Skip to content

What Is the Difference Between IAM and PAM?

It is important to know the differences between IAM (Identity & Access Management) and PAM (Privileged Access Management). However, this theme still raises doubts for some people.

First, it is necessary to understand that the need to obtain an identity is essential. 

After all, it is important to know that it is not defined only based on personal documents anymore. 

In fact, identity is constituted through several characteristics capable of affirming who we are and the types of activities we perform.

Thus, several issues make up our identification such as name, biometrics, among other attributes that help build a unique identity.

Based on this, without detecting these characteristics, it would be impossible to recognize a person among the large number of individuals that inhabit planet Earth.

Regarding this aspect, have you ever imagined what would be the routine of an online system in which all users had the same identity?

So, imagine the following situation: Leo owns a company. When logging into the system, he seeks access to information relating to all employees in the organization.

Laura, who also works at the company, needs to enter the same platform to obtain information about the work she will perform, without necessarily seeking information regarding the clients.

But how will the system be able to provide the necessary information if it cannot recognize the identity of each one?

And how will the platform be able to identify authentic access?

This reality would also make it impossible to select the people who can have access to certain functions within the system in question.

Interesting, isn’t it?! So, I invite you to keep reading this article.

IAM: What Is It?

Based on the concern regarding identity issues, IAM has emerged, which can be understood as Identity and Access Management.

This system makes it possible to manage the most diverse identities and accesses related to company resources.

These resources can be understood as devices, environments, applications, network files, among other possibilities.

In other words, through IAM, it is possible to have optimal management and definition of the activities each user will be able to perform within the system.

These users can be clients, internal employees, third-party workers, or some applications.

One can see that, regardless of the type of user, IAM systems defend the concept that each individual must have their own virtual identity.

Therefore, it must be unique and needs to be monitored based on its life cycle, thus considering its creation, use, and exclusion stages.

From this perspective, the virtual identity presents the username, a password, and the activities carried out virtually.

IAM contains certain application models. One of the most common is the system as a service.

It is called IDaaS (Identity as a Service).

This process occurs when the authentication infrastructure is supported and managed by third parties.

Generally speaking, there are many application models today. However, every IAM system must have:

  • An efficient database to store information from the most diverse users.
  • Tools that provide the ability to enable and disable accounts.
  • Features capable of granting and revoking access rights to users.

In other words, IAM systems can manage digital identities.

The goal is to ensure access permission to users who, in fact, have authorization.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Global pandemic accelerates innovation in the public sector

Having an open, safe and efficient digital administration is the new objective of every Government these years. Although the recent pandemic may have hampered any master plan for system evolution and optimization, there is still some hope. The hybrid Cloud reaches the public sector, among other advances. We’ll tell you all about it in our blog!

The pandemic strengthens the hybrid cloud in the public sector

“The Cloud”, that abstract fantasy, has made possible large-scale government teleworking (so much so that “IDC ensures that 74% of government organizations worldwide will switch to remote work in the future”), in addition to giving institutions the opportunity to test new applications and experiment with them. Being the advantages of scalability and the safety benefits the first objectives.

The public sector, like so many others, got down to work when the shackles of Covid-19 fell on them. Like concert halls or gyms, they had to get reinvented, and soon after new online platforms arrived and heavy investments were made in Artificial Intelligence, Cloud-based management systems and other transformative solutions that give a break to organisms collapsed by difficult conditions. In fact, IDC Research Spain has confirmed that “40% of the public sector already works in a hybrid cloud environment compared to 90% of private companies”. This shows, indeed, that Public Administrations are heading towards new models.

The Hybrid Cloud in the public sector

So, we can say that damn Covid-19 accelerated not only masks sales, but also the adaptation of the most cutting-edge technologies to governments. They were suddenly aware, for example, as we say, of the possibilities of the Hybrid Cloud. Due, of course, to the rising popularity of hybrid IT environments; that although we know that they can be difficult to manage at high scale, and that they require specific capacities, they will always be welcome from now on.

What caused the skepticism regarding Hybrid Cloud in the public sector? Well, surely it was because the governmental institutions throughout the planet faced several and notorious obstacles related to the subject. Ensuring a high-performance infrastructure is no easy task, for example. Certain types of traditional monitoring technologies do not work in such heterogeneous ecosystems. In addition, sometimes, the speed at which some tools are deployed in the Cloud can lead to security problems.

