The current global pandemic of Covid-19 has brought us a few gifts: global desolation, earaches from the rigid rubber bands of the FFP2 masks, applause for Health at eight in the afternoon on the balconies, fear of infected ones and staff shortage in the data center industry and shortage of IT professionals. In this article we will delve into this last topic.

*We will already devote a double-page report to the saw rubbers of the FFP2

Lack of staff in the data center industry

It is like that how our beloved pandemic has turned the world upside down, at so many levels that even the data center sector has noticed it. Data centers have received an unexpected amount of work due to the reinterpretation of the labor system and telecommuting. In fact, the size of the global data center industry has grown dramatically. This is a direct consequence of higher exposure and need for the Internet, which has come hand in hand with the confinement imposed by governments around the world to fight against infections. That way, it is estimated that the size of the world data center market will reach in the near future (2021-2026), nothing more and nothing less, than 251,000 million dollars.

Source: Uptime Institute Intelligence

And what is the growth of the global data center market leading to? Well, to a proportionally direct and parallel need of professionals in the sector. Estimates from the Uptime Institute, the long-standing champion of digital infrastructure performance, suggest that the number of staff required to manage data centers across the globe will rise from about two million today to nearly 2.3 million in three years.

This turns into countless new technical jobs for the data center industry. Of all types and sizes. With different requirements. From design to operation. And around the world.

You still don’t want to go send resumes?

Why the shortage of IT professionals and other personnel in the data center sector?

Well, just as remote regions are fighting for the repopulation of their villages, this sector is already dealing with the lack of personnel. It is not an easy subject. According to the Uptime Institute, it is very difficult to find suitable candidates for vacant positions at the moment, so if you want to look for a job in your domain, you must be prepared. Although, as it is often the case, in most positions, work experience, internships or work-study training may make up for a certain lack of skill and experience.

With much of the tech industry currently struggling to find qualified staff, data centers are finding it a bit more difficult to locate and hire professionals in high-demand roles. Like power systems technicians and analysts, facilities control specialists, or robotics technologists, or as I call them “Robotechnologists.”

If you’re serious about it and want to be one of the data centers, success in your quest requires a combination of special skills. Yes, exactly, like when you want to be a ninja or a neo noir detective. First, extensive infrastructure knowledge is required. If you have boards with mechanical or electrical equipment, the better. Programming, platform management, specific technological tools… Basic technological knowledge is also very important. In addition, as in the ninja world or in neo-noir crimes, data centers need specialists with practical determination and ample capacity to solve problems, critical thinking, a drive for business objectives, and, not least to know how to behave, both in teamwork and customer service. For all this string of skills and qualities it is making it difficult for them, in the data center industry, to find personnel. But, well, what can we do? There have also been few Fujibayashi Nagato (ninja) and Sam Spade (detective).

As a result, many data centers today are understaffed. They are overloaded, with more job vacancies than people ready to apply for them. And this without taking into account the high demand, outside the data center sector, for professionals with knowledge of computer science and software. The reality is like this, everyone needs a tech expert among their ranks, and sometimes you have to fight for them.

Source: Uptime Institute Intelligence

Debido al cataclismo mundial del Covid-19 y la recesión que ha traído, el estilo de trabajo ha cambiado, trayéndonos de súbito el teletrabajo y las operaciones remotas. Esto ha supuesto que los servicios de los centros de datos incrementen su rendimiento para que las empresas de todo el planeta pudieran operar. Los centros de datos están en un punto crítico. Tienen más trabajo pero menos personal especializado para realizarlo. Además, en estos tiempos, resulta bastante difícil encontrar a una plantilla a la altura. Quizá con la adopción de La Nube y nuevos avances en la tecnología digital se pueda cimentar un sistema,  post-Covid-19, que lleve a las empresas hacia un futuro próspero.

Some conclusions

Due to the global cataclysm of Covid-19 and the recession it has brought, work style has changed, suddenly bringing us telecommuting and remote operations. This has meant that data center services increase their performance so that companies around the world could operate. Data centers are at a critical point. They have more work but less specialized personnel to do it. In addition, these days, it is quite difficult to find a team to match. Perhaps with the adoption of the Cloud and new advances in digital technology, a system, post-Covid-19, can be established that will lead companies towards a prosperous future.

