Skip to content

Patch Management Best Practices

The primary security measure to prevent cyber attacks is software patching. Many organizations know the benefits of patching, but the challenge begins when carrying out patching as a routine activity.  

Continue reading

Patch Management Risks

The term patch triggers many familiar scenarios which include the duct tape repairs of different objects, affixing a rubber patch to a blown bicycle tire and much more. While these temporary fixes won’t heal the fundamental cause, they are easy and quick solutions.

Continue reading

Challenges of Software Patching

Patch management and software patching is an essential component in IT. However, we overestimate its capacity to solve security issues. Most times, there is an assumption that if your IT security team is not keeping up with patching, it’s always going to be their fault when there is a vulnerability in your network. Therefore, let’s explore this process and discuss this model of security patching, challenges of software patching and how these challenges can be tackled. 

Continue reading

10 reasons to change your monitoring software

Every change is for the better and we give you ten reasons to change your monitoring software.

Cuando se habla de cambiar de software, no sé por qué, me viene a la mente la compra de música. Bueno, yo soy de los de antes: vinilos, cassettes, a principios de siglo los CD y DVD… Claro, ahora es diferente, actualmente existe el pago por suscripción, que reproduce en línea, y donde generalmente se ofrece el álbum de turno o paquetes completos con muchas estrellas musicales…

We could start right there, highlighting the difference between “the cloud and the earth”, running software on the Internet versus having one on your own physical servers. Both have their costs, we know. In fact, we already gave detailed information in another article on the subject. Because before talking about changing your monitoring software we must start there, the money. That’s the reason why you will have to take into account several factors, so let’s go for pencil and paper (virtual) and let’s start numbering!

1) Pandora FMS offers several forms of installation and download, as well as modes of operation. That is one reason to consider switching monitoring software. This mechanism allows you to grow, and, if necessary, reinstall at any time. You don’t have to buy a whole package either: in Pandora FMS you start by installing the Community version and as you see the benefits for yourself, you can move on to installing and testing the Enterprise version, without obligations or hassle. There you will always have the installers, both online and offline, as many times as you need them.

2) Do you have a feature in mind that cannot be found in any monitoring software? Don’t be embarrassed, it happens. I, at the very least, am very picky about how to insert text and data into text or number boxes. When you focus on them, I like for the text to be selected in a specific color, for example. And don’t even let me begin on entering numerical amounts or phone numbers.

And Pandora FMS does not have exactly that requirement either… However, you just have to go through the Community version that is open source and through its forum to get the help you need to develop the idea.

Better yet, you may have already been successful but now you want a more ambitious and highly customized improvement for your company: try the Enterprise version, where they will give you professional advice and offer you extraordinary improvement plans tailored to your needs. After all, only you know what is best for your company and what it needs. An exactly tailored suit or smehting ready-to-wear ? You choose!

3) With Pandora FMS you will be able to monitor at first remotely, without interfering much in your work processes, continue with an advanced remote configuration and, if everything goes smoothly, advance to monitoring with Software Agents, which are installed on each device. While you change -and advance- Pandora FMS has already outlined the path until (for now) June 2023. Exploring and changing monitoring software can be done before it’s necessary, even if it’s late.

4) Using great monitoring software, widely used worldwide and also used by large corporations, is not a guarantee of good security. I invite you to read about the case that took many headlines in the press, social networks, radio and television. Take this chance to have a coffee and take a deep breath to come back, there are still six reasons to change your monitoring software.

5) Because you don’t believe in magic wands. Neither do I, and in Pandora FMS that is very clear for them. Each client has a different problem and it is necessary to adapt to each particular case. But it will not be by magic, you have to invest time and effort, and in that domain Pandora FMS offers decades of proven experience.

6) Because “we just know that we do not know anything”. Without the aim to go in depth into the philosophical field, we must always pay attention to constant learning. Perhaps the documentation of your software is quite poor and it would be a good time to change it. Pandora FMS has forums of users of the Community version, documentation, tutorials and this blog that you are reading today. With all of them you can learn at your own pace, but if you want or rather need a push – certification included – check out our training in monitoring. Psst, with the Enterprise license this last one is included, don’t miss the chance!

