Blog post by Mark Unwin, Feb 2023

Recently we have been asked the question – why do you consider Open-AudIT more secure than other similar programs? As with most things, the answer is “it depends”.

Open-AudIT can be operated in such a way as to be extremely secure. But as usual with computer-based security, the more secure you wish to make something, the more inconvenient it becomes to use. The old phrase “the most secure computer is one that is turned off and in the cupboard” comes to mind.

Below we will outline some options that can be used with Open-AudIT that will increase security. Like most items within Open-AudIT, these are options and not mandatory. How far you take security is up to you.

On-Premise, Not Cloud

Open-AudIT can be run on your server in your data center. It does not need access to the internet at all. Even the installation on Linux where we use the distribution package manager for our prerequisites can be negated by you using an in-house and security team-approved package repository.

Open-AudIT does not store any of your data in the cloud. Even licensing information can be provided without having to access the internet from the Open-AudIT server.

Sure, it is easier to allow it to access the internet to download packages (including security fixes) for your distribution, but that’s up to you and your security policies. Open-AudIT does not need the internet.

Open Source

Open-AudIT Community source code is available on GitHub. You are encouraged to inspect any code you have concerns about, and because it is open source – you are also encouraged to ask us about any issues you have or report any findings. We are always more than happy to accept code contributions, vulnerability reports, or even simple questions. We’re here to help.

The audit scripts themselves (Windows, Linux, MacOS, et al) are deliberately written in readable native shell script (VBScript for Windows, Bash for *nix). You can see exactly what commands are run. You can remove any commands you feel you don’t need. You can ask a third party to inspect the code for you and (if you want to) report any findings.

Open-AudIT Enterprise uses Open-AudIT Community as its engine. Enterprise instructs Community what to do (in most, but not all cases). So you can read exactly what happens when a discovery is run (for example). In the cases where Enterprise itself does the heavy lifting, if you are concerned with any issues Firstwave is happy to work through them with you – just ask! Try that with another commercial software vendor!

Agent? Discovery? Credentials?

So you have an issue providing Open-AudIT credentials to discover your devices. I have an answer – don’t then! Sure, I mean, discovery is the best thing since sliced bread. You don’t need to know ahead of time “What’s On Your Network”. But how can you extract data from devices without providing credentials?

In the case of computers, an easy option is to copy the appropriate audit script to the target machines and set it to execute on a schedule. More details on the wiki. The machines will send their data to Open-AudIT on that schedule, almost as if you were running discovery. There is no “agent” that asks Open-AudIT what to do (although we do have plans for that – stay tuned). The device simply runs the audit script on a schedule (again, you can read the audit script) as the user you tell it to and sends the output to the server. No credentials are involved at all.

What about other “network devices”? Think switches, routers, printers, etc. Obviously, it is best if you can provide some SNMP credentials for these devices. They only need “read-only” access. But if you don’t want to do even that, there’s nothing stopping you from running discovery, finding the devices, and making a rule or two to identify them. You won’t have much information, but you’ll know they’re on the network, what they are, and when the last time they were seen was. You will also see if anything new appears on the network.

And if something goes wrong?

The audit scripts all accept a debugging argument. You can run the script utilizing that and see in more detail what the issue is. And if you can’t figure it out – that’s what we’re here for! Open a support case and we’ll get things running in no time.

Open Data

And lastly, not so much a security issue – more peace of mind. The data structures are open and documented. You can even view them inside the application. Your data is your data. You can extract it any time you like. We even helpfully provide exports to CSV, JSON and XML. And we have a JSON API. And you can write custom reports and have those output in CSV, XML, and JSON! Again, it is your data – not anyone else’s. You can be confident that the security of your data is in your hands.

