Partner Newsletter August 2023

Dear

This past summer holiday period was a great time for us to reflect and as it draws to a close, we feel re-energised and motivated for what is coming up for the rest of the year – we wish that for you as well! While a few of our Guardian360 Angels went on vacation, it did not mean that we were idle as a team.

As you might have read in past partner newsletters, we are increasing our efforts to enter the German market. We therefore decided to exhibit at the IT-SA in Nurnberg from 10-12 October. We are excited about the prospect of meeting current and future Guardian360 partners there!

In the past few weeks, we teamed up with Sky10 and Geefirm to improve our marketing, sales, and support processes. We expect partners to notice the effect of that within a couple of weeks already. We aim to increase the number of sales qualified leads and offering quicker onboarding capabilities for potential clients. These sales qualified leads will not only be for our benefit but will give our partners new customers to service as well!

Our external ISO27001 audit took place in August. You can read more about the management summary in this partner newsletter, we are quite proud of it.

NB: Please check out the part about the importance of extending probes’ disk space. To prevent scanning from failing, we need partners to assign the correct disk space to probes.

Before we get into all of that though, let’s begin with our monthly update of the progress being made in our Lighthouse platform.

Kind regards,
On behalf of the Guardian360 team,

Jan Martijn Broekhof

Managing Director

The big idea is that end users will be able to onboard themselves on the platform and to learn as they go along. They will have a 2-week trial period during which they will be encouraged to connect with a partner to help them secure their networks. This way we keep our promise to you, our partners, not to sell directly, and provide a new channel to give you quality leads to expand your business. We will obviously also benefit!

In addition to this, we have been taking a closer look at business risk management, especially as it relates to prioritising assets within a network.

While we return insights of issues in networks it is often quite monolithic, and while we return technical risks, these do not always equate to business risks.

For example: A medium issue on critical infrastructure can carry a much higher business risk than a critical issue on non-essential devices.

We have put together flows to enable users to prioritise scan objects, assets and even modify risks detected by scanners per instance or even globally.

Our work has not just been conceptual, Dick and Aleksander have continued to work on the front-end, and our SRE’s continue with our big cloud migration project.

Work done in the code includes:

The dashboard was connected to the backend.
The new login process was optimised.
Our front-end platform architecture was updated to conform to the latest standards.
Automated testing was introduced in the new front-end to ensure higher quality and more secure code base.

Our SRE’s have been continuing with the platform migration with special emphasis on observability in appliances and implementing teleport as a step to cloud migration.

Besides our intended and planned work, we also did quite a bit of unintended work as we responded to tickets and added features to the system to improve and add to current functionality. Much of this is due continued collaboration with partners on a day-to-day basis.

This is truly energising and is bringing us closer to our goal of immersive extreme programming and continuous delivery.

External ISO27001 audit

Towards the end of August, the second external ISO27001 audit in the three-year certification cycle was conducted. The auditor concluded the following:

Much of the audit was performed remotely by using special auditing techniques as laid out in the audit plan. No technological issues were encountered, and the Team Leader considers these auditing techniques to be effective.
The key audit objectives were achieved and the audit plan was followed without major changes.
The general conclusions and key findings were presented, discussed and agreed at the closing meeting.
There are no major changes affecting the management system since last audit.
With the exception of one nonconformity that was identified and recorded, the management system was found to be effective and in compliance with the standard, based on the audit sample taken. The (minor) Nonconformity was resolved shortly after the audit.
The certificate remains valid under the condition that identified nonconformities are satisfactorily addressed and responded to. This was resolved as previously stated.
Due to the positive result of the audit there is no need for a follow-up audit.
The appropriateness of the certification scope (and boundaries) was evaluated by considering factors such as the organisational structure, site(s), processes and products/services. The conclusion is that the certification scope (and boundaries) is considered to be appropriate.
The audit did not identify any issues that impact the periodic audit programme for the current certification cycle.
Based on consideration of the status of relevant factors such as the number of personnel, geographical locations, processes and products, and complexity level of the organisation, the conclusion is that there is no need to review the audit time.

The minor non-conformity was related to the following requirement: Information security shall be embedded in Project Management. Since we implemented new processes and adopted new tools for documentation, not every project proposal contained a proper risk assessment. Controls to mitigate risks were in place but not administrated like we described in our ISMS. We updated the project proposal templates as soon as the audit concluded in order to ensure that risk management is applied more efficiently to our development process.

Please refer to our partner portal to access our ISO27001 certificate as well as the statement of applicability.

Extend Probe disk space, or else ;-)

In the past few months, we informed our partners about extending disk space of probes. Most of the probes have been updated accordingly. However, there are still a few probes not extended with additional disk space.

Please be aware that if the disk of a probe fills up, this causing scanning to halt.

The probes that were affected have been generated before January 2023 and will only have a total of 20GB of disk space. Due to scanner extensions and the availability of many new vulnerability plugins over the past few years, the 20GB disk space will no longer be sufficient in providing reliable scanning. Since January 2023 we have been shipping all our probes with 40GB of diskspace, which is ample space to future proof usage limitations.

To prevent any issues and to future proof the probes, we would like to proactively expand the disk of all probes. We have developed some automated processes that will expand the disks and filesystem of probes automatically once the disk of the Virtual Machine itself has been expanded. There is however a manual task that needs to be performed by you - the partner - to expand the disk on the probe’s Virtual Machine side.

We would like to ask you to proactively expand the disks for probes that haven’t been expanded yet from 20GB to 40GB. Please refer to the ‘Probes’ section in Lighthouse to assess the probe details.

G360DAO Update

This month we only have a short update concerning G360DAO. While have spoken to a few potential investors to join us on our journey, and despite many positive responses, until now investors have been hesitant to come on board. This is due to the so called “Crypto winter” and financial market conditions in general.

Nevertheless, this has not prevented the team from progressing in building the G360DAO. Two of our core contributors were present at Blackhat USA in Las Vegas and the Lightnet Marketplace has been updated. We have also noticed a steady growth of participants on Discord and Twitter.