Optimize Hybrid Cloud Management in the public sector

But is it all over? Do governments have nothing to say in the face of these “different and notorious obstacles”? Relax, as the highest paid coaches and cartoon heroes show us, there is always hope, even to optimizehybrid Cloud management in the public sector.

A new approach

From Pandora FMS, a company devoted to delivering the best monitoring software in the world, we tell you: NOT ALL MONITORING TECHNOLOGIES WORK THE SAME.. Many are either designed for local data centers or for the Cloud, but not both. This is where lots of improvements can be made and IT experts must intervene, especially to prioritize a plan for monitoring hybrid environments. Always with a vision of the general state of the systems, the performance and the security of the network, the databases, the applications, etc. It seems that no one had the time or the necessary skills for this task, which ends up exposing organizations, especially regarding security.

The hybrid network

After being aware that investing time and efforts in Cloud services is necessary, the idea that connectivity and network performance are a key factor will come hand in hand, at least to guarantee the provision of quality services.

So we must address issues such as network latency, increased cloud traffic, interruption prevention, and any other problem, before they affect us and the end user.

It goes without saying that Software-defined wide-area network (SD-WAN) technologies play an obvious role in hybrid technologies and can help simplify network management tasks and avoid network overload.

Beware of identity and access control

No, it is not crazy to monitor who has access to what. We do it here and call it “Standard Security Practice”. However, when everything becomes a hodgepodge of employees/users/everyone having access, and you interact with data from a large number of sources, things get a bit complicated.

Indeed, rushing is not good at all, and the implementation of the Cloud is wished right away, “immediately”, so access controls sometimes bear the brunt and remain a vulnerable point. So, you only have to take your chances on multi-factor authentication, as an improved official replacement for passwords for digital access.

Zero-trust frameworks, network segmentation, and new security practices for the provider are other healthy practices to better be safe than sorry and help protect the assets hosted in our hybrid environment.

New skills, new mindset

Big changes need small changes. The capabilities and skills that are necessary for managing the hybrid Cloud are far from those that are needed for a local infrastructure. The data center is already an abstraction of what it was and what IT teams know well. Technology is the future, but also the most current present, and if government institutions do not develop the adequate and necessary capacities to support such technology, there will be neither a well-managed hybrid cloud, nor anything to do in areas such as monitoring and security.

Conclusions

As we started saying, the global pandemic of Covid-19 has justified and potentiated the modernization of technology, and accelerated adaptation to the Cloud and IT environments, but there is still a long way to go for these services to be really used by institutions and their citizens. And this should be a priority, as well as its good performance, accessibility and security. At the appropriate time, supported by the necessary investment and work, I am sure the Cloud will reveal itself in all its splendor showing us its full potential.

Would you like to find out more about what Pandora FMS can offer you? Find out clicking here . If you have to monitor more than 100 devices, you can also enjoy a FREE 30-day Pandora FMS Enterprise TRIAL. Installation in Cloud or On-Premise, you choose !! Get it here.

 

Last but not least, remember that if you have a reduced number of devices to monitor, you may use Pandora FMS OpenSource version. Find more information here .

 

Do not hesitate to send your questions. The great team behind Pandora FMS will be happy to assist you! And if you want to keep up with all our news and you like IT, release and, of course, monitoring, we are waiting for you in our blog and in our different social networks, from Linkedin to Twitter through the unforgettable Facebook . We even have a YouTube channel , and with the best storytellers. Ah well, we also have a new Instagram channel ! Follow our account, we still have a long way to go to match that of Billie Eilish

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

ESET presents plans for ESET Campus; innovation and technology hub in the heart of Europe

Bratislava, November 29, 2021 – ESET, a global leader in cybersecurity, unveiled its plans for the previously announced ESET Campus – an innovation and technology hub based in its headquarters’ city, Bratislava, Slovakia. The 55,000 m2 campus designed by world-renowned architectural studio BIG-Bjarke Ingels Group will house the company’s new headquarters and will become a center of excellence, creating a strong cybersecurity, AI and innovation ecosystem for Slovakia and Central Europe.