Software developers and manufacturers around the world are under attack by cybercriminals. It is not like we are in a time of the year in which they spread more and they barricade themselves in front of the offices, with their evil laptops seeking to blow everything up, no. They are actually always there, trying to violate information security, and in this article we are going to give you a little advice on the subject.

No one is safe from all threats

Whether it is a middling attack or sophisticated and destructive (as it happened to our competitors Solarwinds and Kaseya) evil never rests. The whole industry faces an increasingly infuriating threat landscape. Almost every day we wake up with some news of an unforeseen cyber attack that brings with it the consequent wave of urgent and necessary updates so that our system is safe… Nobody is spared, real giants have fallen over. The complexity of the current software ecosystem means that a vulnerability in a small library affects hundreds of applications. It happened in the past (openssh, openssl, zlib, glibc…) and it will continue to happen.

As we pointed out, these attacks can be very sophisticated or they can be the result of a combination of third-party weaknesses that make the client vulnerable, not because of the software, but because of some of the components in its environment. That’s why IT professionals should demand that their software vendors take security seriously, both from an engineering standpoint and from vulnerability management.

We repeat: No one is safe from all threats. The software vendor that took others out of business yesterday may very likely be tomorrow’s new victim. Yes, the other day it was Kaseya, tomorrow it could be us. No matter what we do, there is no 100% security, no one can guarantee it. The question is not to prevent something bad from happening, the question is how to manage that situation and get out of it.

Pandora FMS and ISM ISO 27001

Any software vendor can be attacked and each vendor must take the necessary additional measures to protect itself and its users. Pandora FMS encourages our current and future clients to ask their suppliers for more consideration in this matter. We include ourselves.

Pandora FMS has always taken security very seriously, so much so that for years we have had a public policy of “Vulnerability disclosure policy” and Artica PFMS as a company, is certified with the ISO 27001. We periodically employ code audit tools and maintain some modified versions of common libraries locally.

In 2021, in face of the security demand, we decided to go one step further, and make ourselves CNA of CVE, to give a much more direct response to software vulnerabilities reported by independent auditors.

Decalogue of PFMS for better information security

When a client asks us whether Pandora FMS is safe, sometimes we remind them of all this information, but it is not enough. Therefore, today we want to go further and prepare a decalogue of revealing questions on the subject. Because some software developers take security a little more seriously than others. Relax, these questions and their corresponding answers are valid for both Microsoft and Frank’s Software or whatever thing you may have. Since security does not distinguish between big, small, shy or marketing experts.

Is there a specific space for security within your software life cycle?

At Pandora FMS, we have an AGILE philosophy with sprints (releases) every four weeks, and we have a specific category for security tickets. These have a different priority, a different validation cycle (QA) and of course, a totally different management, since they involve external actors in some cases (through CVE).

Is your CICD and code versioning system located in a safe environment and do you have specific security measures to ensure it?

We use Gitlab internally, on a server in our physical offices in Madrid. People with name and surname, and unique username and password have access to it. No matter what country they are in, their access through VPN is individually controlled and this server cannot be accessed any other way. Our office is protected by a biometric access system and the server room with a key that only two people have.

Does the developer have an ISMS? (Security Incident Management System)

Artica PFMS, the company behind Pandora FMS, is certified with ISO 27001 almost from its beginnings. Our first certification was in 2009. ISO 27001 certifies that there is an ISMS as such in the organization.

Does the developer have a contingency plan?

We not only have one, we have had to use it several times. With COVID, we went from 40 people working in an office in Gran Via (Madrid) to each and everyone of them working at home. We had power outages (for weeks), server fires and many other incidents that put us to the test.

Does the developer company have a security incident communication plan that includes its customers?

It has not happened many times, but we have had to release an urgent security patch, and we have notified our clients in a timely manner.

Is there an atomic and nominal traceability on code changes?

The good thing about code repositories, like GIT, is that these kinds of issues have been solved for a long time. It is impossible to develop software professionally today if tools like GIT are not fully integrated into the organization, and not only into the development team, but also into the QA, support, engineering… teams.

Do you have a reliable update distribution system with digital certifications?

Our update system (Update Manager) distributes packages with digital certificates. It is a private system, duly secured and with its own technology. 

