In the world of Managed Service Providers (MSPs), security is often a double-edged sword. Many clients strictly prohibit their IBM i systems from accessing the internet—even via secure channels. While this “air-gapping” provides a layer of protection, it creates a significant blind spot: How do you protect a system from the latest security threats if it can’t reach the data it needs to defend itself?
The Challenge: Security Without Connectivity
Threats aren’t limited to the open web. An exposure on a local network can spread to an IBM i partition just as easily as an internet-borne attack. To stay secure, you need the latest Common Vulnerabilities and Exposures (CVE) information and the corresponding Program Temporary Fixes (PTFs).
Usually, retrieving this information requires a direct call to a remote server. For isolated systems, this creates a manual bottleneck—or worse, a security gap.
The Solution: The Local SECUPD Server
We’ve developed a way to bring the intelligence to you. By utilizing a local Linux-based server (such as Nagios XI, which many of our clients already use for infrastructure monitoring), you can host a local repository of CVE data.
How it works:
- Automated Sync: A simple cron job on your Linux/Nagios XI server pulls the latest CVE data from our website.
- Local Intelligence: Your IBM i systems communicate only with your internal Linux server—no internet access required.
- Universal Compatibility: While we highlight Nagios XI, any Linux server capable of running a web server and MySQL database can serve as your local hub.
Why Make the Switch?
Beyond solving the connectivity hurdle, moving to a local SECUPD server offers two massive advantages:
- Blistering Speed: In our testing, request times dropped from over 60 seconds (via remote web server) to under 5 seconds when run locally.
- Reduced Overhead: By fetching data locally, you reduce the load on external web servers, ensuring high reliability even during peak request periods.
- Total Control: You can update your local repository on a schedule or trigger an on-demand sync the moment a high-priority CVE is announced.
Painless Implementation
Transitioning shouldn’t be a project in itself. We have built set-up scripts and automated web scripts to make the move from our remote server to your local Nagios XI environment easy and painless.
If you would like to hear more give us a call or contact us through our website. We continue to improve and enhance our products to make it easier for you to manage your workload.