Skip to content

SaaS vs onPremise: Pros, Cons and Cost Analysis

SaaS vs onPremise, do you use the cloud?

Do you use the cloud?

Be aware that we’re not saying that you are in cloud nine, but that you may most likely be using the cloud. That is, if you use Google mail, Microsoft Office 365 office suite or you take a photo with your cell phone and then it gets automatically uploaded to iCloud or something similar, you are using the cloud.

The cloud, as an abstract concept, encompasses a series of technical terminology such as SaaS, IaaS, PaaS, etc. The good thing about the concept of the cloud is that you can guess what it does thanks to the metaphor: we do not know where our data are, or how they get there, nor does it matter much for us, because it is far away and it does not affect us. The great success of the cloud of the 21st century has been to find an especially powerful metaphor that omits the complexity behind that technology and gives us peace of mind.

The concept of using third-party infrastructure for “our stuff” is the oldest thing in computing. In fact, back in the 60s of the last century, most computing worked like this. You connected to a large machine from a computer that was not as such, but a screen and a keyboard. Then the microcomputer craze turned around and every computer was self-sufficient. Now, almost a century later, we have rediscovered that it is more efficient to have everything centralized in one big system.

I have nothing against the cloud. Well, my life is not at stake, unless for example, I entrust the IT infrastructure of my business to the cloud. This is what happened to a number of companies in Asia, such as CITEX or BitMax that used the Amazon cloud (AWS) to host their Bitcoin exchange service (Exchangers), well, them and also the Asian sites from Adobe, Business Insider, Expedia, Expensify, FanDuel, FiftyThree, Flipboard, Lonely Planet, Mailchimp, Medium, Quora, Razer, Signal, Slack, Airbnb, Pinterest, SendGrid and a few hundred more. The cloud is not infallible, the cloud is comfortable.

Today many companies have relied so much on the cloud that it is impossible to take a step back, get out of the cloud, because they would literally have to remake the system with another technology. The cloud is easy but implies total dependence on the provider, especially in technologically optimized systems such as Amazon’s. It’s too good a candy to resist.

Realistically, if you’ve already risen to the sky and are floating with the clouds, and the technology that supports your business is floating above your head, it may not be easy or comfortable to go back, in fact, you may have probably already realized that the cloud is not cheap at all and the costs are increasing over time, and are difficult to predict.

Well, it’s already in, and it’s not going to change, so you should at least be able to keep an eye on what your provider is doing. Monitor the quality of service they offer you and make sure for yourself, because who is watching the watchdog? That’s right, do it yourself, trust no one, do it with your own systems, don’t use a cloud system to monitor another cloud system, put your feet on the ground and buy yourself an umbrella, just in case it rains.

The “lifetime” model: onPremise

On the contrary, we have the classic model of “buying the software” and using it however you want, wherever you want and, whenever you want you change programs without much thought. Oddly enough, this is really the new model, the pay-per-use model that SaaS has copied predates conventional software licenses. The onPremise model gives you the right to use the software on your own computers, in your own facilities and where the manufacturer or software owner does not have any access or rights. The only requirement is to pay for it and use it under the conditions approved by the license you acquired.

Cost analysis: onPremise vs SaaS

The onPremise model has some undeniable advantages, the main one being data security. As it is running on your systems, you own both the information and the processes that use that information. This has legal and business implications, since changing providers can be easier than when you use its SaaS equivalent.

Although it may seem a lie, in the long term the SaaS model is more expensive than the onPremise model, and above all, with the onPremise model it is much easier to estimate the Total Cost of Ownership (TCO) in the medium term. This can be easily demonstrated if we compare the costs in the subscription/pay-per-use model (SaaS) and the license ownership model (onPremise) for one, three and five years.