Do you have an open public vulnerability disclosure policy?

In our case, it is published on our website.

Do you have an Open Source policy that allows the customer to see and audit the application code if necessary?

Our code is open, anyone can review it at https://github.com/pandorafms/pandorafms. In addition, some of our customers ask us to audit the source code of the Enterprise version and we are delighted to be able to do so.

Do the components/third-party purchases meet the same standards as the rest of the parts of the application?

Yes they do, and when they do not comply, we maintain them ourselves.

BONUS TRACK:

Does the company have any ISO Quality certification?

ISO 27001 

Does the company have any specific safety certification?

National Security Scheme, basic level.

Conclusion

Pandora FMS is ready for EVERYTHING! Just kidding, as we have said, everyone in this sector is vulnerable, and of course the questions in this decalogue are elaborated with certain cunning, after all, we had solid and truthful answers prepared in advance for them, however, the real question is: Do all software vendors have answers to those questions?

Would you like to find out more about what Pandora FMS can offer you? Find out clicking here . If you have to monitor more than 100 devices, you can also enjoy a FREE 30-day Pandora FMS Enterprise TRIAL. Installation in Cloud or On-Premise, you choose !! 

Last but not least, remember that if you have a reduced number of devices to monitor, you may use Pandora FMS OpenSource version. Find more information here .

Do not hesitate to send your questions. The great team behind Pandora FMS will be happy to assist you! And if you want to keep up with all our news and you like IT, release and, of course, monitoring, we are waiting for you in our blog and in our different social networks, from Linkedin to Twitter through the unforgettable Facebook . We even have a YouTube channel , and with the best storytellers. Ah well, we also have a new Instagram channel ! Follow our account, we still have a long way to go to match that of Billie Eilish.

Having an open, safe and efficient digital administration is the new objective of every Government these years. Although the recent pandemic may have hampered any master plan for system evolution and optimization, there is still some hope. The hybrid Cloud reaches the public sector, among other advances. We’ll tell you all about it in our blog!

The pandemic strengthens the hybrid cloud in the public sector

“The Cloud”, that abstract fantasy, has made possible large-scale government teleworking (so much so that “IDC ensures that 74% of government organizations worldwide will switch to remote work in the future”), in addition to giving institutions the opportunity to test new applications and experiment with them. Being the advantages of scalability and the safety benefits the first objectives.

The public sector, like so many others, got down to work when the shackles of Covid-19 fell on them. Like concert halls or gyms, they had to get reinvented, and soon after new online platforms arrived and heavy investments were made in Artificial Intelligence, Cloud-based management systems and other transformative solutions that give a break to organisms collapsed by difficult conditions. In fact, IDC Research Spain has confirmed that “40% of the public sector already works in a hybrid cloud environment compared to 90% of private companies”. This shows, indeed, that Public Administrations are heading towards new models.

The Hybrid Cloud in the public sector

So, we can say that damn Covid-19 accelerated not only masks sales, but also the adaptation of the most cutting-edge technologies to governments. They were suddenly aware, for example, as we say, of the possibilities of the Hybrid Cloud. Due, of course, to the rising popularity of hybrid IT environments; that although we know that they can be difficult to manage at high scale, and that they require specific capacities, they will always be welcome from now on.

What caused the skepticism regarding Hybrid Cloud in the public sector? Well, surely it was because the governmental institutions throughout the planet faced several and notorious obstacles related to the subject. Ensuring a high-performance infrastructure is no easy task, for example. Certain types of traditional monitoring technologies do not work in such heterogeneous ecosystems. In addition, sometimes, the speed at which some tools are deployed in the Cloud can lead to security problems.

Optimize Hybrid Cloud Management in the public sector

But is it all over? Do governments have nothing to say in the face of these “different and notorious obstacles”? Relax, as the highest paid coaches and cartoon heroes show us, there is always hope, even to optimizehybrid Cloud management in the public sector.

A new approach

From Pandora FMS, a company devoted to delivering the best monitoring software in the world, we tell you: NOT ALL MONITORING TECHNOLOGIES WORK THE SAME.. Many are either designed for local data centers or for the Cloud, but not both. This is where lots of improvements can be made and IT experts must intervene, especially to prioritize a plan for monitoring hybrid environments. Always with a vision of the general state of the systems, the performance and the security of the network, the databases, the applications, etc. It seems that no one had the time or the necessary skills for this task, which ends up exposing organizations, especially regarding security.