Reflecting the shifting post-pandemic working patterns and the wishes of its employees, ESET Campus is being built to be fit-for-purpose for employees, customers and partners, and their business needs. The Campus’ core function for being a welcoming work environment is going to be supported by a whole array of facilities and amenities for ESET and the local community. Richard Marko, Chief Executive Officer for ESET, said: “I envision the ESET Campus as a creative hub where bold cybersecurity solutions come to life so that we all can enjoy the vast potential of advanced technologies. By building an inclusive, diverse, green and collaborative workplace fit for the future, we are addressing the pressing needs of our employees, customers, partners and our communities. We will continue our strong alignment with societal needs in order to support science, education and innovation.”

ESET campus will be built on the principles of functionality and ecology by being sustainably built, sustainably operating and responsibly reporting on its results. The business has already taken the first step towards reporting on its carbon footprint which has seen a 40 per cent decrease in carbon emissions in 2020. Palo Luka, Chief Operating Officer for ESET, said: “We believe it’s crucial for ESET to lead by example in innovation and technology. We will ensure that our Campus houses the latest technologies, clever and efficient solutions to achieve the highest levels of sustainability. We will aim for a carbon neutral campus operation, but we’ve got an ambition to also reduce the embodied carbon by building it in the most sustainable way possible, and we believe our partnership with BIG will help us achieve this.”

Bjarke Ingels, founding partner of BIG, presented the finalized plans to the city officials and the public in Bratislava on Wednesday 24th November at a press conference. Ingels said: “The new ESET HQ materializes the brief and challenge we got from the ESET leadership as literally as possible – the architecture is not only ecologically and economically sustainable, it is also socially sustainable: rather than a single hermetic entity, we have dissolved the new campus into a series of buildings framing a central square. An abundance of public spaces, pathways, and human-scale pavilions welcome ESET employees, university students and citizens of Bratislava to gather, exchange knowledge and enjoy. The architecture of the campus can expand organically over time but also feels as a single unified identity that is open, integrated and accessible to the community from day one. We’re excited for the new ESET HQ to be part of the city’s transformation towards a more engaging public realm and we believe the new ESET HQ has the true potential to become the seed for a new innovation district the city deserves.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About BIG – Bjarke Ingels Group
BIG-Bjarke Ingels Group is a Copenhagen, New York, London, Barcelona, and Shenzhen-based group of architects, designers, urbanists, landscape professionals, interior and product designers, researchers and inventors. The office is currently involved in projects throughout Europe, America, Asia and the Middle East. BIG’s architecture emerges out of a careful analysis of how contemporary life constantly evolves and changes. By hitting the fertile overlap between pragmatic and utopia, architects once again find the freedom to change the surface of our planet, to better fit contemporary life forms.

Is Nmap Safe?

Nmap is a network scanning tool that can scan large networks as well as single hosts quickly. Network administrators normally use it to identify the devices that are currently running on the system, the port number on which the devices are connected and the free ports that can be used.

Continue reading

ISO 27001: 4 Reasons to Implement It in Your Company

Leaving data unprotected ends up putting business continuity and your clients at risk.

Therefore, it is necessary to implement standards that aim to make information more secure.

One of the best known among them is ISO 27001 , responsible for dealing with Information Security aspects of several companies.

There are many advantages to following this high standard of quality, with the benefits going far beyond security.

Optimization of procedures and increase in company profit are just some of them.

Do you want to know 4 reasons to implement this in your company? So check out this article.

It Reduces Costs in Your Company

The ISO 27001 standard also helps in implementing policies to organize and improve business processes.

This ends up causing a reduction in costs , resulting from the implementation of a good security and management system.

By having a clear vision of strategic management, it is possible to reduce risks considerably.

Therefore, resources that would be spent on repairs are saved by the company.

This directly influences the company’s cash, reducing costs with this type of situation, especially considering that the expenses to resolve any data security issue are always very high.

Thus, eliminating the risk of spending on this issue also makes the situation more comfortable for the company.

Given this scenario, it becomes a no-brainer to see why ISO 27001 is so important to companies.

Having more efficient management improves the company as a whole, and this has a direct influence on cash.

As we will see below, this is also important even for attracting potential new clients.

Showing that your company follows good market practices can be the missing difference to leverage your business.

ISO 27001 Gives Greater Credibility in The Market

Having an ISO 27001 certification shows that your company is seeking total security in its procedures and total commitment to Information Security , which is reflected as a great advantage in the market.

Showing potential clients that your company values data security demonstrates seriousness.

The chances of being able to close a deal increase when you have ISO certification.

When compared to a company that does not have certification, for example, the one that has certification will definitely stand out.

