June 27th: AMA (Ask Me Anything) with Atera's CISO Oren Elimelech

nina

Hi Atera community -

If you missed the chance to ask Oren anything... fear not, you can ask your questions below!

⬇️ ⬇️ ⬇️

Best,

Nina and the Atera crew

nina

From one of our customers: How we can we integrate Atera to our CISO program?

nina

From one of our customers: What are you guys using from Atera on cyber resilience?

orene

https://community.atera.com/discussion/comment/118#Comment_118

Atera can help your InfoSec program by enabling several security features:

1. Patch management
2. Remote Monitoring & Management (RMM) capabilities - access and visibility
3. Professional Services Automation (PSA) capabilities - remote command execution (for example, the ability to run a CMD on all endpoint - protect with strong 2nd authentication)
4. All-access is using strong authentication and MFA
5. Access log audit trail history
6. Ability to leverage Marketplace for additional features - for example, Endpoint security and EDR
7. And many more

orene

https://community.atera.com/discussion/comment/119#Comment_119

Cyber resilience is a vast subject - so if you are referring to the High-Availability part

We are leveraging several solutions:

1. Azure Cloud - with multi zones
2. Azure ASR - for Replication and snapshots
3. CloudFlare for CDN, DDoS & WAF

[Deleted User]

Dop you plan to give us a nice (ideally at not much extra cost) integration with tenable/Nessus for vulnerability scanning or provide something else ?

Atera's patching solution only takes you so far - we need proper tools to scan machines and make sure all CVE's are being addressed/patched.

Tenable seems the best that we have tried so far and used by most the industry, Acronis was not very good and Microsoft Vulnerability Management does not yet actually detect all CVE's even for it's own software!

tanderson

@orene Will Atera be doing any updates to Document Management/Password Management soon? I would love to use Atera instead of ITGlue. Kaseya's support is pretty bad at its best.

Thanks,

Taylor

hleavens

@tanderson Do you mean a password protection program for all the computers/sites? or just in afiliation with Atera? That would be amazing. The one we have is frustrating at best.

tanderson

@hleavens I would like the Knowledge base to be expanded to function better and look nicer. Closer to something like ITGlue or Hudu. I would also like the password manager to be updated and accept 2FA codes. We do not use the Atera password manager for anything because it's quite clunky and doesn't allow for 2FA codes to be shared. We, and I am sure most of the IT field, have passwords shared between different levels of access for techs and need to be able to have that 2FA shared as well—a lot like more robust password managers.

I know it is asking a lot for Atera to be the one-stop shop for everything, but it would be nice if it were!

hleavens

@tanderson

Oh! I see. That would be really helpful.

tanderson

@orene With the increasing number of cyber threats, how does Atera ensure the security and confidentiality of customer data in your products and services? Could you please elaborate on the steps you take, such as the implementation of encryption, intrusion detection systems, regular audits, and compliance with international security standards?

orene

@tanderson As for your question regarding Document Management - I will check if this is on the roadmap.

For Password Management - you have the Keeper as part of the Market Place, which is a fantastic solution.

@nathan for Nessus / Rapid integration - I will check if this is planned - but I can recommend using the NSE Script for Nessus - https://github.com/scipag/vulscan, which I used a few years back - it should be adequate as this integrates with Atera own NMAP, internal solution.

@tanderson , as for the cyber threats questions:

Atera has several security controls built into its infrastructure - which you can have a more detailed review of here - https://www.atera.com/trust/

And Yes, we have DDoS, WAF, IPS, IDS, EDR, SIEM, SOC, MFA, and many other security controls and countermeasures to secure our solution. As for the data - Atera does not hold private data, only metadata - so this is very limited to IP addresses and email and not the actual files and documents on each endpoint. Atera has recently completed its ISA 27001, 27002, 27017, 27018, 27032, and SOC2 Type1 audits. And is currently in the middle of its HIPAA & SOC2 Type2 compliance audit.

nina

Thank you @orene for all your insights!!!

tanderson

@orene I appreciate the response; thank you!