The hybrid network

After being aware that investing time and efforts in Cloud services is necessary, the idea that connectivity and network performance are a key factor will come hand in hand, at least to guarantee the provision of quality services.

So we must address issues such as network latency, increased cloud traffic, interruption prevention, and any other problem, before they affect us and the end user.

It goes without saying that Software-defined wide-area network (SD-WAN) technologies play an obvious role in hybrid technologies and can help simplify network management tasks and avoid network overload.

Beware of identity and access control

No, it is not crazy to monitor who has access to what. We do it here and call it “Standard Security Practice”. However, when everything becomes a hodgepodge of employees/users/everyone having access, and you interact with data from a large number of sources, things get a bit complicated.

Indeed, rushing is not good at all, and the implementation of the Cloud is wished right away, “immediately”, so access controls sometimes bear the brunt and remain a vulnerable point. So, you only have to take your chances on multi-factor authentication, as an improved official replacement for passwords for digital access.

Zero-trust frameworks, network segmentation, and new security practices for the provider are other healthy practices to better be safe than sorry and help protect the assets hosted in our hybrid environment.

New skills, new mindset

Big changes need small changes. The capabilities and skills that are necessary for managing the hybrid Cloud are far from those that are needed for a local infrastructure. The data center is already an abstraction of what it was and what IT teams know well. Technology is the future, but also the most current present, and if government institutions do not develop the adequate and necessary capacities to support such technology, there will be neither a well-managed hybrid cloud, nor anything to do in areas such as monitoring and security.

Conclusions

As we started saying, the global pandemic of Covid-19 has justified and potentiated the modernization of technology, and accelerated adaptation to the Cloud and IT environments, but there is still a long way to go for these services to be really used by institutions and their citizens. And this should be a priority, as well as its good performance, accessibility and security. At the appropriate time, supported by the necessary investment and work, I am sure the Cloud will reveal itself in all its splendor showing us its full potential.

Would you like to find out more about what Pandora FMS can offer you? Find out clicking here . If you have to monitor more than 100 devices, you can also enjoy a FREE 30-day Pandora FMS Enterprise TRIAL. Installation in Cloud or On-Premise, you choose !! Get it here.

 

Last but not least, remember that if you have a reduced number of devices to monitor, you may use Pandora FMS OpenSource version. Find more information here .

 

Do not hesitate to send your questions. The great team behind Pandora FMS will be happy to assist you! And if you want to keep up with all our news and you like IT, release and, of course, monitoring, we are waiting for you in our blog and in our different social networks, from Linkedin to Twitter through the unforgettable Facebook . We even have a YouTube channel , and with the best storytellers. Ah well, we also have a new Instagram channel ! Follow our account, we still have a long way to go to match that of Billie Eilish

How artificial intelligence helps in data centers

Data centers have become an essential element within new technologies, if we add to that the current capabilities of artificial intelligence we have a perfect, superhero pairing, capable of providing us with all kinds of advances and benefits. Yes, we can shout it to the wind: “Blessed is the time in which we live!”

The future: smart data centers

For artificial intelligence to be devoted to scaring us to death through iconic movies like 2001 or Terminator is a thing of the past, today it has other, much more interesting and practical purposes. For example, crowning itself by playing a fundamental role in data processing and analysis. Yes, that’s her, the futuristic AI, increasingly faster, more efficient and, now, necessary to manage data centers.

We know that data is already the element that moves the world. An essential requirement for any operation, be it institutional, business, commercial… This makes data centers one of the most important epicenters of digital transformation. After all, in their physical facilities you may find the equipment and technology that sustains, among other things, the information on which the world economy depends. Centers that store seamlessly data backup and recovery with just one hand, while supporting Cloud applications and transactions with the other. Therefore, they guarantee an ideal climate for investment and opportunities, they boost the economy and encourage and attract a large number of technology companies. They are almost the center of the digital revolution.