7) Another reason to change your monitoring software is indeed not to change anything! Perhaps you simply need a monitoring contingency plan or an alternative of audit or measurement of result comparison. For example, I am a client of DigitalOcean, a company that provides virtual computers and that has both monitoring processes (Software Agent type) in each droplet (virtual machine), as well as at large-scale with Prometheus in its hypervisors. However, remote checks and Pandora FMS Software Agents are more useful for me, which also helps me verify information. It is not that I don’t trust the monitoring software implemented by my own provider, but rather you must always have different options, see the full horizon to be able to choose the way forward.

8) Because two are better than one: eHorus is a remote access program that can later be integrated with Pandora FMS. EHorus remote access software can be integrated into Pandora FMS, so you may combine computer – or client – monitoring, find out the bandwidth consumption of your network, the software installed on your PC, see logs and events and connect to the computers you need from the monitoring console itself. Test without commitment nor cost for up to 10 devices.

9) Because three is better than one. We add another reason to change your monitoring software, Integria IMS. Fully compatible and integrated with Pandora FMS. Integria IMS incorporates your forms for clients in your own Web, feeding Integria IMS directly through API. In addition you will have access to lots of articles, downloadable files, multi language, categorized and with access control to manage incidences. Monitor changes and performances on your machines with Pandora FMS agents!

10) Is the “billiard ball” with the number ten missing? You yourself can add the tenth reason to change your monitoring software. Tell us about your experience with other software, you can leave your comments below, visit our channel at YouTube, Linkedin or Twitter.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

​Top 20 PLC Secure Coding Practices Released

Over the years, PLCs have been insecure by default. Security good practices have been created and adopted for IT which can be seen in OWASP’s Top Ten Vulnerabilities list and Secure Coding Practices report. However, until recently there has not been an emphasis on the different features in PLCs or SCADA for security or how engineers can program PLCs more securely.

Most organization’s PLCs were not connected to the internet or anything outside their industrial control systems or other PLCs. However, the new mindset of  Industry 4.0 of the ongoing automation of traditional manufacturing and industrial practice has created more security risks and threats for OT networks.

Until now most security research that had to do with PLCs was more focused on how to exploit PLCs and how to alter the industrial processes. Luckily insecure PLCs haven’t been highlighted as the key reason for the most recent cyberattacks on industrial organizations. The more common IT threats have been the heart of attacks with targeted ransomware attacks as seen in the Colonial Pipeline attack. Despite only attacking the IT network, the company shut down its OT networks and operations which control its pipelines and distribute fuel as a precaution which resulted in a temporary gas shortage in the United States.

Another example of a recent breach where OT networks were threatened is the water plant in the city of Oldsmar, Fla. This attack showed the potential risks of a cyberattack and the lack of secure programming practices of PLCs could lead to a physical outcome, in this case, poisoning drinking water. These examples are proof that improved and more secure PLCs will lead to becoming the biggest benefit in preventing a process from getting into a bad state.

Top 20 Secure PLC Coding Practices

As our good friend, Jake Brodsky said in his recent S4x20 talk, “No one learns secure PLC coding at school.” The idea that engineers were expected to come out of college knowing the best practices for programming PCLs is a misconception in the industry. According to Jake, there is a massive knowledge gap for the typical engineer who is tasked with programming PLCs which is resulting in more troubles for different ICS security businesses.

The eye-opening talk was the initial spark to create the Secure PLC Programming Practices Project by Jake Brodsky, Dale Peterson, Sarah Fluchs and Vivek Ponnada and is hosted by the ISA (International Society of Automation) Global Cybersecurity Alliance. This new security initiative offers a free downloadable 44-page document that outlines the 20 best practices for engineers that program industrial controls and help improve the security of their systems. Little or no additional software tools or hardware are needed to implement them. They can fit into normal PLC programming and operating workflows.

These are tips and tricks for catching and avoiding problems during the whole lifecycle of the PLC and the application. One of the main goals of this initiative is that PLC vendors will start to integrate or provide templates with their product training to help customers employ these practices when programming their devices.