Wrap Up

I hope this post has alleviated any concerns you have about Open-AudIT and Security. If you have any questions at all, please don’t hesitate to reach out to us here at FirstWave. We’re always happy to discuss your concerns and needs. And maybe if your question isn’t something I’ve addressed here, I can add it here for future users 

The devastating string of recent data breaches highlights the need for organizations to step up their efforts to minimize human errors that give malicious cyberattackers a foot in the digital door.

The number of cyberattacks against Australian organizations continues to climb, with the Australian Cyber Security Centre receiving more than 67,500 cybercrime reports in the 2020-21 financial year, a jump of nearly 13 per cent from the previous financial year. The increasing frequency of cybercriminal activity is compounded by the greater complexity and sophistication of their operations. The accessibility of cybercrime services – such as ransomware-as-a-service – increasingly opens the market to a growing number of malicious actors without significant technical expertise or sizeable financial investment.

At the same time, the average cost of a cyber data breach in Australia continues to rise – totaling $US4.24 million, or $US180 per lost or stolen record, according to IBM’s 2021Cost of a Data Breach report.

While zero-day vulnerabilities and high-tech exploits are always a threat, many cybersecurity attacks still rely on tried-and-true social engineering tricks that take advantage of people’s trusting nature. A third of all attacks included in IBM’s report were attributed to phishing attacks or stolen/compromised credentials.

While organizations can invest in security awareness training, at the end of the day it only takes a single lapse in concentration from one staff member – opening an infected attachment or clicking on a malicious link – for an entire organization to be compromised.

Prevention is the best cure and ensuring that such malicious emails never reach the inbox of their intended targets is the best approach. Multiple layers of protection must work in unison, rather than putting absolute faith in one particular technology, tool or policy.

As part of this multi-layered defense, organizations also need to take advantage of highly automated intelligent software designed to automate security more efficiently and effectively than people or standalone tools can do alone. Automation can handle repetitive tasks, improve efficiency and reduce risks introduced through human error.

One of the biggest mistakes organizations make is underestimating the impact that the average user can have on their security, says Danny Maher, CEO and managing director of cybersecurity-as-a-service provider FirstWave.

It is easy to make the mistake of focusing security spend and efforts on the IT department, Maher says, without stopping to consider that every single person in the organization presents a potential attack vector.

‘‘It could be your IT manager, it could be your receptionist, but the impact to the business is severe no matter who clicks on the wrong link, so they all deserve your attention,’’ he says.

‘‘With FirstWave’s platform, establishing carrier-grade protection takes only a few minutes and is very low cost, making world-class security accessible for every organization.’’

Danny Maher

‘‘The majority of attacks are coming via malicious emails. You may have thousands of employees, and try your best to educate them with cyber awareness training, but it only takes one person to make a mistake and you’re in a world of hurt – the best defense is to block the email before it even reaches them.’’

In January 2022, FirstWave acquired Opmantek, a leading provider of enterprise-grade network management, automation and IT audit software, to add to its portfolio of service provider-grade email and web security products. FirstWave’s software is used by Microsoft and a host of Australian corporations, government departments and telecommunications providers. Organizations of all sizes and technical capability require access to security, ensuring spending is proportionate to the risk and is delivering appropriate protection against threats, Maher says.

‘‘It’s well established that the majority of attacks are coming via email and that is why we launched service provider-grade email security in a cloud-based offering,’’ Maher says.

‘‘It is accessible to everyone with nothing to install; you simply need one person in your organization to sign up and pay a trivial amount of money per user per month. It’s about providing easy access to a high level of protection for every organization at the click of a button.’’

The challenges of ongoing geopolitical uncertainty mean that every Australian organization is under threat and must take action on their security.

‘‘Whether we want to admit it or not, Australia is caught up in a cyberwar where every organization is a target,’’ Maher says.

‘‘Generally speaking, the perpetrators are not launching a frontal attack against your firewall, they’re attacking via email. With FirstWave’s platform, establishing carrier-grade protection takes only a few minutes and is very low cost, making world-class security accessible for every organization.’’

Originally published by Australian Financial Review (AFR) on 31 October 2022.

