Security is within our DNA

Monitoring hand in hand with experience

We talk about computer security in our blog Visit our blog

The security of your data as a fundamental pillar of monitoring

Pandora FMS roots come from specific needs in bank security environments and that has absolutely defined Pandora FMS design and architecture. Security has always been present and we can say confidently that Pandora FMS is adaptable, in order to meet strict security standards such as PCI/DSS or ISO 27001.

Monitoring is a technology that needs access to all IT infrastructure elements and that is a key aspect to bear in mind when implementing a monitoring system.

Believes the risk of being a victim of cybercrime is increasing

Are concerned that their private data is not protected by suppliers

Are concerned about their private data being misused

Are concerned that their data is not kept secure in their environments

Source: *EU commission Special Eurobarometer: Europeans attitudes towards Internet Security, March 2019

Safe traffic
Double authentication system
Delegated authentication system
ACL and user profiling
Internal audit system
Granting audit data
Password policy
Sensitive data encryption
Credential storages
Full High Availability
Integrated backup
Agent blocking system
Safe architecture
Installation with no root
Separation between components
Firewalls
Restricted area monitoring

Secure architecture elements in Pandora FMS

Safe traffic through encryption and certificates

Pandora FMS supports SSL/TLS encryption at all levels (user operation, communication among components, data forwarding from agents to servers) as well as certificates at both ends.

Double authentication system

It is based on google authenticator, which allows forcing its use for all users for security policies.

Delegated authentication system

Applied at application level, to authenticate against LDAP, Active Directory or SAML.

ACL and user profiling

Each permission gets defined in an access bit and those permissions are collected in access profiles that are applied to users for each ensemble of system actives. Exceptions can be defined and any system element can be custom restricted through extended ACLs.

Internal audit system

Which registers all user actions, including information about modified or deleted fields.

Granting audit data lo external log managers

Audit registers can be exported to third parties for higher security.

Password policy

This allows forcing a tight access password management policy for application users (console): password minimum number of characters, type of password, password reuse, forcing changing passwords once in a while, etc.

Sensitive data encryption

The system allows saving sensitive data in an encrypted way and safely, such as access credentials, monitoring element custom fields, etc.

Credential storages

For the administrator to be able to delegate the use of credentials to other users that make use of said credentials, to monitor elements without seeing the passwords.

Full High Availability

For all elements: databases, servers, agents and console

Integrated backup

The console itself has a backup system to make recovery easier in the event of a failure.

Agent blocking system

For security critical environments, where the agent cannot be remotely managed once it is configured.

Agent communication safe architecture

Your agents will not listen in a port or have remote access from the console. They will connect with the central system to ask for instructions. All communications can be end-to-end encrypted with CA-validated certificates if required.

Installation with no root

Pandora FMS can be installed in environments with custom paths without being executed through root. In some finance environments it is a requirement we meet.

Physical separation between components

That offer an interface to the user and information stockage (filesystem). Both DB-stored files and filesystems that store monitoring configuration information can stay in physically separated machines in different networks, and protected through individual perimetral systems.

Firewalls

Pandora FMS components have their input and output ports documented, so it is possible to securize all accesses through firewalls to and from its components. In addition, you may customize their use.

Restricted area monitoring

So that you may collect data from a network with no access to the outside, perfect for very restrictive environments.

24/7 direct international support

At the other side of the phone, you will find an experienced technician from our engineering team, who will also have the backup of the rest of the team in charge of Pandora FMS, from the development team to the sales team that manages your account.

Safe environment implementation guide

We have a little implementation guide for safe environments. Of course we also offer consulting advanced services to help you if necessary.

Vulnerability history

We keep a register of Pandora FMS public reported vulnerabilities updated. Furthermore, we have a public security breach management policy that allows any security investigator to report failures in order for us to fix them and notify our clients before those become public and can be taken advantage of by third parties.

Code audit

The whole code is public and accessible in the OpenSource version, not recently, but since 2005. The code of the Enterprise version can be requested under specific circumstances (only for clients) so that you may audit it if you consider it necessary. We have done it for different clients in national and aerospace security.

Pandora FMS Certifications

Pandora FMS -as a company- is certified in ISO/IEC 27001:2013 (ES-SI-0084/2020). We also comply with the National Security Scheme (ENS) in its basic category.

Do you have any security questions?

If you have a question about Pandora FMS security, please contact us.