Here are the key best practices from the list that we feel relate the most to OT security:

Validate and Alert For Paired Inputs/Outputs

If you have paired signals, ensure that both signals are not asserted together. Alarm the operator when input/output states occur that are physically not feasible. Consider making paired signals independent or adding delay timers when toggling outputs could be damaging to actuators (for example, asserting forward and reverse together)

This is important for security reasons because if PLC programs do not account for what is going to happen if both paired input signals are asserted at the same time it could result in the PLCs becoming a good attack vector for cyber criminals. By ensuring that both signals are not asserted together it will help to avoid an attack scenario where physical damage can be done.

Leave Operational Logic in the PLC Wherever Feasible

HMIs provide some level of coding capabilities, originally aimed to help operators enhance visualization and alarming. However, the HMI doesn’t get enough updates to do totallizing or integration. There is also a latency between HMI and PLC which may interfere with the accuracy of such efforts. Furthermore, an HMI will restart far more often than most PLC equipment. It makes sense to keep such accumulators/counters/integrators/elapsed-time counters and so forth there. The HMI can always receive totalizers/counts from a PLC. Thus the operational logic program should rather stay in the PLC to remain complete and auditable.

This practice is beneficial for security because it allows consistency in verifying code changes. HMI coding has its change control apart from PLC, generally not with the same rigor which does not allow system owners to have a complete view and even losing important considerations. HMI’s do not include “forced signals” or changed value lists as PLCs or SCADAs.

Restrict Third-Party Data Interfaces

To strengthen the security of PLCs, it’s highly recommended to restrict the type of connections and available data for 3rd party interfaces. The different connections and data interfaces should be specifically defined and restricted for third parties to be allowed to have read and write capabilities for the required data transfer.

This practice limits the different exposures to 3rd party networks and equipment while authenticating external devices to prevent spoofing. Additionally, it limits the ability for intentional or unintentional modifications or access from 3rd party locations or equipment.

Trap False Negatives and False Positives for Critical Alerts

OT teams should identify the critical alerts and program a trap for those alerts. Most critical alerts for PLCs tend to occur when they are triggered by different conditions.  In some cases, an adversary will attack OT devices by suppressing the alert trigger which could cause a false-negative or false-positive alert. By setting up a trap to monitor the different triggers of alerts it will allow OT teams to detect the alert state for any deviation. A PLC can react much faster than an HMI and can be far more sensitive to these triggers.

By detecting and mitigating false negative or false positives of critical alerts caused by an adversary attack on OT equipment it will allow OT security teams to have a better understanding if their PLC is accessible and being tampered with.

Define a Safe Process State in Case of a PLC Restart

By commanding a PLC to restart in the middle of a working process, there shouldn’t be any issues when it comes to disruption to the process.  Make sure that the process it controls is restart-safe. If it is not practical to configure the PLC to restart-safely, you should define safe process state alerts to ensure that the Standard Operating Procedures (SOP) have clear instructions for setting the manual controls so that the PLC will start up the process properly.

By defining a safe process state it eliminates potential unexpected behavior. The most basic attack vector for a PLC is to force it to crash or restart it. For many PLCs, it is not that hard to do, because many PLCs cannot cope well with unexpected inputs or too much traffic.  For example, the SCADafence research team found a remote CPU DoS vulnerability in Mitsubishi Electric iQ-R Series. This would allow an attacker to send a short burst of specially crafted packets over the MELSOFT UDP protocol on port 5006, which causes the PLC’s CPU to get into fault mode, causing a hardware failure. The PLC then becomes unresponsive and requires a manual restart to recover. This may be uncommon, but it is a basic attack vector if we take into account the malicious behavior of an attacker.

Using The Top 20 Secure PLC Coding Practices

In summary, at least half of these programming recommendations can be summarized as “Validate your inputs.” Many PLC programmers just assume that something physical doesn’t need to be validated. But it is possible to force inputs and it is possible for an HMI to push invalid data to a PLC. Plan for it.

The Top 20 Secure PLC Programming Practices is a great best practices guide that is the work of hundreds of PLC programmers, engineers, and security experts. This is a must-read for every OT security professional and PLC programmer, it is a specific guideline for coding a programmed PLC to help avoid a potential cyber-physical attack.