Providing visibility & answering Executive questions

Enterprise Services Monitoring is a major enhancement to FirstWave’s industry-leading network management platform (NMIS) that is designed to provide monitoring and alerting systems that put the focus on business performance rather than technology.

The Enterprise Services Monitoring extension to NMIS’ infrastructure visualization platform, opCharts, re-imagines monitoring for IT networks and services and allows administrators and management to monitor and provide alerts based on the genuine business impacts, while drilling down for root cause identification in a single click.

But what does it mean and how does it work?

The Challenge: Where do you start looking when something goes wrong in your organization?

Modern organizations rely on networked applications to succeed. In these complex environments, with multiple connected devices working together to support your applications, how do you maintain visibility of all of these critical services, and the infrastructure they depend on?
Enterprise Services monitors a collection of resources delivering customer and business services, such as:

• Customer-facing website or portals
• Business critical applications or SaaS tools
• Service Provider network solutions to customers

The Solution: Single-click root cause identification of issues.

Enterprise Services improves business outcomes through reducing mean time to resolve (MTTR). It monitors the service end-to-end, not just node or devices health, and saves the pain-staking process often required to bridge the gap from service impact to root cause.

• One-click drill down to identify root cause
• Real-time representation providing context to your complete network
• Real-time monitoring and alerting of service status, not just node or device health
• Top-down view, rather than traditional bottom-up

If you want to see the power of single-click root cause identification and understand how FirstWave can help you reduce MTTR, reach out to our team for a personalized demo today.

Comprehensive cyber protection for SMBs has emerged as the next great revenue driver for IT service providers, with 60% of SMBs looking to outsource cybersecurity to a third party, according to a new report by Frost & Sullivan.

The report, commissioned by ASX-listed global cybersecurity company FirstWave Cloud Technology, showed SMBs were in “urgent” need of comprehensive cyber protection and were increasingly relying on managed service providers to deliver unified, centralised and automated solutions that offer enhanced threat remediation.

“Security, though a priority, often slips through the cracks, making it difficult to intentionally and continuously establish a security-forward organisational stance from their IT service providers,” the report said.

To fill this gap, FirstWave developed the CyberCision™ Open Security Management Platform (OSMP), described by Frost & Sullivan as the first of its kind. Designed to equip service providers with low-cost, high-revenue security services for their SMB customers, the platform enables SMB customers, in turn, to benefit from an enterprise-grade Cybersecurity-as-a-Service solution.

FirstWave CEO Danny Maher said it was no secret that cybersecurity had become one of the most pressing issues for businesses of all sizes, particularly SMBs.

“With high-profile data breaches making headlines on an almost weekly basis, it is clear that traditional security measures are no longer enough to protect organisations from sophisticated cyber attacks,” he said.

“As a result, more and more businesses are turning to outsourcing as a way to improve their cybersecurity posture. Those service providers need to have a solution ready for their customers.”

SMBs’ Unique Cybersecurity Challenges 
The global upheaval of the last two years that disrupted societies, governments, businesses, and the technologies that support them, also forced organisations worldwide to shift to remote working practically overnight. Consequently, organisations have adopted new operational infrastructures as data has multiplied exponentially—all opening up a much wider attack surface.

Moreover, cyberattacks have grown smarter, scaling in both sophistication and speed, to penetrate the weak defences of solutions struggling to protect increasingly digital economies.

A recent Frost & Sullivan survey of SMBs found most were targeted by preventable threats, including ransomware (47%), vulnerabilities from unpatched systems (44%), web defacements (43%), insider threats from employees (31%), and phishing attacks (27%).

The Opportunity For Service Providers
Frost & Sullivan finds that while only 14% of enterprises report outsourcing more than half of their cybersecurity operations, a much higher percentage (60%) of SMBs outsource.

“This presents a natural fit for partnerships between SMBs and their service providers. By adding cybersecurity to their existing services, SMBs can bolster existing connectivity assets with the critical protections they need, all through a single provider,” the report said.