Although data centers are not without problems. It is estimated that in the future, three or four years from now, 80% of companies will close their traditional data centers. It’s not foresight madness if you consider the myriad of inconveniences traditional data centers face. I mean a certain lack of preparation for updates, infrastructure problems, environmental deficiencies, etc. But don’t worry, as for so many things, there is a vaccine, a remedy, to take advantage of the advances in artificial intelligence to improve, as far as possible, the functions and infrastructure of data centers.

Forbes Insights already pointed it out in 2020: AI is more than poised to have a huge impact on data centers. In its management, productivity, infrastructure… In fact, they already offer potential solutions to data centers to improve their operations. And data centers, already upgraded by artificial intelligence capabilities, process AI workloads more efficiently.

Power Usage Effectiveness, PUE

As you may guess, data centers consume a lot of energy, which is why an artificial intelligence network is necessary to increase the efficiency of energy use (PUE). The Power Usage Effectiveness or PUE, also equivalent to the total electrical power of the CPD or the total electrical power consumed by the systems, is a metric to calculate the efficiency of data centers.

A couple of years ago, Google was already able to achieve a consistent 40% reduction in the amount of energy used for cooling by deploying Deepmind IA in one of its facilities. This achievement equates to a 15% reduction in overall PUE overload, once electrical losses and other non-cooling issues have been accounted for. It produced the lowest PUE they had ever seen. And the thing is that Deepmind analyzes all kinds of variables within the data center to improve the efficiency of the energy used and reduce its consumption.

Can Smart Data Centers be threatened?

Yes, data centers can also suffer from cyber threats. Hackers do their homework, always finding new ways to breach security and sneak information from data centers. However, the IA once again shows its guts and resources, and learns from normal network behavior to detect threats based on possible irregularities in such behavior. Artificial intelligence can be the perfect complement to the current Security Incidents and Event Management (SIEM) systems, and analyze the inputs of the multiple systems and the incidents, devising an adequate response to each unforeseen event.

Effective management

Through the use of intelligent hardware and IoT sensors, artificial intelligence will show us the effective management of our data center infrastructure. It will automate repetitive work, for example. Activities such as temperature monitoring or the status of the equipment, security, risks of all kinds and the management of refrigeration systems. In addition to carrying out predictive analysis that will help distribute the work among the company’s servers. It will also optimize server storage systems and help find potential system failures, improve processing times, and reduce common risk factors.

AI systems have already been developed that automatically learn to schedule data processing operations on thousands of servers 20-30% faster, completing key data center tasks on the go twice as fast during times of high traffic. They handle the same or higher workload faster using fewer resources. Additionally, mitigation strategies can help data centers recover from data disruption. This immediately turns into a reduction in losses during the interruption and our customers giving us a wide smile of satisfaction.

Well, what do you think of this special union, this definitive combo that artificial intelligence and data centers are and will be? Do you think something can marinate better? Data centers and the Cloud ? N-Able and Kaseya? ,White wine and seafood? Condensed milk and everything else? Leave your opinion in the comments!

Closer and closer: the future of data centers

“Adapt or die (and let others take your share of the cake)” is both an evolutionary law and a business law. Without going any further, today, the rise of new technologies and critical applications have led to a substantial change in data centers. It is natural of course, so much data, so much data generated by millions of Internet users wasting their time on the Internet… Data processing centers, or data centers, require new advances and solutions to be able to adapt to the processing of such an amount of information.

Therefore, current data centers are evolving, indeed, in response to this new situation. Improved facilities are now dedicated to supporting higher workloads and higher user traffic. We are talking about renewed systems and technological resources that grant a break, superior applications, shared data, flexibility, and high security for the protection of information.

The market is a jungle , and demand is continually stimulated by new proposals, models and skills that promise to renew the future of the data center. What are data centers evolving to? Let’s check out together some of the most in-demand competencies that will make data centers evolve in the coming future.

The work of data center technicians

Do not forget about them, in the end they are the ones responsible for data centers mostly. Installation, server and network computer maintenance, daily performance monitoring, maintaining a controlled and optimal equipment environment and solving all those unforeseen events that are usually associated with the network and servers. Not to mention the emergencies outside working hours, which will make them leave the shelter of their life as a civilian to go to repair any mess. Therefore, technicians from data centers will be a value to be taken into account by the market. Without a doubt they will take their chances on those that are the best and most prepared in the future. Computer support to staff and clients while they solve the bustle of servers and the network with the other hand. Their work is incalculable!