You can download the Top 20 Secure PLC coding practices document at www.plc-security.com.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

What Credit Unions Need to Know About the NCUA ACET & its New Cybersecurity Standards

NCUA ACET & its New Cybersecurity Standards

With Internet of Things (IoT) and Bring Your Own Device (BYOD) growing exponentially every year, financial institutions stand to see key benefits in facilities cost reduction and employee productivity. But credit union executives must also ask – what are the unseen risks of becoming more connected?

For example, the facilities department might implement online thermostats to remotely control HVAC systems, lighting, or time clocks. Employees might bring their own mobile devices to connect to the enterprise network, unaware their devices might be infected with malware or a virus, and unwillingly spreading laterally to the company. All these behaviors, while productive, can also put the institution at severe risk because it leaves a potential hole in the network – the ability for a bad actor to attack the unsecured Internet of Things devices that lack proper security or access controls, and/or mobile home devices (iPad, phones, etc.) of unaware employees.

The Shift to a New Examination Tool

The NCUA issued a statement warning of increasing cybersecurity vulnerabilities for federally-insured credit unions and financial services market participants, including ransomware, malware and phishing attacks, identity theft, denial of service, ATM skimming, pandemic-themed attacks and supply chain attacks – the latter being a significant threat due to the multiple parties that must work together to deliver financial services to consumers.

The NCUA has recently moved to a new security examination tool called the Automated Cybersecurity Examination Tool (ACET). Previously in 2015, NCUA was using just the Cybersecurity Assessment Tool (CAT) to identify cyber threats and test their security readiness. The NCUA ACET is based on CAT, however it adds security control validation and includes an easy-to-read dashboard. According to a report from the NCUA, the purpose of the ACET was not to be a long-term examination program, but to “benchmark” credit unions, measuring the industry’s cybersecurity preparedness.

Initially, the NCUA began reviewing credit unions with $1 billion or more in assets using the ACET, refining the tool throughout the process to ensure it could scale properly for smaller, less complex credit unions.

What This Means for Credit Unions

With the shift to the NCUA ACET, it is now necessary for credit unions to have certain controls in place in order to pass NCUA audits. Of the five domains laid out in the ACET, Domain 3 is perhaps the most critical when it comes to cybersecurity. Domain 3 tackles the necessary as it examines the necessary preventive, detective and corrective cybersecurity controls.

In the end, credit unions CIOs and CISOs have a responsibility to protect their members and their financial data. This year, as the security talent crisis grows, breaches get more complicated and IoT/BYOD device attacks get more severe, an easy to implement NAC solution should be on top of their list.

Portnox CLEAR & the NCUA ACET

As the NCUA audits continue to expand, many credit unions struggle with finding an effective solution to meet Domain 3 controls within the ACET framework.

Fortunately, Portnox CLEAR provides the network access control, endpoint awareness, risk and real-time remediation capabilities that either directly meet or highly contribute to many of the most difficult Domain 3 audit areas and requirements.