  • Suppose a SaaS license annual cost is €5,000/year. In this case it is pure OPEX (operating costs).
  • Let’s picture an onPremise license whose annual cost is €10,000 the first year, and whose annual maintenance cost is 20% (which is the standard in the market). That supposes a renewal cost of €2000/year. In this case, it is pure CAPEX (investment in assets, software).
 SaaS onPremise
1 year5,000 €10,000 €
3 years15,000 €14,000 €
5 years25,000 €18,000 €

There are intangible factors, such as input barriers, higher in onPremise models, and output barriers, higher in SaaS models. It is also true that an onPremise installation involves additional costs: those of infrastructure, operation and training.

In certain types of applications with little added value such as office tools, the SaaS model is here to stay. Office 365 or Google Docs are a perfect example.

In other cases, such as Adobe Photoshop, the onPremise model has been combined with a pay-per-use -subscription- model (but without being SaaS) combined with the conventional onPremise licensing model.

Summary of arguments in favor of each model

SaaSonPremise
Security depends on the provider.Security depends on the customer.
The responsibility for the operation lies with the supplier.The data is owned by the customer.
Savings in infrastructure and operating costs.Lower long-term license costs.
Ease of financing (monthly or quarterly payment).Easier-to-plan long-term costs.
OpexCapex
Lower input barriers.Higher input barriers.
Higher output barriers.Lower output barriers.
Faster deployment times.It is easier to integrate with the rest of the business processes.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

SafeDNS received the Global InfoSec Award during the 2021 RSA Conference

The 9th Annual Global InfoSec Awards saw SafeDNS virtually rewarded by the Cyber Defense Magazine and the Cyber Defense Awards during the RSA Conference USA 2021 for the cybersecurity industry. SafeDNS has been recognized as the internet filtering market leader.

This newest award comes in addition to other recognitions SafeDNS received over the past 10 years in the cybersecurity sphere for its internet filtering solutions.

Earlier this year, SafeDNS released a new interface for its web filtering dashboard, thus coupling clean design, better user-friendliness, and sophistication to provide a unique experience to its customers.

The whole SafeDNS team thank its customers and partners for their support and permanent feedback that has continuously allowed its team to come up with improved, simpler, cost-effective, and robust web filtering solutions.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

“Air-Gapping” IT and OT?

Following the Colonial Pipeline Ransomware incident, Twitter exploded in to an orgy of blather from people demanding that we “air-gap” ICS. Those righteous keyboard warriors know what is best, I’m sure.

We cannot avoid having a secured connection with the office. But on the other hand, we don’t need ICS networks to be connected to the office 100% of the time. If there are elements in the office that require “real-time” performance, then someone should examine the data flows and why such connections are required. In most cases, the connection could be replaced by a reporting device on the OT side of the network, or it is just someone’s pet project that has no business case.

Office connections should have asynchronous, buffered connections. For example, I visited a pipeline operation similar to Colonial about three years ago. While they operated at a slightly smaller scale, They had a very manual connection between the office and the control room. At the beginning of the shift, the office would hand the operations staff a few sheets of paper with a list of what petroleum products need to move through the pipeline from where to where. The operators do this, and when the shift is up, the operators would generate a report for the office and hand the clerical and planning staff a few sheets of paper with the current results. This was not a huge amount of time-critical data.

So if some executives come to you thumping their chests saying “we must be connected all the time because it’s complex and intricate” –tell them to go fly a kite. They need to get a sense of perspective. By the way, flying a kite is a great way to relax, and feel small, while your kite flies high.

Furthermore, we should all practice network segmentation. This means periodically disconnecting the automated segments of the operation by disconnecting network connections. This gives people proper training and practice for identifying those key network segments so that they won’t be flustered and make mistakes when the real need arises. It also trims the operation down to essential automation so that everyone knows exactly what to expect.

When people work with automation enabled all the time, one should expect the manual skills and understanding of the automated systems to atrophy. If operators and office staff do not fully understand what the automation should do next and how it is supposed to work, how will they be able to determine that something is broken before it is too late?

This practice of breaking automation into semi-automatic subsystems is not just good for security, but also for operational proficiency and diagnostic training. In the case of a pipeline such as this, going back to older methods of faxed fuel orders and the like is also good as a method of cross-checking the automation.