Data preservation is essential for large companies, and for this reason, ISO 27001 is seen as a differentiator.

Passing trust and credibility to potential clients is a way to be able to stand out from your competitors.

Given that data is now considered the new oil, it is critical to ensure no data is stolen.

Companies not dedicating resources to this area run serious risks, in addition to putting their clients at risk.

And because of that, companies that seek to meet the requirements of the ISO standard are standing out in the market.

Efficiency and security are essential for closing deals, regardless of a market niche.

But since we are talking about Information Security, be sure to check out this article that addresses the pillars of the area.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

The Ultimate Combo: Artificial intelligence and data centers

How artificial intelligence helps in data centers

Data centers have become an essential element within new technologies, if we add to that the current capabilities of artificial intelligence we have a perfect, superhero pairing, capable of providing us with all kinds of advances and benefits. Yes, we can shout it to the wind: “Blessed is the time in which we live!”

The future: smart data centers

For artificial intelligence to be devoted to scaring us to death through iconic movies like 2001 or Terminator is a thing of the past, today it has other, much more interesting and practical purposes. For example, crowning itself by playing a fundamental role in data processing and analysis. Yes, that’s her, the futuristic AI, increasingly faster, more efficient and, now, necessary to manage data centers.

We know that data is already the element that moves the world. An essential requirement for any operation, be it institutional, business, commercial… This makes data centers one of the most important epicenters of digital transformation. After all, in their physical facilities you may find the equipment and technology that sustains, among other things, the information on which the world economy depends. Centers that store seamlessly data backup and recovery with just one hand, while supporting Cloud applications and transactions with the other. Therefore, they guarantee an ideal climate for investment and opportunities, they boost the economy and encourage and attract a large number of technology companies. They are almost the center of the digital revolution.

Although data centers are not without problems. It is estimated that in the future, three or four years from now, 80% of companies will close their traditional data centers. It’s not foresight madness if you consider the myriad of inconveniences traditional data centers face. I mean a certain lack of preparation for updates, infrastructure problems, environmental deficiencies, etc. But don’t worry, as for so many things, there is a vaccine, a remedy, to take advantage of the advances in artificial intelligence to improve, as far as possible, the functions and infrastructure of data centers.

Forbes Insights already pointed it out in 2020: AI is more than poised to have a huge impact on data centers. In its management, productivity, infrastructure… In fact, they already offer potential solutions to data centers to improve their operations. And data centers, already upgraded by artificial intelligence capabilities, process AI workloads more efficiently.

Power Usage Effectiveness, PUE

As you may guess, data centers consume a lot of energy, which is why an artificial intelligence network is necessary to increase the efficiency of energy use (PUE). The Power Usage Effectiveness or PUE, also equivalent to the total electrical power of the CPD or the total electrical power consumed by the systems, is a metric to calculate the efficiency of data centers.

A couple of years ago, Google was already able to achieve a consistent 40% reduction in the amount of energy used for cooling by deploying Deepmind IA in one of its facilities. This achievement equates to a 15% reduction in overall PUE overload, once electrical losses and other non-cooling issues have been accounted for. It produced the lowest PUE they had ever seen. And the thing is that Deepmind analyzes all kinds of variables within the data center to improve the efficiency of the energy used and reduce its consumption.

Can Smart Data Centers be threatened?

Yes, data centers can also suffer from cyber threats. Hackers do their homework, always finding new ways to breach security and sneak information from data centers. However, the IA once again shows its guts and resources, and learns from normal network behavior to detect threats based on possible irregularities in such behavior. Artificial intelligence can be the perfect complement to the current Security Incidents and Event Management (SIEM) systems, and analyze the inputs of the multiple systems and the incidents, devising an adequate response to each unforeseen event.

Effective management

Through the use of intelligent hardware and IoT sensors, artificial intelligence will show us the effective management of our data center infrastructure. It will automate repetitive work, for example. Activities such as temperature monitoring or the status of the equipment, security, risks of all kinds and the management of refrigeration systems. In addition to carrying out predictive analysis that will help distribute the work among the company’s servers. It will also optimize server storage systems and help find potential system failures, improve processing times, and reduce common risk factors.

AI systems have already been developed that automatically learn to schedule data processing operations on thousands of servers 20-30% faster, completing key data center tasks on the go twice as fast during times of high traffic. They handle the same or higher workload faster using fewer resources. Additionally, mitigation strategies can help data centers recover from data disruption. This immediately turns into a reduction in losses during the interruption and our customers giving us a wide smile of satisfaction.