Statement Number Domain Assessment Factor Component Maturity Level Category Declarative Statement Portnox Value Explanation
1883: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementBaselineSystems that are accessed from the Internet or by external parties are protected by firewalls or other similar devices.ContributesPortnox own passwords and usage of passwords comply with that requirment.
1893: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementBaselineAll ports are monitored.MeetsPortnox Clear will monitor all ports for switches configured to work with Clear.
1903: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementBaselineUp to date antivirus and anti-malware tools are used.MeetsPortnox verifies that the installed antivirus and anti-malware is up to date and can trigger an update as well
1923: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementBaselinePorts, functions, protocols and services are prohibited if no longer needed for business purposes.ContributesPortnox can monitor the usage of services on desktops and servers and also prevent from using them (enforcing a policy)
1943: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementBaselinePrograms that can override system, object, network, virtual machine, and application controls are restricted.MeetsWith Portnox you can monitor the installed and in use applications and prevent from uanuthorized programs to execute on the endpoint
1963: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementBaselineWireless network environments require security settings with strong encryption for authentication and transmission. (*N/A if there are no wireless networks.)MeetsPortnox performs the authentication to wireless networks, you can enforce on the portnox that certain SSID will use ONLY secure protocols
1993: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementEvolvingTechnical controls prevent unauthorized devices, including rogue wireless access devices and removable media, from connecting to the internal network(s).MeetsPortnox Clear provides network technical controls to prevent unauthorized devices including rogue wireless access devices and removable media from connecting to the internal network protected by Clear.
2013: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementEvolvingGuest wireless networks are fully segregated from the internal network(s). (*N/A if there are no wireless networks.)MeetsPortnox Clear supports guess wireless management and segmentation.
2053: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementIntermediateThe enterprise network is segmented in multiple, separate trust/security zones with defense-in-depth strategies (e.g., logical network segmentation, hard backups, air-gapping) to mitigate attacks.MeetsPortnox Clear fully supports network segmentation (VLAN) and assures authorized devices are placed in the correct segment based on access control policy.
2063: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementIntermediateSecurity controls are used for remote access to all administrative consoles, including restricted virtual systems.Meets on some architecturesPortnox can be used to verify that only endpoints with the correct security controls can connected to remote consoles / virtual systems which are behind an RDP GW, VPN or similar gateway
2073: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementIntermediateWireless network environments have perimeter firewalls that are implemented and configured to restrict unauthorized traffic. (*N/A if there are no wireless networks.)ContributesPortnox Clear can control and assure that only authorized devices are able to connect to specific AP/SSID(s). Portnox Clear can manage guest WiFi
2083: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementIntermediateWireless networks use strong encryption with encryption keys that are changed frequently. (*N/A if there are no wireless networks.)Contributes
2133: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementAdvancedAnti-spoofing measures are in place to detect and block forged source IP addresses from entering the network.ContributesPortnox Clear can control and assure that only authorized devices are able to connect to specific AP/SSID(s) — supporting certificate and/or company credential authentication.
2143: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementInnovativeThe institution risk scores all of its infrastructure assets and updates in real time based on threats, vulnerabilities, or operational changes.ContributesPortnox Clear is aware of endpoint risk. Portnox Clear can block or alert based on associated policy/risk score assesment. Portnox Clear can block devices from network access it reach a block level of risk.
2153: Cybersecurity Controls1: Preventative Controls1: Infrastructure ManagementInnovativeAutomated controls are put in place based on risk scores to infrastructure assets, including automatically disconnecting affected assets.MeetsPortnox Clear support risk based (risk score) access controls. Devices first connecting to the network must both authenticate and also be at an acceptable risk level.
2183: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineEmployee access is granted to systems and confidential data based on job responsibilities and the principles of least privilege.ContributesPortnox Clear can control network access and segmentation based on associated group policy.
2193: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineEmployee access to systems and confidential data provides for separation of duties.ContributesPortnox Clear can control network access and segmentation based on associated group policy.
2203: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineElevated privileges (e.g., administrator privileges) are limited and tightly controlled (e.g., assigned to individuals, not shared, and require stronger password controls).ContributesPortnox can monitor who had administrative privlidges on local systems and alert on changes