And that brings me back to the people who think these systems cannot possibly operate without the automation. I like automation. I have designed automation over my entire career. But it is important to keep the semi-auto and manual controls available. If the automation or the instrumentation fails, there should be a backup plan of some sort. Assuming that without automation everything falls apart would be like assuming that without an autopilot, a ship would automatically run aground. It won’t. The pilot would end up working a lot harder and the maneuvers may not be as precise, but the ship is in no danger –unless the pilot has forgotten how to operate the ship.

“Air-Gapping” the networks between OT and IT is not practical in most cases. There is a significant Return on Investment for connecting them. But limiting the flow of traffic and practicing procedures for isolating the two is not as crazy as it sounds. Practicing that feature also has a very significant Return on the Investment. It is probably worth doing.

Opinion Disclaimier

The views and opinions expressed in this post are those of the author and do not represent the official policy or position of SCADAfence.

The original post can be found here: https://scadamag.infracritical.com/index.php/2021/05/15/air-gapping-it-and-ot/

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Bridging the Gap Between IT and OT and How the Rapid7 & SCADAfence Partnership Leads the Way

It’s been over a decade since the headline-grabbing Stuxnet virus was introduced and the concept of nation-state-sanctioned cyber attacks was presented by security professionals. The concern about different cyber threats which could exploit and potentially destroy physical assets and even human lives grabbed the attention of different industrial organizations. Cyber attackers’ pursuit of the different vulnerabilities in these organizations’ assets could lead to exploitation in operational technology networks.

Despite the early warnings in 2010, only in the past five years has there been an increase of nation-state attackers becoming more prevalent as seen in the recent Solarwinds attack, which was credited to nation-state actors with alleged Russian ties. Cybercriminals are deploying ransomware attacks as their method of choice when attacking different industrial organizations. Over the past 12 months, there have been different successful ransomware attacks on different industrial industries which include the Colonial Pipeline attack and  SNAKE / EKANS attack.


Figure 1: The rising growth of ransomware attacks

These attacks have put a focus once again on the vital importance for all industrial organizations to secure their Operational Technology (OT) environments. OT networks and devices are the heart of automation for industrial assets and unlike newer technology, they are less segmented by virtue of the older industrial infrastructures connecting to the internet and integrating new services in their equipment.

Industrial organizations have been forced with new obstacles, such as remote access and third-party services, which has created a larger attack surface for cybercriminals to exploit OT networks and organizational physical assets (such as the attack on the city of Oldsmar, Florida.) This increasing attack sector has created a newer approach concerning how to secure OT networks and devices while ensuring the more modern IT security methods don’t create new doors for cybercriminals to exploit. Traditionally OT security teams were not in charge of advanced threats and IT security, and thus the need to converge OT and IT networks and systems are becoming more popular by the day with industrial organizations.

When organizations begin to converge their IT and OT systems, they must align their OT network with the same concrete security controls which are deployed on their IT network. By enforcing the same level of IT security controls on the OT network, it provides industrial organizations the ability to detect and mitigate different cyberattacks with an additional layer of defense. Implementing an effective OT security strategy demands a complete audit trail of security incidents while providing full visibility of any lateral movement in the OT network.

OT Systems Create More Challenges For Security Teams

Nothing in life is a simple task and this is especially true when it comes to securing OT systems and networks. With the increasing usage of IP-based communications with OT devices, there is a bigger challenge between OT & IT teams in understanding who is in charge of securing OT systems. Additionally, securing this space is not an easy task. Many traditional networks that were once disconnected, for example, power plants and water systems, are now connected with cloud-based smart management tools. This has created more security risks as OT technologies are updating with the modern Internet.

As more Industrial Control Systems (ICS) are moving to be digitalized, the result is an increased attack surface which has allowed these systems to become a favorite target for mischievous cyber attacks. Over the past decade, IT environments have quickly evolved to adopt and implement security as a key element of managing IT environments. However, OT hasn’t evolved to the quick pace of the attacks and only now are implementing the right amount of security for OT systems and networks. On top of being late bloomers to adopting and implementing security, OT industrial engineers did not think about security when creating the industrial protocols which have been in place for years.