Well, what do you think of this special union, this definitive combo that artificial intelligence and data centers are and will be? Do you think something can marinate better? Data centers and the Cloud ? N-Able and Kaseya? ,White wine and seafood? Condensed milk and everything else? Leave your opinion in the comments!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

This Thanksgiving, Be Thankful for OT Security

Thanksgiving – when families get together and express gratitude for everything they have over some food and hopefully some football. For most families and especially security teams, this is a time for looking back to evaluate the past year and to give thanks for how far we’ve come. 

When looking back at the past 12 months for the OT security community, it was a challenging year as the industry was bombarded with increasing amounts of successful ransomware attacks on industrial and critical infrastructure organizations. Instead of highlighting the attacks, we believe it’s better to focus on the different aspects of OT security that we are truly thankful for. 

Here at SCADAfence, we are grateful for all the efforts and innovation put in by our team and the collective OT security community. The sleepless nights and ongoing devotion to improving OT network visibility and security for industrial organizations is something everyone can be thankful for this thanksgiving. 

From the increasing awareness of IT-OT convergence to the US Government emphasizing the security risks that relate to OT environments, 2021 is a clear example that OT security is headed in the right direction and getting growing awareness by board members & C-level executives worldwide. 

As we look at last year and move forward, here are the 5 reasons why we are thankful for OT security. 

IT-OT Convergence

Just like on Thanksgiving, some family members might not see eye to eye at first but by the end of the night, everyone is happy and in agreement. This yearly experience is very relatable for security experts in IT and OT teams as they need to work together when it comes to the responsibility of OT security and converging networks.  

Up until recently, IT and OT teams rarely worked together as OT security teams were not in charge of advanced threats and IT security. With the advancement of operational technology and the adoption of industrial IoT devices, the need to converge IT and OT networks and systems is becoming more popular by the day with industrial organizations. 

With the increasing usage of IP-based communications with OT devices, there is a bigger challenge between IT & OT teams in understanding who is in charge of securing OT systems and this has created a cultural divide between teams. IT and OT teams’ technical barriers and lack of clear ownership are the key challenges why IT and OT teams are less open to working together. While the awareness of this challenge is increasing, we are seeing more organizations invest in technologies and governance platforms to ensure improved collaboration as they see that proper IT-OT convergence is a crucial aspect of their cyber security program.

Similar to families making up at the end of the Thanksgiving dinner, when IT & OT teams both come to the mutual table to wine and dine, it can result in improved visibility and transparency for an organization’s complete network security. At SCADAfence we have seen many of our customers adopt a seamless IT-OT convergence approach including one of the leading oil and gas organizations who are experiencing complete network visibility to all 71 of their global production sites.

OT Detection & Response

As industrial organizations become more interconnected, they potentially have more exposure to vulnerabilities. The high cost of industrial equipment and the damages to communities and economies that an attack could cause are key factors for organizations who are looking to protect their industrial networks. In addition, aging legacy equipment in factories, safety regulations that forbid any modifications being made to equipment and industry compliance regulations have created quite the challenge for OT teams.

Despite all of this, it is possible to secure industrial networks without disturbing regular operations and without risking non-compliance. By using OT security solutions that provide continuous threat detection and establishing the right security policies, OT security teams can put an effective OT strategy in place that will protect their organization’s processes, people and profit while significantly reducing security incidents and vulnerabilities.

Asset Inventory Management 

Effective cyber security in OT requires a deep foundation of asset information. Until recently OT teams didn’t have the resources or tools to maintain such an assets inventory. When organizations don’t deploy asset inventory management within an OT environment it creates a major visibility hole as they won’t know the security status of their environments. 

In some cases, industrial organizations will only create a simplified asset inventory to detect the data for security tasks. Organizations need to change their approach to asset inventory management and see it as the foundation of their OT security program.  

When detecting new vulnerabilities in OT networks and devices, organizations rely on their asset inventory to decide the severity of the vulnerability, how to patch the device and how it affects their environments. With an automated asset inventory, industrial organizations will increase the productivity and efficiency of their OT teams by quickly managing their assets data to detect and protect their environments all in one dashboard.  