2233: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineIdentification and authentication are required and managed for access to systems, applications, and hardware.ContributesPortnox Clear can control network access and segmentation based on associated group policy.
2273: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineProduction and non-production environments are segregated to prevent unauthorized access or changes to information assets. (*N/A if no production environment exists at the institution or the institution’s third party.)ContributesPortnox manages the segementation of systems between environment – thus creating the basis for segregation between production and non-produiction systems.
2293: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineAll passwords are encrypted in storage and in transit.ComplyPortnox own passwords and usage of passwords comply with that requirment.
2303: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineConfidential data are encrypted when transmitted across public or untrusted networks (e.g., Internet).ContributesAll communication with Portnox Clear is TLS encrypted.
2313: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineMobile devices (e.g., laptops, tablets, and removable media) are encrypted if used to store confidential data. (*N/A if mobile devices are not used.)MeetsPortnox Clear provides real-time endpoint compliance validation against a defined policy. The risk policy can include validation that endpoint encryption is enabled and if not, alerts can be generated and device access can be limited or restricted.
2323: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineRemote access to critical systems by employees, contractors, and third parties uses encrypted connections and multifactor authentication.MeetsPortnox Clear can elevate existing remote access with zero-trust. Full remote endpoint risk awareness, real-time remmediation to help assure remote end points stay compliant and 2FA for remote connecting devices.
2333: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementBaselineAdministrative, physical, or technical controls are in place to prevent users without administrative responsibilities from installing unauthorized software.MeetsUnauthorized aoftware are notified immidiatly when they are installed and thus actions can be taken to uninstall them
2413: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementIntermediateThe institution has implemented tools to prevent unauthorized access to or exfiltration of confidential data.ContributesPortnox Clear supports endpoint risk and remmediation policies that can assure removable storage is not connected to company issues devices.
2443: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementIntermediateAll physical and logical access is removed immediately upon notification of involuntary termination and within 24 hours of an employee’s voluntary departure.ContributesIntegration with Directory Services. Changes propergate to Clear
2453: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementIntermediateMultifactor authentication and/or layered controls have been implemented to secure all third-party access to the institution’s network and/or systems and applications.MeetsAbility to place contractors on specific network segment/VLAN.
2483: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementIntermediateControls are in place to prevent unauthorized access to collaborative computing devices and applications (e.g., networked white boards, cameras, microphones, online applications such as instant messaging and document sharing). (* N/A if collaborative computing devices are not used.)ContributesPortnox Clear supports endpoint risk and remmediation policies that can assure only authorized USB devices are connected to company issued endpoints.
2513: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementInnovativeAdaptive access controls de-provision or isolate an employee, third-party, or customer credentials to minimize potential damage if malicious behavior is suspected.MeetsPolicy based dynamic VLAN assignment.
2543: Cybersecurity Controls1: Preventative Controls2: Access and Data ManagementInnovativeThe institution is leading efforts to create new technologies and processes for managing customer, employee, and third-party authentication and access.ContributesPortnox Clear provides network access controls that can support employee, customer and third-party access requirements.
2563: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityBaselineControls are in place to restrict the use of removable media to authorized personnel.MeetsGroup level policy controls to allow only authorized USB devices.
2573: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityEvolvingTools automatically block attempted access from unpatched employee and third-party devices.MeetsRisk based access controls includes OS patch validation.
2583: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityEvolvingTools automatically block attempted access by unregistered devices to internal networks.MeetsOnly authorized, authenticated and risk compliant devices can get network access. Others access denied.
2593: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityEvolvingThe institution has controls to prevent the unauthorized addition of new connections.MeetsPortnox assures only authorized valid devices are able to access the network. Unauthorized devices are denied access or moved to a guest or other VLAN based on policy.
2603: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityEvolvingControls are in place to prevent unauthorized individuals from copying confidential data to removable media.MeetsGroup level policy controls to allow only authorized USB devices.
2613: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityEvolvingAntivirus and anti-malware tools are deployed on end-point devices (e.g., workstations, laptops, and mobile devices).ContributesRisk and remmediation policy can assure AV us deployed, running and updated.