Moving forward to the present day, the industrial industry has adopted a plethora of protocols that cover productivity and security in the newly adopted smart production environments. These industry protocols have created a massive challenge for asset owners as they are hindered to strive with security due to not having complete visibility of their OT networks and devices, lack of monitoring and not having effective security solutions to detect and respond to security attacks.

On top of not being able to completely secure and monitor OT systems, it’s a challenge for OT teams to have a better understanding of their OT equipment as they are sensitive to network scanning. When an OT system is sent unexpected data or more data than it can handle, it can result in a failing activity log which creates the idea of making monitoring a bit more challenging. Additionally, ICS networks use more PC servers and remote workstations which is a recipe for a more twisted attack surface that is a combination of enterprise services and cyber physical systems. To solve these complex security challenges, the approach that industrial organizations need to take is to adopt security for both fronts and get a better understanding of which systems are more perceptive to OT active monitoring.

How Rapid7 & SCADAfence Help Improve Visibility in OT / ICS Environments

With these different security challenges in place, industrial organizations can surmount the challenges by adopting a security system that provides complete monitoring of OT systems and networks. The security system should provide an assessment of different vulnerabilities in both the IT and OT environments. Security teams need to have a clearer understanding of what is occurring with OT systems and networks and how cybercriminals are designing their attacks to exploit the OT systems through the IT environment. Additionally, industrial operators need a better understanding of all their assets and devices in their production environment, especially in their IT and OT equipment.

To help industrial organizations improve their IT and OT visibility we have partnered with Rapid7. Now, customers can integrate SCADAfence with Rapid7’s leading vulnerability risk management solution to leverage visibility into their OT assets and devices. Additionally, customers gain in-depth information around OT networks and identification of cross-site communications and connections between devices with potentially exploitable vulnerabilities.

By integrating SCADAfence and Rapid7 all under one roof, organizations can detect, assess and mitigate across the IT and OT infrastructures while improving the visibility of all their assets. By automating OT and IT security with SCADAfence and Rapid7, customers are achieving full coverage of their IT and OT systems. This is the right step to accurately defend against cybercriminals and nation-state cyberattacks on operational technology systems.

To learn more about our partnership with Rapid7, please visit: https://l.scadafence.com/rapid7-scadafence-joint-partnership

On top of our joint technical partnership and integration, SCADAfence’s research team is continually working with Rapid7’s on their annual vulnerabilities report. Read the Rapid7 2020 Vulnerability Intelligence Report to learn more about our researchers work in securing physical systems in a digital world and the OT threat landscape.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Prominent U.S. University Overcomes Network Access Challenges with Cloud NAC

The University of Denver is a leading private research institution in the United States with nearly 13,000 undergraduate and graduate students, and roughly 4,300 staff members. The university has a prestigious reputation, often ranking among the top 100 universities in the country, and is the oldest research institution in the Rocky Mountain Region of the U.S.

In late 2019, the University of Denver’s information security team, led by Marcelo Lew, went out in search of a network access control solution to help manage access to the institution’s guest network, as well as to its growing eduroam WiFi network roaming service. “Internally, we had an initiative to move our security stack to the cloud,” Lew said. “We’re really focused on bringing in solutions that are lightweight and don’t require an FTE to come in and manage them.”

Choosing Simplicity in Uncertain Times

As an existing HPE Aruba ClearPass customer, and having evaluated Cisco’s Identity Services Engine (ISE) NAC solution, Lew and his team felt that Portnox CLEAR had the potential to deliver the needed functionality without all of the heavy systems lifting to stand up and maintain required of traditional on-premise NAC. “Some of the legacy NAC solutions out there have a million knobs, making them complex to configure and difficult to troubleshoot. Most institutions like us don’t need all of that,” Lew continued.

aruba clearpass replacementLew and his information security team set their sights on Portnox CLEAR NAC-as-a-Service, moving to a PoC in early 2020. The untimely rise of the Coronavirus pandemic in March of 2020 in the U.S. put a damper on the team’s initial efforts to test the platform. “COVID-19 forced the PoC to take a bit longer due to operational challenges, but in general, we really liked what we saw,” said Lew. “Portnox CLEAR really had the potential to get us where we wanted to be with regards to moving NAC to the cloud.”