Governance and Compliance 

Compliance regulations in OT are another aspect for security leaders to be thankful for as it is crucial for the security and production of industrial organizations. In recent years, there has been a growing demand for standards and guidelines to manage the risk exposure of OT infrastructures. IT and OT departments, who typically manage the cyber security standards across the organization, are now required to monitor the compliance of these standards across the various OT locations. On the other hand, the information provided today by the various IT tools is dispersed and is technical in nature. This makes the ability to translate them into risks and to prioritize actionable mitigations, very challenging and time-consuming. 

Organizations need to automate the governance processes with a solution that enables the IT and OT departments to centrally define and monitor the organizational adherence to organizational policies and to OT-related regulations. The solution should be configured and managed from a central location and aggregates compliance information from all sites in the organization. It also connects to other security systems, providing a cross-organizational, comprehensive compliance posture. 

OT Remote Access

Industrial organizations have undergone an evolution where most OT environments were isolated systems and now most OT systems are interconnected to the internet. This is occurring due to organizations deploying new technology that allows increased remote access management to OT systems. 

By providing remote access to OT systems it creates an advantage for industrial organizations but it also comes with more risks. By increasing the connectivity of OT systems and devices to the internet it can result in exploitation via cyber attacks. The constant increase of attacks on critical infrastructure and the convergence of IT and OT systems has quickly increased the adoption of remote access security in critical infrastructures and industrial organizations.

To fight off remote access security risks within OT environments, organizations need to deploy OT security solutions that come integrated with remote access features that are specifically designed for OT environments. By deploying an OT security platform that integrates remote access security that does not require any changes in network architecture, it will ensure that the OT systems are properly configured to detect and correlate remote user activity and detect if there is any malicious network activity.

Lastly, all of us at SCADAfence would like to thank our readers. It’s a privilege to share our passion for a subject with fellow security-minded folks. We wish everyone who’s celebrating a safe and happy Thanksgiving!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

ESET cybersecurity survey amongst internet users in APAC reveals large gap between threat awareness and taking action

Three out of five respondents in APAC have experienced a cyberattack or online threat with common forms being malware (17%), theft of personal data (13%) and social media breach or duplication (11%).
Only 23% respondents have installed free or paid antivirus/ security app on their mobile devices.
Majority of parents have not spoken to their children about cybersecurity. 32% of parents from Thailand and 25% from Hong Kong said that their children have been exposed to inappropriate content online.
11,200 respondents from Hong Kong, India, Indonesia, Malaysia, Singapore, Taiwan, and Thailand were surveyed.

SINGAPORE – November 22, 2021 – ESET, a global leader in cybersecurity, today released the results from its APAC Consumer Cybersecurity Survey, revealing that three in five (62%) respondents in APAC said they have experienced a cyberattack or online threat in the past 12 months. By analysing consumers’ habits based on previous online interactions, the survey provided a deeper insight on the awareness of basic cybersecurity threats and best practices of actions online. The survey was conducted earlier this year with 11,200 respondents from Hong Kong, India, Indonesia, Malaysia, Singapore, Taiwan, and Thailand.

While the pandemic has introduced a new paradigm in the way we live, work, learn, socialize and play, it has also resulted in consumers’ increased reliance on digital technologies and services, which is a major factor for cybercriminals to pursue illegal activities.

“As we continue to navigate challenges from the pandemic, the reliance on digital technology for various aspects of our daily lives will likely spill into the future. Our survey findings suggest that it is now common for internet users to encounter online threats. Therefore, it is critical that consumers are educated about the growing threats, and are aware of the steps they can take to protect themselves as well as their children when conducting online activities,” said Parvinder Walia, President of Asia Pacific and Japan, ESET.

Of the seven APAC markets surveyed, India (81%), Thailand (65%), and Taiwan (63%) had the highest number of respondents who have experienced a cyberattack or online threat. Across the surveyed markets, the most common forms were attributed to malware/virus attacks (17%), theft of personal data (13%), and social media breach or duplication (11%). Only about 23% respondents installed free or paid antivirus/security app on their mobile devices.

 

Figure 1: Respondents were asked if they experienced at least one cyberattack or online threat such as malware attack, theft of personal data and social media breach in the past 12 months

Consumers’ vigilance is critical as online shopping scams are rife
As people are increasingly dependent on the internet to work, communicate, shop and entertain themselves, scammers are also taking advantage of the new normal to lure victims. Around two thirds (67%) of surveyed respondents indicated that they have come across online scams.