2633: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityEvolvingThe institution wipes data remotely on mobile devices when a device is missing or stolen. (*N/A if mobile devices are not used.)MeetsPortnox has options to remote wipe mobile devices.
2653: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityIntermediateMobile device management includes integrity scanning (e.g., jailbreak/rooted detection). (*N/A if mobile devices are not used.)MeetsPortnox mobile risk validation includes check if jailbroken/rooted.
2673: Cybersecurity Controls1: Preventative Controls3: Device / End-Point SecurityAdvancedEmployees’ and third parties’ devices (including mobile) without the latest security patches are quarantined and patched before the device is granted access to the network.ContributesPortnox risk policy can check patch status and either block or place in quarantine VLAN.
2843: Cybersecurity Controls2: Detective Controls1: Threat and Vulnerability DetectionBaselineAntivirus and anti-malware tools are used to detect attacks.ContributesPortnox risk policy checks continiously the existence of those tools on the endpoints
2893: Cybersecurity Controls2: Detective Controls1: Threat and Vulnerability DetectionEvolvingAntivirus and anti-malware tools are updated automatically.MeetsPortnox risk policy checks continiously the configuration and the automatic update of those toold on the endpoints. It can also remidiate issues with that configuration automatically.
3073: Cybersecurity Controls2: Detective Controls2: Anomalous Activity DetectionEvolvingLogs provide traceability for all system access by individual users.ContributesPortnox provides logs associate with all authorized network access as well as alerts/logs of unauthoirzed access attempts.
3173: Cybersecurity Controls2: Detective Controls2: Anomalous Activity DetectionAdvancedA system is in place to monitor and analyze employee behavior (network use patterns, work hours, and known devices) to alert on anomalous activities.ContributesPortnox Clear awareness of network access, users/devices, etc. can contribute to meeting this requirement.
3203: Cybersecurity Controls2: Detective Controls2: Anomalous Activity DetectionInnovativeThe institution has a mechanism for real-time automated risk scoring of threats.ContributesPortnox Clear support risk/compliance awareness of company employee
3213: Cybersecurity Controls2: Detective Controls2: Anomalous Activity DetectionInnovativeThe institution is developing new technologies that will detect potential insider threats and block activity in real time.ContributesPortnox Clear allows only authorized compliant devices on to the network/network segment based on policy.
3233: Cybersecurity Controls2: Detective Controls3: Event DetectionBaselineMechanisms (e.g., antivirus alerts, log event alerts) are in place to alert management to potential attacks.ContributesPortnox Clear provides alertson all network access (allowed or denied) and can integrate with existing SIEM.
3243: Cybersecurity Controls2: Detective Controls3: Event DetectionBaselineProcesses are in place to monitor for the presence of unauthorized users, devices, connections, and software.MeetsPortnox Clear is aware of any/all devices connecting to the network. Unauthorized devices can be blocked or moved to a specified segment (i.e. internet only, etc.).
3263: Cybersecurity Controls2: Detective Controls3: Event DetectionBaselineThe physical environment is monitored to detect potential unauthorized access.MeetsPortnox Clear is aware of any/all devices connecting to the network. Unauthorized devices can be blocked or moved to a specified segment (i.e. internet only, etc.).
3273: Cybersecurity Controls2: Detective Controls3: Event DetectionEvolvingA process is in place to correlate event information from multiple sources (e.g., network, application, or firewall).ContributesPortnox Clear provides alertson all network access (allowed or denied) and can integrate with existing SIEM.
3293: Cybersecurity Controls2: Detective Controls3: Event DetectionIntermediateEvent detection processes are proven reliable.Contributes
3303: Cybersecurity Controls2: Detective Controls3: Event DetectionIntermediateSpecialized security monitoring is used for critical assets throughout the infrastructure.ContributesPortnox Clear is aware of any/all devices connecting to the network. Unauthorized devices can be blocked or moved to a specified segment (i.e. internet only, etc.).
3313: Cybersecurity Controls2: Detective Controls3: Event DetectionAdvancedAutomated tools detect unauthorized changes to critical system files, firewalls, IPS, IDS, or other security devices.ContributesPortnox Clear support real-time endpoint remmediation helping to assure enduser devices stay in a compliant state (make sure FW is running, AV, etc.).
3323: Cybersecurity Controls2: Detective Controls3: Event DetectionAdvancedReal-time network monitoring and detection is implemented and incorporates sector-wide event information.MeetsPortnox Clear is aware of any/all devices connecting to the network. Unauthorized devices can be blocked or moved to a specified segment (i.e. internet only, etc.).
3333: Cybersecurity Controls2: Detective Controls3: Event DetectionAdvancedReal-time alerts are automatically sent when unauthorized software, hardware, or changes occur.ContributesPortnox Clear support real-time endpoint remmediation helping to assure enduser devices stay in a compliant state (make sure FW is running, AV, etc.). Alerts to any changes and resulting remmediation actions are logged.
3353: Cybersecurity Controls2: Detective Controls3: Event DetectionInnovativeThe institution is leading efforts to develop event detection systems that will correlate in real time when events are about to occur.ContributesPortnox Clear is aware of any/all devices

