Recent data breaches have made security a top concern for most organizations. When it comes to IT monitoring, systems and services that host customer data can be a risky vulnerability. Nagios software keeps your data secure in your local environment, and your data is not transmitted to servers hosted by Nagios. We also enforce strict practices to ensure the security of your software and data. For example, we continuously monitor for sources of vulnerabilities, respond to any common vulnerabilities and exposures (CVEs), and partner with external security advisers to perform independent code audits.
Let’s take a closer look at why Nagios is a more secure option for IT monitoring:
All Nagios employees undergo background checks before hire, live in the Minneapolis/St. Paul area, and work in the same office location. We have rigorous security controls in place like locked entrances, locked workstations, strong password and authentication requirements, secure wi-fi and firewalls, limited internal access to sensitive information, anti-virus software that’s updated daily/weekly, and regular cybersecurity training for employees. Our products are fully developed in house, by full-time engineers. We don’t outsource any of our operations, which helps keep our organization running smoothly and securely.
Our solutions rely on local data, not data stored in a Nagios-owned server. In addition, we can’t access your systems without your express consent and through remote support sessions. As a result, you have complete control over your security plan. With Nagios, you have the option to use our solutions completely on premise, hosted on a server, in a private/public cloud, or in an offline environment (with limited or no access to the internet).
All our products are built on a base of open-source code, which means our solutions are inherently transparent and have been extensively tested. You have complete visibility to the code and can modify it as you see fit. Because our code is fully developed and maintained in house by the same dedicated team, we know our work is safe and secure.
Below are some of the most commonly asked security questions.
Yes. Nagios Enterprises is compliant with all global security and data practice regulations, including GDPR. Because we do not host customer data, we have significantly less customer information than other monitoring solutions, and we can easily remove any data at a customer’s request and/or when a contract is terminated.
Yes. We have a dedicated team of in-house staff who monitor and maintain the infrastructure around the clock.
Nagios solutions include full system backups and data backups, including databases. Our licensing options allows you to implement your preferred High Availability/Disaster Recovery plan within seconds.
Due to the inherent flexibility and customization of Nagios, the SLA will largely depend on your internal operations. Nagios solutions allow for immediate solutions to be activated depending on your preferences. As Nagios solutions exist within your own environment, many of these factors can be customized to best suit the needs of your specific organization.
No, we do not. We don’t have access to your data.
Yes, we immediately notify customers of any incident that could affect them. However, because we don’t hold onto customer data, there’s no opportunity for sensitive information to be put at risk. Security vulnerabilities that have been addressed in our product can be found on our Security Disclosures page.
Yes. We release patches and updates on an as-needed basis. Check out our Security Disclosures page for more information.
You can see the latest code changes by visiting Nagios XI Change Log page. When relevant, we’ll also update the Security Disclosures page. In addition, changes are communicated within the product itself through alerts and prompts when there is an update or enhancement available.
Yes, you can find our product roadmap at www.nagios.com/roadmaps/.
We test our product updates against all operating systems we support. Our dedicated, in-house team continuously looks for bugs using several automated and manual processes. All our product releases endure a strict testing process before release.
For customers actively using our software online, we provide notice of new releases inside the product. Our notification period prior to release will vary depending upon the significance of the update. Our goal is to provide plenty of advance notice and support so changes are as seamless as possible.
Yes, and we take it a step further! Each purchase of a Nagios XI, Nagios Network Analyzer, and Nagios Fusion license allows for three installations: one install as the primary monitoring server, one for a testing environment server, and one as a backup/failover (DR) server. Only one install may be actively monitoring at any given time. Nagios Log Server allows for two installations for production and test environments.
Yes, all appropriate Nagios employees participate in regular internal policy reviews. They also receive one-on-one cybersecurity and awareness advising.
Yes, we do. To comply with our own organization’s security requirements, we do not share this documentation with customers, partners, or vendors. Our response plan includes procedural and communication steps to immediately notify any customer, partner, or vendor if a security incident were to occur with the potential to impact anyone outside of our organization.
Yes, if you submit a ticket with us to notify us of an incident, a member of our support staff will offer consultation on a case-by-case basis. Because we don’t host data, we won’t be able to know about a security incident on the end user’s side unless a ticket is filed.
Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. Website Copyright © 2009-2023 Nagios Enterprises, LLC. All rights reserved.