Patch management is the process of acquiring, testing and installing updates on computers. It is mostly done by organizations as part of their internal efforts to fix issues with the different versions of software programs. Additionally, patch management also helps to evaluate existing software programs and detect any potential lack of security features.
Cyberattacks against mid-market and enterprise organizations are on the rise. From man in the middle (MitM), distributed denial-of-service (DDoS) and SQL injections, to zero-day exploits and phishing, cyberthreats are getting more sophisticated, more prevalent and more costly. But one type of cybercrime reigns supreme: ransomware.
Not-so-fun facts about ransomware today:
COVID-19 is not the only pandemic to emerge and gain a global stronghold as we push on into the 2020s. Ransomware has its tentacles everywhere. No network – corporate or personal – is immune. The financial damage being inflicted, especially at the corporate level, is only getting more and more severe. It has the potential to bring some institutions to their knees and send ripples through the global economy, eventually impacting the everyday consumer.
If we’re to right the ship, the castle walls around our ever-expanding networks must become stronger, more dynamic and more intelligent. It also requires vulnerable entities to step into the realm of psychology. What’s motivating these threat actors? What do we as an organization have that they want?
Stopping Ransomware Just as we wear masks and get vaccinated to protect ourselves from the threat of contracting COVID-19, we must take the proper precautions to limit or eliminate the possibility of a ransomware attack.
Know Your Enemy For most companies, the enemy (or hacker) just wants money. More rarely, they’re after corporate data for some personal gain – again, that could be to sell it or leverage it for other malicious initiatives that could be politically or ideologically motivated. Even more rarely, they’re just looking to tarnish your brand’s reputation.
Regardless of their intent, however, there is one simple commonality: they want to breach your network through clandestine means. The emphasis is on the network even if that network is not physical. Today, it doesn’t need to be. In 2022, your network is merely where your corporate endpoints are in use, and ultimately where data accessed via those devices is stored.
The attempt to understand the enemy has given rise to threat intelligence services that can help you profile your attackers. Such tools can determine whether these individuals have a hold on your network, endpoints and/or users. But threat intelligence alone isn’t enough – organizations need to know themselves, which requires a unified stack of security technologies and tactics that when deployed in conjunction with one another can thwart even the most sophisticated ransomware attack.
Know Your Organization Corporate endpoints serve as the initial entry points to any corporate network. These devices store proprietary, sensitive data – the hostage in this hostage taking scenario. To effectively secure the network requires instituting a bevy of endpoint security measures as part of a larger security posture strategy. Frameworks such as the CIS Critical Security Controls outline these best practices.
Ultimately, however, organizations can start with these basics:
If you follow those principles, you can win every battle. As legendary military strategist Sun Tzu wrote in his classic work, The Art of War: “If you know the enemy and know yourself; you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
When a given system is heavily accessed, it is recommended to invest in a load balancer.
This solves the problem of slowness caused by system overload as it distributes traffic among different web servers in the resource pool. Thus, you can optimize its performance and significantly reduce its response time.
In this article, we bring more details about this solution, which can be applied in hardware and software, alone or together. Our text is divided into items to make it easier for you to understand the subject. These are:
Enjoy it!
As mentioned in the introduction, a load balancer is intended to distribute traffic to different web servers in the resource pool. This way, it ensures no server is overloaded.
The consequence is the reduction of the server’s response time, which starts to work with maximum performance.
This is because this solution has the function of routing requests to the right places, providing performance and security for complex IT environments and the operations developed through them.
Let’s suppose you have three computers, but only two are operating, while the third is idle. In this case, load balancing will redistribute the workload between the equipment in order to ensure efficiency in their deliveries.
Using a load balancer is very beneficial for several reasons. Check out its main benefits:
When configuring or updating your network, you should create server clusters using the same application. In this way, you can remove a failed server from your system easily. What’s more, the load balancer also allows you to transfer the workload to a functioning server without causing problems.
This concept was created in 1990, with the proposal to enable the distribution of traffic in networks through specific hardware.
Subsequently, the development of Application Delivery Controllers (ADCs) provided more security to the load balancer, as new ways were sought to guarantee access to applications without interruptions and at any time.
ADCs can be: Hardware Appliance, Virtual Appliance, and Software Native Load Balancers. Today, ADCs created from software have the function of performing operations as hardware would and in a more scalable, functional, and flexible way.
Large workloads in cloud environments can overload a single server. For this reason, load balancing is ideal for ensuring operations are performed efficiently in this context.
Another important function of a load balancer is to ensure the scalability of a cloud: This is what provides more speed for servers and the execution of various applications through the distribution of traffic.