Coverage for the Guest Network

Portnox CLEAR would eventually be rolled out in full across the university’s guest network, with full coverage up to 10,000 devices. “We have hundreds and even thousands of users on our guest network at any given time. We’ve had no issues and our network engineers have found Portnox CLEAR very easy to configure. The team particularly likes that there’s no on-prem component or need to upgrade servers on a regular basis,” Lew went on to say.

Starting with the guest network was a strategic decision. The university often hosts conferences and events with thousands of non-staff visiting for the day and needing wireless connectivity, making the guest WiFi network target number one for potential cyber threats. “We’re also situated in a populated neighborhood community in Denver. We’re fine with the community being able to utilize our WiFi, but we needed a mechanism to allow for this while keeping the university’s data safe,” said Lew. “After all, our motto here is A Private University Dedicated to the Public Good – that concept extends to our network as well.”

cloud nacExpanding to Eduroam & Beyond

As Lew and his team look ahead, they plan to extend CLEAR’s access control capabilities to the university’s eduroam wireless network used by staff, as well as to the many wired ports across the campus. “We have a few quiet periods during the year where network activity is low – typically in the summer, and about 3-4 weeks in December. We’re planning to tackle eduroam coverage with Portnox CLEAR in the fall of 2021, and the wired ports over the Christmas break,” said Lew.

The move off of its reliance on HPE Aruba ClearPass for NAC to Portnox’s cloud-delivered NAC-as-a-Service signifies a larger initiative within the institution even beyond cloud transformation. “The hard perimeter-based security approach doesn’t work anymore because devices are no longer limited to the university network,” Lew continued. “So, we cannot assume that everything inside the perimeter (or enterprise firewalls) is safe. We are working towards a zero trust but always verify environment, where for users like campus guests are given the minimum possible access needed.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com

About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

CyberLink Partners with ACE Biotek Integrate Facial Recognition into Temperature Screening System to achieve a 0.5 seconds of Access Control

TAIPEI, TAIWAN – May 20 2021 – CyberLink Corp. (5203.TW), a pioneer in AI and facial recognition technologies, today announced a partnership with ACE Biotek, by integrating its FaceMe® AI facial recognition engine into ACE Biotek’s Wallie Screen Access Control and Health Screening System, providing a quick, fully automated solution to control access and check-in personnel, in addition to verifying proper mask wearing and measuring body temperature when required, to maintain a safe environment inside business, medical and other facilities.

With COVID-19 still active and to be better prepared for another potential pandemic, organizations around the world are turning to technology to identify cost effective solutions to automate access control and health screening measures at their facilities. Performing these tasks manually is error prone and costly. And bottlenecks are likely during busy periods, adding social distancing challenges.

ACE Biotek’s Wallie Screen Access Control and Health Screening System (TC-800) is designed to perform frinctionless access control and health checkpoints across industries, including medical and office facilities, primary targets for the company. By integrating infrared cameras and CyberLink’s FaceMe® engine, TC-800 brings together all the necessary features to verify identity with or without mask, detect mask-wearing compliance, and measure body temperature, all in a half-second, making the process almost invisible to users. Launched earlier this year, the system is already deployed and delivering positive results for customers in the US and Taiwan. For example, in a tech company with over 5,000 employees, TC-800 has replaced timeclocks to record employees’ attendance, removing queues at busy hours while adding all the system’s access control and health screening features, automating tasks otherwise largely performed manually. Benefits were immediate, from labor cost savings and attendance improvements, to much tighter access controls and the assurance of a safer work environment.