An architect in the Cloud

IT infrastructures and services in the Cloud, that is where money is invested, at least they are the two most notable factors companies want to take their chances on in recent times, and the appearance of 5G only reinforces their position. They take advantage of faster and more correct data transfers.

The data processing center, the technology company… absolutely everyone wants to focus now on the important factors that surround this investment: security in the Cloud and its architecture. They are looking for that revolutionary architect from the Cloud, with deep knowledge in the field, an architecture project up his sleeve and the final design of a unique product.

Hybrid management

Hyundai and its hybrid cars are not the only ones that have hybridization as their flag, there we have IT management that is also hybrid. Something unified to manage both the infrastructure in the Cloud and the traditional services. The benefits are many, including that hybrid IT management solutions provide key automation across IT functional areas. This encompasses service management, compliance, assurance, and governance.

And it is now that companies are using more AWS, Microsoft Azure and Google Cloud Platform, and other services in the Cloud, when IT administrators must guarantee network bandwidth between applications. Organizations will get into it more than ever.

Data center security

We live in a world where millions of users roam the Internet at ease, which makes managing and protecting data centers considerably more difficult. To ensure higher security, companies have to ensure their data and uninterrupted network performance. That’s why they hire fellow data analysts and cybersecurity architects skilled enough to look over the big picture and create a model of perception and protection against potential threats.

Edge computing

The arrival of edge computing certainly helps IT companies to collect and weigh information from IoT devices. They then transmit that data to a data center, be it remote or local. An edge server, as we know, differs from a source server in closeness to the client machine.

Edge servers store cache content in localized areas helping to ease server load. As the implementation of edge computing progresses, the thinking heads of data centers will look for talents with skills in networking, system design or database modeling and security.

Edge computing, security, hybrid management, architecture in The Cloud and specialized technicians are just some of the specialties towards which data centers are heading in their evolution. So if you are thinking of making a career out of it, this is the right time to rethink it. Ditch what you’re up to and join the demand around data centers. It is not Bitcoin, but it is undoubtedly a more consolidated bet.

What is a CVE and why is it important for your security?

There are “good” hackers. They call themselves security analysts and some even devote their time to working for the common good. They investigate possible vulnerabilities in public and known applications, and when they find a possible security flaw that could endanger the users of those applications, they report that vulnerability to the software manufacturer. There is no reward, they are not paid for it, they do it to make the world safer.

What is a CVE?

This entire process, from the moment the manufacturer accepts the reported vulnerability until it is fixed, is taken to a public reference system called the CVE Database. This is a database maintained by MITRE Corporation (that’s why sometimes it is known as MITRE CVE list) with funds from the National Cyber Security Division of the government of the United States of America.

The CVE Program is an international effort, based on the community and it is based on it to discover vulnerabilities. Vulnerabilities are discovered, assigned and published in the CVE list.

Each CVE uniquely identifies a security problem. This problem can be of different types, but in any case, it is something that if it is not solved but rather stays hidden, someday someone will take advantage of said failure. A CVE simply describes which is the vulnerable application and the version and/or component affected without revealing sensitive information. When the error is corrected, it reports where the solution can be found. Generally a CVE is not made public until the mistake has been corrected, this is especially important, since it guarantees that the users of said application are not subjected to a gratuitous risk when publishing information about the failure. If there were no CVE, researchers would publish such information without coordinating with the manufacturers, producing unacceptable security risks for users who have no way to protect themselves against data that reveals security errors in their systems as users of those applications. Don’t forget that all software vendors have public CVEs published. Nobody is spared.

This consensus between manufacturers and researchers on the way to reveal sensitive information regarding security flaws of an application allows a continuous improvement of the security of public information systems. Although MITRE is originally a US funded organization, there are partner organizations around the world that help to organize CVEs regionally, decentralizing management and helping local manufacturers organize more efficiently.

INCIBE and ARTICA

CVEs are coordinated by CNAs, voluntary organizations that offer themselves to coordinate and resolve disputes when there are conflicting positions between security researchers and manufacturers. The root CNA is MITER, and there are CNAs spread all over the world. Most of the software and hardware manufacturers like Microsoft, CISCO, Oracle, VMware or Dell are CNAs that are part of the CVE program.

