Stay NIS2 compliant with Zabbix

What is NIS2 and what are the requirements?

Introduced in 2020 and coming into effect on January 16, 2023, the Network and Information Security (NIS2) directive is a continuation and expansion of NIS, the previous EU cybersecurity directive.

NIS2 expands the scope of NIS and introduces new requirements to help guard against cyber threats. Take a look at a few of the key NIS2 requirements and how Zabbix can help organizations comply with them.

Risk Analysis & Security

Zabbix provides data visibility that can help with risk management and policy creation decisions.

Zabbix can:

Detect anomalies, suspicious activities, resource overload, downtime, etc.
Monitor bandwidth usage, network interface metrics, and other critical services
Check open ports and insecure webpages
Monitor the integrity of important files such as password files and configuration files
Create customized alerting workflows
Monitor sensors in data centers to detect physical security breaches

Risk Analysis & Security">

Incident Response

Have procedures in place to handle security incidents as they arise.

Zabbix can:

Provide real-time monitoring and alert users to potential incidents
Keep a comprehensive log history for root cause analysis
Support multiple notification channels and scenarios for incident reporting
Share real-time incident data with external systems while providing custom dashboards and reports about ongoing incidents

Incident Response">

Backup & Disaster Recovery

Have backup management, disaster recovery, and crisis management plans in place to provide business continuity.

Zabbix can:

Provide full support for Veeam (OOB) and Bacula data platforms, among others.
Monitor the backup execution process and track the storage and usage of backup servers.

Backup & Disaster Recovery">

Supply Chain Security

Maintain supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers.

Zabbix can:

Monitor third-party services and dependencies for availability and performance
Alert users to potential vulnerabilities or disruptions in supply chain services and provide SLA reporting

Supply Chain Security">

System Security & Vulnerabilities

Provide security in network and information systems acquisition, development, and maintenance – including vulnerability handling and disclosure.

Zabbix can:

Monitor software versions and check for outdated components
Support integration with external tools to check vulnerabilities

System Security & Vulnerabilities">

Cryptography & Encryption

Have policies and procedures in place regarding the use of cryptography and encryption.

Zabbix can:

Comprehensively monitor encryption certificates for expiration.

Cryptography & Encryption">

HR & Access Control

Maintain HR security by providing accessible control and asset management policies.

Zabbix can:

Monitor user actions with the help of log files.

HR & Access Control">

Multi-Factor Authentication

Implement multi-factor authentication (MFA) or continuous authentication solutions, secured emergency communication systems, and secured voice, video, and text communications.

Zabbix can:

Monitor the performance and uptime of any identity provider (IdP)
Use APIs provided by the IdPs to query MFA policies and user login events
Monitor logs for MFA-related events
Provide custom dashboards and reports on MFA usage

Multi-Factor Authentication">