Figure 2: The number of respondents who said they came across online scams

The most common types of scams were online shopping (21%), social media (18%), investment (15%). With close to half of surveyed respondents saying that they shop online at least once a month, it is critical for consumers to remain vigilant when engaging in online transactions.

Figure 3: The most common outcomes for online shopping scam victims across APAC

Moreover, more than half of the respondents in APAC trust the security measures by online retailers completely. 45% and 23% of respondents from Thailand and India respectively, also indicated that they would continue shopping at an online retailer even after a data breach, regardless of the security status thereafter.

To protect themselves from scams, consumers should take precautions when shopping online. Fortunately, more than 90% of surveyed respondents take some form of precaution when shopping online, with checking for product/seller reviews being the most popular method of assessing a retailer’s legitimacy across APAC.

Children are vulnerable and need guidance in an increasingly digital world
With the pandemic resulting in a hybrid model of learning, children’s risk exposure via devices and through various online platforms offering services ranging from collaboration, online learning and video streaming to online games and social media is growing. This puts them at greater risk of encountering online threats, and it is important to teach children the essential skills to remain safe while navigating in an online environment.

The survey revealed that 95% of respondents who are parents from Indonesia have never spoken to their children about cybersecurity, and this remains significantly high in the region – over three out of four (77%) respondents across APAC have never spoken to their children about the issue. To ensure that minors are protected in the digital world, parents should have a hand in demonstrating the threats that the online world poses. 32% of parents from Thailand and 25% from Hong Kong also said that their children have been exposed to inappropriate content online.

Figure 4: The number of respondents who said they have never spoken to their children about cybersecurity

Most parents (90%) in APAC did take actions to ensure their children’s online safety. Popular methods include limiting the amount of time their children spend online (31%), using parental control applications (29%) and checking what apps are installed on their children’s devices (24%).

For guides and tips on how to keep kids safe on the internet, please visit ESET’s Safer Kids Online at https://saferkidsonline.eset.com/.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Scale Computing Recognized on the 2021 CRN Edge Computing 100 List

INDIANAPOLIS – November 8, 2021 – Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, announced today that CRN®, a brand of The Channel Company, has named Scale Computing to its 2021 Edge Computing 100 list.

With the rising importance of business intelligence and data analytics, the ability to quickly collect and process that data is becoming a key differentiator for businesses of all sizes. At the same time, the need to expand corporate networks to encompass larger numbers of remote and hybrid workers makes securing the edge even more critical.

“IT leaders require the ability to run applications and process data outside centralized data centers or public cloud, at the edge of their network, closest to where that data is created and utilized. We understand these needs and have created solutions to centrally monitor and manage hundreds or even thousands of distributed edge deployments in today’s complex infrastructure environments,” said Jeff Ready, CEO and co-founder of Scale Computing. “We are very proud of the innovations we’ve made in technology, products, and partnerships that have positioned us as a leader. This recognition by CRN is a testament to the fact that we are dedicated to the channel and continue to deliver innovative, highly available, highly scalable, and simple solutions.”

Today’s companies require simple, affordable and easy-to-deploy IT infrastructure solutions to meet complex infrastructure environments and support a wide range of modern and legacy applications — both in the datacenter and at the edge. Scale Computing expanded its Edge Computing offerings earlier this year by introducing HC3 video surveillance and security solutions, optimized to consolidate video storage, video management, access control and analytics workloads. Scale Computing’s video surveillance offers autonomous self healing, providing hands-off resiliency to keep VMS recorders running and maintain access to previously recorded data even when hardware components fail.

Scale Computing’s award-winning HC3 Edge series enables on-premises edge computing with high availability and disaster recovery at remote locations at an affordable entry level cost. All edge models can be deployed quickly, managed locally or remotely, and can self-heal almost instantly.

The second-annual CRN Edge Computing 100 list spotlights the vendors leading the way in providing channel partners with the technology needed to build next-generation, intelligent edge solutions that ultimately bring data collection and processing closer to users. The categories include Edge Hardware, Software and Services; IoT and 5G Edge Services; and Security.

“CRN’s 2021 Edge Computing 100 list returns this year to recognize the leaders bringing the technology required for channel partners to build unique edge solutions that empower businesses to work better and smarter,” said Blaine Raddon, CEO of The Channel Company. “The contributions of these innovators continue to pave the way for the IT channel to deliver bold, progressive, and trusted offerings to its customers.”