INCIBE, the National Cybersecurity Institute of Spain, is a Spanish organization that has recently become a CNA Root, a member with a special status within the CVE hierarchy, as it coordinates the Spanish CNAs. It is also a contact point in the country for receiving vulnerabilities discover n the IT domain, industrial systems and IoT (Internet of Things) devices.

Thanks to its collaboration with INCIBE, ÁRTICA the company behind Pandora FMS, Integria IMS and eHorus has become the official CNA of CVE. This is especially important as it shows Pandora FMS’s commitment to information system security and makes itself available to researchers from all over the world to work on solving any problem that may affect its users.

From this moment on, the program has two hundred one CNA from thirty two countries, ARTICA being number two hundred all over the world and third in Spain. After joining the program, ARTICA will be able to publicly receive any information related to the security of Pandora FMS, Integria IMS or eHorus and process the solution of the problem reliably as well as its public communication.
Our vulnerability management policy allows us to assure any Pandora FMS user that any problem will be dealt with rigorously, prioritizing the impact and mitigating risk in productive environments, while guaranteeing the researcher correct reception, communication and publication in the open of his/her work.

Vulnerability disclosure policy in Pandora FMS

At Pandora FMS, we have a very open policy in this regard. Pandora FMS was born with an open philosophy, this not only means open source, it also means free knowledge and, of course, process transparency. We have a fully public and transparent vulnerability disclosure policy. Over the years, different researchers have contacted us to report security problems in Pandora FMS. Yes, we too have had, and will have, security flaws. And thanks in part to the selfless work of security researchers, we have been correcting many of these flaws. We are so compliant and honest that we publish them ourselves in a list of known vulnerabilities on our own website.

Security bug reports generally have a life cycle that allows users to avoid the added risk of publishing information about software bugs ahead of time, before the manufacturer has been able to create a patch and distribute it in good time to its users. In this process, the security breach remains in a waiting stage, where the manufacturer accepts the reported problem and agrees on a date to solve the problem. The security researcher waits patiently and makes the solution of the problem as easy as possible: providing more information, collaborating with the development team, even doing some additional testing when the patch is available. The point is to work as a team to improve the robustness of the software.

The e-mail box security@pandorafms.com is open to anyone with an interest in improving the security of our software.

What’s new in the latest Pandora FMS release, Pandora FMS 758

Let’s check out together the features and improvements related to the new Pandora FMS release: Pandora FMS 758. Remember this is an LTS version, we only have two of them a year, in April and November and they are stable.

NEW FEATURES AND IMPROVEMENTS

Network Configuration Manager

We added for the first time in Pandora FMS a new network computer management system, which allows you to distribute configuration changes in a customized way to network computers, differentiating by model and provider. You may back up configurations and recover them or see the differences compared to the previous backup. In future versions you will be able to deploy mass changes to network computers, apply firmwares and more features.

Improvements in IPAM

Our improved IPAM includes network export/import, new options for working with subnets (sorting, adding networks to supernets from the first range available, etc.), as well as new tree views in supernet maps and network usage statistical graphs. New IPAM reports have also been added to see the list of used/unused IPs as well as those assigned to an agent.

Network usage statistical graphs

Supernet display in tree format

New service list widget

A new widget has been added, where you may choose to see the services view and choose what type of view you want to see.

New visual console element: Simple graphs

The visual console supports a new type of element that displays the graph in a simplified format, providing a label with the value of the last data collected in a very visual way, creating a new world of possibilities for creating dashboards.

New Alert server

The new Pandora FMS alert server allows parallelization of the alert execution load in another component, so that monitoring processing is not affected in alert storm situations. This new server is optional and it is not activated by default.

Open Source network maps

At the request of our user community, we opened the network map editor feature for the OpenSource version. It can now be used without limits in the community version.

IPv6 support for Satellite server

Since this version, both the Satellite server and the Enterprise Network Server support IPv6 in all its advanced features. High-performance code previously only supported on IPv4 now applies to IPv6 as well, enhancing existing polling capabilities.

New Enterprise plugin: Apache Spark

The Apache Spark plugin creates an agent for each app that has finished or is running on the server with the data of all its executors. More information in our library.