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com

About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

Back How Often Should You Patch?

How often should we apply patches and who is responsible for patch management? This article will shed more light on software patching.

Continue reading

ESET joins ranks as a CVE Numbering Authority (CNAs)

BRATISLAVA – June 24, 2021 – Working in concert with Common Vulnerabilities and Exposures (CVE®) Program, ESET, the leading Europe-based endpoint protection platform vendor, is authorized by the CVE Program as a CVE Numbering Authority (CNA).

Organizations designated as CNAs are responsible for the assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE record.

The status means that ESET will be able to publish CVE records, including the CVE ID, descriptor, and references concerning vulnerabilities discovered in its own products and those discovered by ESET researchers in third-party products not covered by other CNAs. As a CNA, ESET can better fulfill its leadership role in innovating security technologies and product R&D and promoting high security standards in the broader IT ecosystem.

“Engaging in the international, community-driven Common Vulnerabilities and Exposures (CVE®) Program brings us closer to our goal of supporting ongoing collaboration with the wider cyber security sector, as well as academic, business, and government stakeholders. Simultaneously, it allows our internal security and R&D teams to more efficiently and consistently address security weaknesses wherever they may be, and to remain proactive in fighting vulnerabilities and threats,” says Daniel Chromek, chief information security officer at ESET.

ESET is a strong believer in, as well as a practitioner of, the coordinated vulnerability disclosure process and publicly credits security vulnerability reporters for their efforts (if they do not wish to remain anonymous). If you have interest in hunting for vulnerabilities, or other security issues, in ESET products or websites, read more about our partnership with HackTrophy, or find out more here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Monitor all clients’ backups in the Cloud

14.06.2021 Nyon – Actiphy is simplifying the monitoring of backup jobs with a new online portal designed mainly for IT Resellers and Managed Service Providers. Actiphy Portal Service (APS) has been specially designed with IT Channel Partners in mind, to monitor clients’ backup infrastructure and generate reports from a single location on the web. It is a free!

Actiphy Portal Service is a powerful cloud-based help for IT Partners’ daily management of backup tasks. This tool is free of charge and does not require users from switching to more expensive backup licences, as other backup and DR competitors often require.

Service Providers who already use ServerEYE, Solarwind (Acmeo), PRTG Pässler or others to monitor their systems, should continue to use their Remote Monitoring and Management tools as they inspect all areas outside of backup. Should technicians wish to know more details about backup tasks, they can get more information with the APS console. A perfect synergy!

The missing piece for IT Resellers and MSPs.

The existing local console is taken to the Cloud with APS and IT Partners no longer need to use VPN connections to monitor all their clients.

APS completes the Business Continuity offering of Actiphy. It is the perfect addition to the latest free adds-on from Actiphy: automated backup testing (creation, consistency, and backup file bootability) as backup isolation which protects backup files from being encrypted by ransomware once they have been created. With the additional APS Cloud-based portal, SMBs are offered a complete Business Continuity solution at a very affordable price. SMBs have all the tools to protect their data and assets in this post-pandemic time.

IT Channel partners who do not yet use a Remote Monitoring and Management tool to centrally monitor backups of all their clients now have a free option to do so with Actiphy Portal Service.

How to get Actiphy Portal Service?

Register to Actiphy Portal Service beta programme on the following link: https://landings.actiphy.eu/en/missing-piece     

No specific system requirements are needed to use Actiphy Portal Service and all ActiveImage Protector agentless and agent-based clients with a direct https internet access to the cloud-based portal location can be monitored.

What can you already do with Actiphy Portal Service?

  • – Dashboard: General information about the status of agents and storage, and any problems that may have been detected in the past 7 days.
  • – Sites: Create a site to group agents for reporting purposes. The portal was designed with MSP resellers in mind, each site can represent a physical location of agents to be managed, or a company.
  • – Users: Create, remove or temporarily disable users. The current beta version only supports creating users of the type “Admin”.
  • – Licencing: general state of agent licenses and get an overview of license status.
Actiphy Portal Service dashboard

What is the future of Actiphy Portal Service?

The full version will be released after having taken into considerations all feedback received during beta-testing.

Once the full version is release, the Japanese head-quarter of Actiphy plans to continue developing APS and to make it more of a management console in the future, with installing, upgrading, and configuring everything from the Cloud. Exciting time ahead!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Actiphy
Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.