Thousands of organisations worldwide rely on Opmantek Software to ensure that their IT environments are performing at their peak at all times including some of the biggest managed service and telecommunications providers in the world.

As the current Australian ICT Exporter of the year we are often asked how a relatively small organization is able to support such an enormous client base with so many blue-chip organisations – how do we compete against the industry heavyweights with big budgets and huge sales teams?

We draw on our open source culture to do more with less.  At Opmantek we live by the mantra Automate, Control, Lead.  This is our internal driver and the outcomes that we are committed to delivering to our customers too.

Automate.

Automation has always been critical to Opmantek.  Not only do we believe that any task that needs to be done more than once should be automated, but because of our history of releasing open source products, we know how important it is to have intuitive software that users can install, configure and update remotely without the assistance of a support team.

Control.

We give it to you.  We don’t believe in locking your data away, it should be yours to extract, transform, analyse and interpret in whatever way you like.  We also make it easy for you to introduce new data sources into our platform.  You can correlate, compare and digest information from other applications and data sources through our API’s, meaning that you can continue to use your existing cloud Application Log monitoring solution for example AND THEN feed the information into Opmantek Software in order to better deep dive, analyse and manage events.

Lead.

We listen to our customers and develop rapidly, making sure that we are always leading the way when it comes to addressing the latest customer needs.  With a focus on personal service from our highly communicative technical support team, you get insights into the product lifecycle, can provide direct feedback to the development team and can, therefore, shape the software so that your organization can lead the pack over those using cookie cutter solutions.

Want to find out more about how Opmantek can help your organization do more while spending less?

Download the VM today and get started!

It happens to everyone in some form, an unknown number calling, an email from a Government agency or the day circled in red for an IT audit. The feeling of dread is associated with these instances, with the rights tools, this can be mitigated.

Regarding an IT audit, this would induce the dread feeling if you have no visibility or control over your IT assets.

This can be countered using open-source tools that require less than 10 minutes to install.

Once you have everything configured you will get reliable audit information that encompasses your IT environment.

Taking this one step, investing time and focus only, will shift how you view your audit calendar. You will start to develop a positive working relationship with your auditors and start improving the visibility into your network. Combine this with NMIS and you can gain insights into your network performance and have event management.

For more information about Opmantek’s open-source solutions, there is a terrific webinar coming up, registration is available here.

If you have missed the registration, there is an on-demand version available to watch here.

If you would like to trial all our products, we have a Virtual Machine that is extremely easy to set up, which includes both Open-AudIT and NMIS, this is available for download here.

Organisations continue to be at risk from cybersecurity incidents – with each incident potentially costing millions of dollars.

This risk – and cost – is only likely to increase as the social engineering and technical elements of cyber-attacks become more sophisticated. To help organisations respond effectively to these threats, the Australian Cyber Security Centre and the Australian Signals Directorate have developed the “Essential 8” baseline mitigation strategies. According to the ACSC, these strategies can be customised according to each organisation’s risk profile and the cyber threats they are most concerned about.

The “Essential 8” incorporates four mitigation strategies to prevent the delivery and execution of malware. We’ve summarised these here:

• Application whitelisting: By “whitelisting” approved applications, organisations can stop unapproved or malicious programs from executing.
• Patch applications: Patching computers with “extreme risk” application vulnerabilities within 48 hours – and using the latest version of applications – can reduce the risk of malicious code executing.
• Configure Microsoft Office macro settings to block macros from the internet – and apply strict rules to approved macros – to reduce the risk of delivery and execution of malicious code.
• Apply user application hardening: Blocking certain applications and disabling unneeded features in others can remove popular methods of delivering and executing malicious code.

The “Essential 8” also features three strategies to limit the extent of cyber security incidents. These are summarised below:

• Only giving users operating system and application administrator rights if their role warrants it – avoiding giving away the “keys to the kingdom”, thus increasing risk to systems and information.
• Patch computers with “extreme risk” operating system vulnerabilities within 48 hours and use the latest version of these systems, to avoid being compromised.
• Apply multi-factor authentication for remote access, and for all users when they perform a privileged action or access an important data repository – providing a bigger obstacle for adversaries that want to infiltrate systems or information.

Finally, the “Essential 8” incorporates – as a mitigation strategy to recover data and system availability – backing up important new or changed data, software and configuration settings daily and keeping the backups for three months. This will help an organisation recover from a cyber security incident.

Your organisation should strongly consider applying the “Essential 8” as the foundation of a mature, robust cybersecurity strategy. If you would like to learn more, please contact us at info@firstwave.com.au.

A common pain point that some organizations have expressed to us is the inability to prepare for or counter software license audits. There are two major concerns for any organization that are experiencing these occurrences, there is a lack of information regarding the network and there is not enough information to challenge a software vendor when given a bill.

Knowing what software is installed on your devices is more than a good practice for managing your network, but good practice for managing your budget. There are a lot of vendors who take an aggressive stance on license audits, an example of a bill for one extra license for a contract length of 6 years is below;

To be over licensed by one unit and get a bill that high should act as a clear deterrent and should provide motivation for organizations to ensure they are maintaining their license levels.

The best way to stay ahead of these surprises is to have extensive information about your network and be able to monitor the software licenses that you have entitled to your organizations. Open-AudIT can do this with very little information and at a very manageable cost, especially compared to the figures mentioned above. Once devices are discovered using Open-AudIT they can then be audited if licensing levels are configured then reports can be generated daily/weekly/monthly on software levels giving you genuine insight into your levels; this will mitigate the surprises that can occur if there have been three years between license audits.

Above is a demonstration of what the result can look like and of course, this process can be scheduled and a monthly report is generated. The process to configure this and get ahead of license audits is outlined in this wiki article. If you would like more information how to configure these features, you would like to see a demo of this in action or want a discussion on how to optimize your network, contact us and we will be happy to help.

Several countries and jurisdictions are increasing the protection afforded to personal information. The European Union’s General Data Protection Regulation (GDPR) is one of the most comprehensive measures worldwide to rebalance the data relationship between individuals and businesses.

The consequences for Australian businesses – of any size – that have an establishment in the European Union, offer goods and services in the European Union or monitor the behaviour of individuals in the European Union are potentially profound.

Under the GDPR data protection requirements – which came into effect on 25 May this year – businesses must meet obligations covering accountability and governance; consent; mandatory data breach notification; expanded rights for individuals; privacy notices; expanded rights for individuals; data control and processing; and overseas transfers of personal data.

For example, as a brief from the Office of the Australian Information Commissioner points out,  ‘data controllers’ – typically businesses or organisations that decide why and how data should be processed – must advise supervisory authorities within 72 hours of becoming aware of a breach (unless the breach is unlikely to result in a high risk to individuals’ rights and freedoms).

If a data breach is likely to result in a high risk to the rights and freedoms of ‘natural persons’, the data controller needs to notify the individual without undue delay – unless exceptions to this notification requirement apply.

Affected businesses also need to be aware the GDPR gives individuals the right to require data controllers to delete their data in some circumstances – including when the information is no longer necessary for the purpose it was collected, or where the individual withdraws their consent and there is no other legal ground for processing their data.

The penalties for non-compliance are severe – many contraventions can attract fines of up to €20 million or 4% of annual worldwide turnover. For organisations that do business in the European Union and have not fully accounted for GDPR, the message is clear: review data management and control practices against GDPR requirements and, where required, take remedial action as quickly as possible. Talk to Neil or the FirstWave team today on +61 2 9409 7000 to discuss your GDPR requirements.