However, for many service providers, while lucrative, delivering cybersecurity solutions to enterprise customers can involve significant cost and complexity. FirstWave’s world-first OSMP, CyberCision™, was explicitly designed to address this problem.

“CyberCision™ enables service providers to provision enterprise-grade security services to enterprise and SMB customers at scale, opening the door to new revenue opportunities with a lower cost-to-serve,” the report said.

“With CyberCision™, service providers can build as-a-service cybersecurity packages of enterprise-grade, including a range of management and operational services such as multi-tenanting, billing, and provisioning that enable them to streamline the sales and delivery process at a minimal cost.”

Essentially, CyberCision™ serves as a platform that service providers can depend on to scale their managed security services business and operations profitably, drastically reducing the time to market for cybersecurity and serving SMB customers, which was not previously possible.

​Download a free copy of the Frost & Sullivan report, Embracing Delivery of Cybersecurity and Scaling Via Service Providers

Cybersecurity threats are on the rise and businesses need to be taking steps to protect themselves. Our CyberCision Mobile App offers Visibility and real-time monitoring of cyber-security threats so that you can rest assured that your business is safe. With our app, you can also access historic reporting, all available to be white-labelled for our Partners.

Released as part of our Phase II CyberCision Launch, the CyberCision Mobile App offers unparalleled visibility into the cyber-security threats facing businesses today. With real-time monitoring and historic reporting, the app provides clients with a comprehensive view of the risks they face. Available to be white-labelled for service providers and telco partners, this powerful app gives visibility and control to those who need it to stay ahead of the cyber-criminals.

For End Users

With the tap of a finger, end users are able to review current and historic incidents within their email security posture in the palm of their hand, including real-time alerting to ensure any urgent matters are addressed instantly. This allows businesses to quickly identify and resolve any potential issues before they become damaging breaches. In addition, the ability to review past incidents helps businesses to learn and adapt, helping to prevent future attacks.

For Service Providers

Eliminating the need to replicate app development work, our platform is fully customisable for our service provider and telco partners. This allows you to put these powerful tools into your customer’s hands, branded as your own. What’s more, this added visibility helps to reinforce the value of the email security offering in place, so you can lead informed conversations with your customers about how to best protect their business from cybersecurity threats.

Cybersecurity has always been a tough sell. It’s an intangible product that’s often seen as a necessary evil – something that businesses have to invest in, but don’t really want to think about. This is especially true when it comes to deployments at scale. Imagine trying to sell cyber security to thousands of Microsoft 365 customers. Not only do you have to convince them of the need for the product, but you also have to ensure that it’s properly deployed across their entire organization. This is no small feat, and it’s one that service providers have been struggling with for years.

That’s where FirstWave comes in. Our CyberCision platform is the world’s first open cyber security platform, made specifically to help service providers and telcos provide cybersecurity solutions to their customers. CyberCision is committed to making email security as seamless and painless as possible for its customers. That’s why we’re excited to offer our new Frictionless Email Security solution. This automated activation method enables service providers and Microsoft customers to deploy email security at scale and at speed, without manual DNS and MX changes. That means you can rest assured that your emails are protected from viruses, phishing attacks, and other cyber threats.

Frictionless Email Security on FirstWave’s CyberCision platform:

• Deploys in minutes
• Provides extra layers of protection
• There is no MX record to change
• It is advanced security out of the box
• Rapidly onboards thousands of customers with APIs
• Service Providers can white label the platform to support their brand
• And includes ADR to mitigate targeted email attacks in the mailbox

Service providers simply log in to the CyberCision platform and follow the prompts to activate the service. It’s that easy! So if you’re looking for an email security solution that won’t cause headaches, look no further than CyberCision. We’ll take care of everything for you.

​Finally, service providers and telcos can onboard email security customers at scale, at speed, and with
minimal effort, opening new channels to market.