hosted cloud monitoring system moving forward.

Continue reading here.

If there’s one thing we know for sure, it’s that network management transformations will continue to reshape how we conduct business and interact with technology, in 2019 and in the years ahead.

Uncategorized

Tips to keep ransomware attackers at bay

As a business owner or manager, you need to address a range of cybersecurity threats. Ransomware is one of the most widespread and insidious.

Ransomware is malicious software (malware) that encrypts files or locks computers. People or groups behind ransomware attacks demand payment – often in digital currency – to restore access.

Ransomware can infect a business or government organisation in many ways. For example, a worker may inadvertently open a malicious attachment or click on a link in a phishing email to a malware-laden website. Once ransomware infects a computer or network, it may seek to spread to vulnerable shared systems.

According to the 2018 Internet Organized Crime Threat Assessment from Europol – the European Union’s law enforcement agency – ransomware remains the key threat in law enforcement and industry reporting.

In 2017, ransomware attacks called WannaCry and NotPetya – that exploited vulnerabilities in older or unpatched versions of Microsoft Windows – caused billions of dollars’ worth of damage to businesses and organisations worldwide. Industry experts expect similar attacks to occur in future.

So how can your business protect itself against ransomware attacks?  The following steps may help minimise the risk of infection.

  • Promptly apply patches and updates to all software on devices connected to the network. Automate this process where possible.
  • Undertake regular backups and keep them off the network. This protects the copied material from infection if a ransomware incident does occur.
  • Install anti-virus software and keep it updated.
  • Use application whitelisting or other measures to limit the execution of unauthorised software.
  • Undertake education programs to make workers aware of the risks of opening an attachment or clicking on a link in a suspicious email, or visiting unknown websites. These programs should make workers aware of techniques attackers use to trick them into facilitating a ransomware infection. For example, attackers frequently create and send emails that purport to be legitimate communications from government service providers or prominent businesses, but actually include attachments or links to websites loaded with ransomware.
  • Develop a plan to minimise damage to the business or organisation if a ransomware incident does occur.

You should note that Australian Government cyber-security bodies typically recommend against paying ransomware owners. There is no guarantee owners will restore access to the compromised files and they or other attackers may identify your business or organisation as a target for future attempts.

If you would like to learn more, please contact us at info@firstwave.com.au.

Uncategorized

Using Postman to Query The Open-AudIT API

I often utilise Postman to query the Open-AudIT API when developing. Just using a browser, it’s difficult to send anything other than a GET request – but Postman makes it simple to send a POST, PATCH or DELETE as required. You can get it from https://www.getpostman.com/downloads/ for Windows, Mac and Linux.

Install and start Postman. You can elect to create an account or not. You can also elect to create a new item using the wizard, or just close the modal and jump in. Let’s do that!

For the below, my Open-AudIT server is running on 192.168.84.4. You should substitute the IP address of your Open-AudIT server.

First, you need to make a post to /login to get a cookie. Set the dropdown to POST and the URL to http://192.168.84.4/omk/open-audit/login. Set the header Accept to application/json. Set the Body to form-data and provide the username and password keys, with values as appropriate for your installation. By default, it will look as below.  Now click the Send button.

Postman Open-AudIT API 1 - 650
Postman Open-AudIT API 2 - 650

You should see the JSON result saying you have been authenticated.

Once that’s done, it’s time to request some data. Make a GET request to http://192.168.84.4/omk/open-audit/devices and you should get a JSON response containing a list of devices. You can see the start of the JSON in the screenshot below.

Postman Open-AudIT API 3 - 650

What about changing the attribute of an item? Not too difficult. You’ll need the ID of the device you want to change, along with the attribute name from the database. You can see these in the application by going to menu → Admin → Database → List Tables and clicking on the “system” table. Let’s change the description for our device with ID 14.

You’ll need to create a JSON object and assign it to the “data” item to do this. It’s not too difficult. Your JSON object should look like below (formatted and indented for easy reading).
{
"data": {
"id": "14",
"type": "devices",
"attributes": {
"description": "My New Description"
}
}
}

It looks worse than it is. Normally you would use code to do this, so it’s a simple two line conversion. Because we’re using Postman, we’ll have to do it ourselves. A useful site is https://jsonlint.com/

So now you have your payload, let’s send it to Open-AudIT. Make a new PATCH request and use the URL http://192.168.84.4/omk/open-audit/devices/14.
Supply the data attribute in the body → x-www-form-urlencoded section and hit Send. You should see the request as below.

Postman Open-AudIT API 4 - 650

Deleting an item is even easier. Let’s delete an Org. In this case, our Org with ID 2. Make a new DELETE request to http://192.168.84.4/omk/open-audit/orgs/2. That’s it – easy!/span>

And if we want to read a specific entry, it’s just a GET request. Let’s get our default Org – ID 1. Just make a GET to http://192.168.84.4/omk/open-audit/orgs/1.

What about running a query? What’s the HTTP verb used to EXECUTE something? There is none. But we’ll make do by supplying /execute after the ID. So to execute a query, make a GET request to http://192.168.84.4/omk/open-audit/queries/1/execute. To execute a discovery, task or baseline, use the same format – ID/execute.

Remember we always receive the result in JSON as that is in our request header. We could receive it as HTML is we want – just remove that header item. Maybe more useful is a CSV output. Remove the Accept header and change the URL for a GET to http://192.168.84.4/omk/open-audit/queries/1/execute?format=csv. Done – CSV output you can copy and paste into Excel.

It really is that simple. The only one to watch is the PATCH request because you have to create your own JSON. Just about everything else is quite discoverable. Make sure you check the pages for Collections which detail the request formats. And don’t forget the Open-AudIT API page as well.

Onwards and upwards.
Mark Unwin.

Uncategorized