“As parts of the world are re-opening to a new normal and others are still actively fighting COVID-19, facial recognition can play a central role in enabling automated, frictionless security, access control and health screening solutions that are critical in both cases,” said Mei Guu, senior VP of CyberLink. “With its comprehensive support of IoT hardware, optimized across operating systems, FaceMe® integrates seamlessly into into ACE Biotek’s Wallie Screen Access Control and Health Screening System, enabling contactless access control, time and attendance, and health measurement solution to businesses and medical facilities.“

CyberLink’s FaceMe® engine is ranked as one of the most accurate facial recognition technologies in the world by the renowned National Institute of Standards and Technology’s Facial Recognition Vendor Test (FRVT), listed top 6 in both 1:1 and 1:N tests. With the comprehensive support for operating systems, including Windows, Linux (Ubuntu, RedHat, CentOS), JetPack (Jetson), iOS and Android, and the optimization for CPU, GPU, SoC, APU, and VPUs, FaceMe® provide a flexible solution to enable facial recognition across a wide range of IoT/AIoT devices.

“Wallie Screen is a fully-integrated solution verify identity, monitor access, record time attendance and perform health screening, all within a half-second,” said Jason Chou, Director of Medical Solution of ACE Biotek. “By partnering with CyberLink, ACE Biotek integrates a world-class, highly accurate facial recognition and mask detection engine into its Wallie Screen system, addressing a fast-growing need for frictionless security, health and safety solutions that emerged with COVID-19 and is even more prevalent as parts of the world is reopening.”

ACE Bioteck’s Wallie Screen AI Rapid Temperature Screening System is equipped with real-time infrared body temperature and identity recognition. Additionally, Wallie Screen can also automatically detect whether the face is wearing a mask. It is equipped with cross-platform real-time remote monitoring, which can activate the use of equipment during non-epidemic times and reduce the possibility of on-site disease infection.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

Industrial Control Systems Security: Are OT and IT Partners or Enemies?

Security incidents in industrial environments are not exceptional. There were times when it was enough to throw a lever to restart a power plant if an attack occurred. But with many organizations undergoing digital transformations, the recovery of an industrial infrastructure from cyberattacks now takes much longer.

Information technology (IT) networks and operational technology (OT) networks have many differences, as do the people who take care of these environments. But their security has some common elements as well. There’s always going to be incidents that go across the borders – incidents in IT that come from OT, and vice versa. Also with the advent of Industry 4.0, automation and intelligent control, the air-gap has become a myth. OT no longer sits alone.

In 2020, there was a ransomware attack on a water company in a mid-sized European city. At first, it was purely an IT problem. Just after the attack, the company deployed GREYCORTEX Mendel to audit their infrastructure. Mendel found out that hackers still had access to the systems and more attacks could come. And they would spread to the OT network. In that case, local people would have been lucky because they could have still drunk clean water. But nature wouldn’t be so fortunate – untreated wastewater would be discharged into the river uncontrollably. So luckily for the people and the environment, the biggest loss was for the company – it cost them ​only” three days of income.

Despite this, in GREYCORTEX, we repeatedly notice that IT and OT teams do not cooperate. And cybercriminals know it. On top of that, there are just a few experts who can sufficiently understand both areas.

But there’s good news! Both parties can benefit from each other’s knowledge and experience. It is only necessary for them to find common ground:

  • The main priority for IT experts is data and its confidentiality. They understand the use of exploits and vulnerabilities and they have an overview of security products, their abilities and market innovations.
  • OT experts, on the other hand, place an emphasis on the security and availability of assets and processes. They have a deep understanding of complicated industrial environments and devices that are programmed completely differently to ordinary computers. OT experts know what is going on in operational networks, how they work and what can happen there. They know the risks of possible security incidents very well because their impact is usually much more devastating than in an IT environment.

Identify Worst-Case Scenarios

As a complete digital transformation is taking place, we start to get into a more homogenous infrastructure. So that’s why the knowledge of IT and OT teams should be merged. And what should both teams talk about? Imagine the worst day at work you can have:

An explosion that kills several people. Industrial espionage and the leakage of unique know-how. Or maybe a few days of unplanned downtime that costs the company millions.