The contributions of these innovators continue to pave the way for the IT channel to deliver bold, progressive, and trusted offerings to its customers.

CRN editors compiled the 2021 Edge Computing 100 list based on a variety of criteria, including feedback from solution providers during the year regarding the company’s impact on the market, the company’s overall influence on the channel, and the types of technology and services it makes available to partners. This recognition follows the ARC awards Scale Computing won this summer from CRN®, a brand of The Channel Company, in both the Edge Computing category and the Hyperconverged Infrastructure category. The company also swept all of the subcategories including Product Innovation, Support, Partnership, and Managed & Cloud Services in both Edge Computing and Hyperconverged Infrastructure.

CRN editors compiled the 2021 Edge Computing 100 list based on a variety of criteria, including feedback from solution providers during the year regarding the company’s impact on the market, the company’s overall influence on the channel, and the types of technology and services it makes available to partners. This recognition follows the ARC awards Scale Computing won this summer from CRN®, a brand of The Channel Company, had named Scale Computing a winner of the 2021 CRN Annual Report (ARC) Awards in both the Edge Computing category and the Hyperconverged Infrastructure category. This was the third consecutive year Scale Computing has been recognized as a CRN ARC Award winner. The company also swept all of the subcategories including Product Innovation, Support, Partnership, and Managed & Cloud Services in both Edge Computing and Hyperconverged Infrastructure.

The 2021 Edge Computing 100 list will be featured in a special November issue of CRN Magazine and online at www.crn.com/edge100.

CyberLink’s facial recognition engine FaceMe® to power LILIN’s connected devices, providing businesses with contactless access control management and visitor analytics

TAIPEI, TAIWAN – July 28 2020 – CyberLink Corp. (5203.TW), a pioneer in AI and facial recognition technologies, today announced it has formed a partnership with surveillance solution provider LILIN, leveraging new facial recognition technologies to create comprehensive smart security and retail solutions. CyberLink will license its FaceMe® facial recognition engine to LILIN, powering its NAV Facial Recognition Recorder, creating an all-in-one smart security, data analysis and warning solution.

With the combined technologies, LILIN’s connected video devices can provide businesses with a series of contactless solutions, such as granting verified personnel access to restricted areas within offices, factories or residential buildings through an opt-in photo identification system. The new offering can also provide retailers and hospitality operators with anonymized customer demographics to better understand their customer experience, such as identifying trending emotions patrons may feel when engaged in specific activities or visiting certain areas of a venue.

As the coronavirus pandemic continues to develop across the globe, CyberLink’s and LILIN’s joint facial recognition system uniquely provides businesses seeking contactless solutions the underlying technology to reduce the need for people to touch highly shared surfaces by replacing key cards or PIN passwords with biometric data.

“If there was ever a field worthy of continued research and innovation, it’s security,” said Dr. Jau Huang, CEO of CyberLink. “Without a doubt, LILIN is a global leader and manufacturer of IoT devices, and CyberLink is a worldwide pioneer developing facial recognition applications for connected devices. Together, we are setting a new standard for what makes a place secure by bringing to market new technologies that make our customers safer, and our businesses smarter.”

“LILIN has many years of smart security experience, providing insight into the market’s needs for creating a comprehensive intelligent security solution. LILIN is pleased to partner with CyberLink and integrates FaceMe® into our facial recognition system to strengthen smart retail, smart healthcare, smart factory, and smart business applications. Through continued efforts, I believe that LILIN will provide the most advanced total security solution for global customers.” said Mr. C.C. Hsu, LILIN’s President.

CyberLink and LILIN will host a webinar titled “Facial Recognition x Smart Security

Empowering Smart AIoT Applications”” on August 13, 2020 from 14:00-15:00 (GMT+8/Taipei time), further describing the many use cases enabled through the new product offering. For detailed event information and a registration link, please visit: https://is.gd/SfXQ7l

FaceMe’s® edge-based architecture empowers powerful, efficient processing, and higher levels of security compared to Cloud-based solutions. It supports more than 10 operating systems, including Windows, Android, iOS, and various Linux distributions such as Ubuntu x86, Ubuntu ARM, RedHat, CentOS, Yocto, Debian and JetPack. FaceMe’s® high accuracy, flexibility and security makes it the leading facial recognition engine available on the market today, and it is one of the world’s most accurate engines as deemed by the global standard NIST Facial Recognition Vendor Test.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com