CMDBuild Newsletter nr. 105

We are pleased to announce the releases of CMDBuild 4.0 (March 28th), openMAINT 2.4, and CMDBuild READY2USE 2.4 (April 30th).

Here is an overview of the main updates:

CMDBuild 4.0:
A major release that marks a significant evolution in both architecture and user experience. CMDBuild 4.0 introduces a completely redesigned interface, new features for integration modeling, more efficient data management, and a modernized technological infrastructure.

For more details and to download the new version, visit our project website.

openMAINT 2.4:
The solution for Facility & Property Management has been updated to version 2.4, incorporating all the innovations of CMDBuild 4.0 and expanding support for asset and maintenance management. Key updates include enhanced system configurability, new dashboards, improved integrations, advanced SLA management, upgraded KPIs and execution logs, and integrated Surveys in corrective maintenance processes.

For more details and to download the new version, visit our project website.

CMDBuild READY2USE 2.4:
The new version includes all the enhancements from CMDBuild 4.0, enriched with new functional modules and several improvements. Key highlights include: process migration to the Groovy language, the new "Impact Analysis" report, a new class for monitoring connectors, refactored summary reports for connectors, and improvements to the ServiceRequest class data model.
A true step forward for an increasingly integrated and ready-to-use management solution.

For more details and to download the new version, visit our project website.

The releases we have announced mark an important achievement for Tecnoteca, the outcome of strategic planning, dedicated work and continuous innovation fostered through close collaboration among all teams. This structured path will move forward in the coming months, with the next release already planned for the summer. 

In today’s digital landscape, marked by ongoing cyber threats, security is a central concern for both public and private organizations. In Europe, new security regulations continue to shape how organizations protect their networks and information systems.

In this context, the European NIS 2 Directive introduces stringent cybersecurity requirements for organizations, particularly those operating in strategically important sectors such as public administration and critical enterprises.

Specifically, NIS 2 mandates the implementation of control policies not only for access but also for the management of IT assets and corporate resources, following specific standards to ensure a high level of protection against cybersecurity risks.

ITAM (IT Asset Management) involves the understanding and control of devices within an organization’s network and serves as a logical starting point for identifying and securing critical resources. ITAM emerges as a crucial measure to implement in order to comply with the NIS 2 Directive and achieve regulatory compliance. It is fundamental for:

• Maintaining a complete and up-to-date inventory of assets
• Assessing risks and vulnerabilities
• Implementing proportionate security controls
   

Key Aspects to Consider:

Effective ITAM Management
Asset management must go beyond simply identifying devices on a network. A comprehensive and up-to-date inventory is required, including detailed information such as software and firmware versions, known vulnerabilities, and asset criticality. These parameters are essential for assessing and mitigating cyber risks, enabling organizations to determine what needs protection and to prioritize actions based on business and IT risk.

Inventory Updating
An up-to-date asset inventory is vital for cybersecurity. It enables organizations to fully understand their IT environment, identify critical devices, and assess their security posture. Additionally, a detailed inventory supports incident response and continuous regulatory compliance monitoring.

Risk-Based Prioritization
The ITAM process enables organizations to adopt a risk-based approach to digital asset protection. By identifying critical assets and evaluating potential associated risks, organizations can allocate IT resources strategically, implementing protections that are proportional to the criticality and value of each asset.

CMDBuild: The Solution for NIS 2-Compliant Asset Management

The CMDBuild solution helps organizations effectively implement an ITAM program aligned with NIS 2 requirements by enabling them to:

1. Create a detailed inventory of hardware, software, and data assets, updated in real time;
2. Map Configuration Items (CIs) associated with Incidents, including details on location, vendor, assignment, and more;
3. Visually display interdependencies between assets and CIs for more informed management;
4. Evaluate the criticality and sensitivity of assets based on business risks and compliance needs;
5. Implement targeted security controls to mitigate the most relevant risks;
6. Monitor and respond promptly to threats and violations.

Why Act Now?

NIS 2 will require organizations to demonstrate capabilities in protection, response, and cybersecurity resilience. With CMDBuild, you can start a concrete journey toward regulatory compliance today and strengthen the security of your assets.

In the context where continuous monitoring of IT assets is crucial for security and operational continuity, the integration between CMDBuild and Qualys® offers organizations a powerful tool to keep their infrastructure under control.

Qualys® is a solution that collects and maintains a complete and up-to-date inventory of IT assets, monitoring on-premise, cloud, and remote endpoints.

Qualys® enables organizations to:

• Gather a comprehensive and real-time inventory of on-premise, cloud, and remote assets
• Detect new devices on the network and monitor asset groups
• Identify vulnerabilities and misconfigurations in real time
• Prioritize remediation and mitigation actions intelligently

Custom integration between CMDBuild and Qualys®: detailed synchronization of IT Asset information

To meet our client's needs, we developed a custom integration between the two systems, allowing organizations to maintain an always up-to-date Asset Inventory, identify new devices connecting to the network, create and monitor device groups, and detect vulnerabilities and misconfigurations at scheduled intervals, with prioritized remediation actions.

The connector transfers complete and contextualized asset data into CMDBuild, providing a consistent and consolidated dataset across all IT environments. This enables IT teams to work with shared information to identify vulnerable devices, assign system maintenance responsibilities, and enforce security policies.

Thanks to this custom-built connector, Qualys® data is imported into CMDBuild to offer:

• A constantly updated and synchronized Asset Inventory
• Consistent data across IT environments for easier identification of vulnerable assets and responsible teams
• A reliable foundation to enforce security policies and plan interventions

Key features available in CMDBuild thanks to the custom connector

This tailored integration enables a wide range of functions in CMDBuild, including:

• Software Catalog
  Automatic creation of a catalog of detected software, with data on vendor, versions, lifecycle status (GA, EOL, EOS), and support end dates.

• Software Installations
  Detailed mapping of software installations to identify outdated or at-risk versions, supporting bulk updates.

• Operating System List
  Comprehensive list of operating systems in use, categorized by vendor and version, with lifecycle data (GA, EOL, EOS).

• OS Versions and 3D Visualization
  Mapping of physical and virtual servers by OS version, including a 3D graphical representation of relationships.
• Security Scoring
  For each asset, Qualys® Criticality Score and TrustRisk Score are imported to assess the security status of servers and devices.

A tailored integration to strengthen control, security and compliance

This synergy between CMDBuild and Qualys®, made possible through this custom development, enables effective IT Asset governance, supporting security operations, auditing, and regulatory compliance—particularly in alignment with frameworks such as the NIS2 Directive.

On March 27th, a webinar dedicated to presenting the most relevant features of CMDBuild 4.0.0 version was held.

If you didn't have the opportunity to participate in the webinar, you can watch it by visiting the event page.