Starting to see the picture? So, let’s focus together on these questions:

  • What systems can cause the biggest disasters?
  • How can you reduce known risks?
  • Do you have an incident response plan or recovery plan?
  • How do you monitor required policies and configuration?

Now, you are on a good path to successful cooperation. And all the effort towards a joint discussion should be supported by a easy-to-use tool that can be used in both worlds. Because many principles of IT security can also be used in an OT environment.

Proper Security Monitoring

One of the most important key prerequisites for ensuring network security is to see and know:

  • what exactly is in your network 
  • and how are these assets connected?

As soon as you know about all devices, how they communicate with each other, what version of firmware they have installed, who their administrator is, who has access to them, what security policies are set and how they are followed, any discrepancy will easily start showing a warning signal.

This is exactly why GREYCORTEX Mendel came into being. Based on intelligent traffic analysis, Mendel can detect any anomalies. It identifies and visualizes all above, learns and detects the early stages of cyber attacks as well as infrastructure vulnerabilities that can be exploited by potential attackers.

One of the biggest difficulties of OT networks is the combination of new and old devices. Sometimes, everyone even prays that they still work. Add to that the fact that many suppliers do not follow the principles set by the manufacturer and ignore manuals. In these situations, Mendel can give you the assurance that you need.

To sum it all up, Mendel will find any shortcomings in your infrastructure that the security team would not normally detect. Thanks to the time saved, you can devote yourself to other tasks that there was no time for previously.

There is only one way to live in peace: Safe password management

A few rules for safe password management

In this, our competent blog, we boast of always giving you good advice and providing you with the technological information necessary for your life as a technologist to make sense. Today it is the case again, we will not reveal the hidden secret about the omnipotence of Control/Alt/Delete, but almost. Today in Pandora FMS blog, we give you a few tips for safe password management.

Safe password management

The purpose of this article is for users to be responsible for keeping their coveted passwords or authentication information safe when accessing confidential information. Because think about it, dear reader, how long ago did you come up with your first password? Surely it was to enter your select club in the treehouse. Maybe you even still choose the same for your social networks, Netflix or office pc. Was it as ordinary as your birth date? Your name and the first two acronyms of your surname? “RockyIV”, which was the name of your fourth favorite pet and movie? I don’t blame you, we have all been equally original and carefree when choosing a password.

But that is over! Many things already depend on this password, on this motto or pass that must include more than eight characters and at least one capital letter and one number. Your company security is not a game, damn it! There is a lot of mischief and felon out there that can put you and your businesses in a loophole, because of a vulnerability such as having a poor password! But do not worry, we will help you, we will talk about safe password management. We are Pandora FMS blog, we like potato salad, Kubrick movies and fighting against injustices!

Recommendations for safe password management

*Obvious but vital fact: User IDs and passwords are used to check the identity of a user on systems and devices. I just point that out here as an outline in case someone is so lost that they don’t know this. I repeat that we are talking about strong password management, so knowing what a password is is a must and saves time.

Said passwords are necessary for users to have access to information, normally, even if the merit is not recognized: capital information in your company. User IDs and passwords also help ensure that users are held accountable for their activities on the systems they have access to. Because yes, telereader friend, users are responsible for any activity associated with their user IDs and passwords. For that reason, it is very important for you to protect the password with your life and comply with the following policies related to them:

  1. Users may not, under any circumstances, give their password or a password indication to a third party. *This seems obvious, but trust me, it is not. People sneak passwords like they’re office whispers or reggaeton choruses.
  2.  Users will not use user identifiers or passwords of other users. *As we can see, in this case, sharing is not living.
  3.  Users must change initial passwords or passwords received as temporary “reset” passwords immediately upon receipt. *For me, this is the most exciting and creative part, you never want to set the abstract code they give you, you want to improvise, imagine, CREATE!
  4.  Users should change their passwords if they suspect that their confidentiality may have been compromised, and immediately report the situation as a security incident. *Don’t be ashamed of yourself, admit that someone may have violated your secret and repent before it’s too late.
  5.  Users should not use the “remember password” function of programs. For example, if an application sends users the message of “automatically remember or store” the user’s password for future use, they will have to reject it. *This is a piece of information you did not know, huh? Well, it is as interesting as it is important.
  6.  Users should not store passwords without encryption, for example, in a text file or an office document. In this case, this document must be protected with access control.
  7.  When an administration password must be communicated, never send by the same means, the user and the password. For example, the user should be sent by email and the password by instant messaging. *I know that sometimes you try to save time, but with these things you better take your time and do not risk it.
  8.  Users should not set the password on a post-it on the monitor, nor on the table, nor in the drawer or “hidden” in another place in the office or among your personal belongings. *This is one of the big mistakes everyone makes. Yes, post-its or notebook sheets have always helped us, but this time they are too obvious to keep such a big secret.
  9.  Users should not use the same password for two systems or different applications. *Sorry, but you will have to memorize more than one. But rest assured, if a chimpanzee could recognize the descending sequence of nine numbers, someone who graduated from elementary school can do better.
  10.  Users who find out the password of other users must report it, ensuring it is changed as soon as possible. *Here fellowship first and foremost. It is not only right hugging after company dinners. Camaraderie above all!
  11.  Users must change their passwords at least once a year, or when indicated by the system, and in the case of administration passwords every 180 days, or in the event of changes of personnel in the company that may know them.
  12.  If now you are afraid because you do not have a strong enough password, it’s normal, but I repeat, calm down, follow the following rules for passwords creation (if the system supports them) and nothing will go wrong:
  •  a) Passwords must be at least six characters long.
  •  b) Passwords must not be easily predictable and must not be contained in dictionaries. For example: your username, date of birth, or 1234, we all know that one.
  •  c) Passwords must not contain consecutive repeating characters. For example: “AABBCC”.
  •  d) Passwords must have at least an alphanumeric character, a numeric character, and a special character.

Good, and so far that was the lecture about being responsible that you must assume and internalize if you want things to go smooth at least in terms of passwords and vulnerabilities. Oh, nothing to thank us for! You know: “Life is beautiful. Password yourself”. Look, that could be your new password, right? No, the answer is NO! REMEMBER EVERYTHING WE LEARNED TODAY IN THIS ARTICLE!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Portnox Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2021

Portnox Wins Award for “Cutting Edge NAC” in 9th Annual Global InfoSec Awards at RSAC 2021


NEW YORK–Portnox is proud to announce it has won the award for “Cutting Edge Network Access Control (NAC)” from Cyber Defense Magazine, the world’s leading information security e-magazine. “We’re thrilled to receive one of the most prestigious and coveted cybersecurity awards in the world from Cyber Defense Magazine. We knew the competition would be tough – after all, the judges are leading infosec experts from around the globe. We couldn’t be more pleased,” said Ofer Amitai, CEO at Portnox.

Portnox’s cloud-delivered NAC-as-a-Service – Portnox CLEAR – has taken the network access control (NAC) market by storm in recent years, seeing a surge of new customers seeking to move off of their legacy on-premise NAC solutions. In 2020, Portnox saw its revenue grow 30% year-over-year.

“As the only true SaaS NAC product on the market, Portnox CLEAR is making NAC implementation and deployment easier for enterprises – particularly those with highly distributed networks,” said Tomer Shemer-Buchbut, Vice President of Products at Portnox. “By eliminating on-going maintenance like upgrades and patches common of on-premise NAC, we’re offering companies far better total cost of ownership.”

“Portnox embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help stop the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

With 80 billion connected devices expected to be in use by 2025, the NAC market is growing rapidly – projected to reach nearly $12 billion globally. Device proliferation paired with an ever-expanding number of cyber threats and hybrid workforce operations has made network access control a critical component of any enterprise cybersecurity stack. “NAC is front and center for CISOs and their IT security teams. Expect the demand for network access control – particularly cloud NAC – to continue to grow as companies continue to embrace emerging networking models like SD-WAN, ZTNA and SASE,” said Amitai.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com

About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.