With load balancing, servers receive inbound traffic in a coordinated fashion. Thus, it is possible to avoid that some servers are overloaded while others are with zero traffic.
Moreover, a load balancer makes it possible to identify unavailable servers to direct traffic to those that are operating. That way, you can have infrastructures in different places, as long as you sign up with a cloud service provider.
This is critical as regions can experience natural disasters and become inoperable. In this case, traffic is directed to another region, which has not been impacted by the catastrophe.
A load balancer can also determine which server is likely to be overloaded in the least amount of time and share the traffic with others. This capability reduces the possibility of service becoming unavailable.
The more demands an organization has, the greater will be the traffic of employees, suppliers, partners, and clients.
As such, your cloud infrastructure must be able to support this load without becoming unavailable or reducing its responsiveness. That is the purpose of load balancing.
Load distribution is performed using an algorithm. This means the user has access to the websites using a URL associated with an IP and the load balancer, which directs the request to the server.
Load sharing is directly related to the type of algorithm used, and the four most known are:
This solution is adaptable to locations where the servers have the same features. On the other hand, the algorithm can assign overload to less powerful equipment.
Unlike traditional Round Robin, it works according to the capacity of each server, which is pre-set with a value. It works like this: While the most powerful can have a value of 10, it is possible to assign the least powerful a value of 1.
With that, the most powerful equipment will receive the greatest load. Therefore, this method is more recommended for use with different servers.
Round Robin and Weighted Round Robin do not work taking the number of connections the servers will handle into account. Thus, some servers can be overloaded, when receiving a backlog of connections.
This problem is easily solved by Least Connections, which works considering the requests that already exist on the server when distributing new ones.
However, this algorithm may not work depending on the technical capabilities of the servers. For this reason, it is recommended to be used in environments whose servers have the same features.
This algorithm works as a complement to Least Connections. In an infrastructure whose servers have different resources, it considers the requests for each piece of equipment, in addition to the weighting established by the administrator.
As with Weighted Round Robin, the most powerful server has the most weight. With this, one can distribute the load strategically, as new requests are directed to a server with the lowest assets/weight.
In addition to the four best-known load balancing algorithms presented in the previous topic, other types perform load balancing. Check some methods below:
To understand the importance of investing in load balancing, it is worth looking at the cost-effectiveness of this investment. In other words, how much it costs to have this service and how much your business can lose without correct load distribution.
If you have an e-commerce business operating during periods such as Black Friday, Christmas, Mother’s Day, Valentine’s Day, or other important dates for commerce, for example, the load balancer can avoid major losses.
In this article, we discussed what a load balancer is, its benefits, and its importance for companies. If our content was helpful to you, please share it with more people who might be interested in the subject.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
Before diving into what WSL2 is, how to install it, and how to use it – which we will – I would like to add some background information you might relate to if you were born in the 80s like me.
From a very young age I have felt attracted to computers, and in my childhood they were not as common as they are today, when almost everyone has one within reach.
I think my first encounter with a computer was when I was 11 or 12 years old, with an old computer that my father had in his office. I remember spending hours in front of the screen, although I’m not quite sure what I was doing, because at that time there was no internet.
That old computer had Windows 3.1; my first computer also meant my first Operating System was Windows, which I used in all its versions (and I will also spoil that I still use it). From then on I kept on using it, in fact, I didn’t know about anything else until I got to college and some friends told me about Linux (Mac was not an alternative for me).
Since I met Linux I fell in love with the penguin operating system, its philosophy and its fantastic terminal, so I started testing it on my home computer, with all the compatibility issues it involved at the time, when you spent half a day installing and two more looking for drivers. However it was a new experience and, although frustrating, totally rewarding when you achieved this sense of accomplishment. Of course, for me it was no more than an experiment for many years.
Half of my professional life revolved around Windows, from my first jobs as a microcomputer technician to managing servers and services based on Microsoft OS. I even studied at a Microsoft partner academy and got certified in Microsoft Windows Server 2012. It wasn’t until early 2013 that I had my first professional experience with Linux on an old web server that someone had to maintain. Indeed, that someone was me and I devoted many more hours than necessary to that lonely server.
Like many of you, I find myself in the following position: I love Linux and its ecosystem but it seems to me that Microsoft does a very good job on its OS and, for some reason, I always end up coming back to it. The ideal thing would be to have the best of both worlds. I’ve tried dual boot, virtualization, and cwin, but none felt like a full experience. I thought it was the best I could get even if it wasn’t ideal and just moved on, until Microsoft announced WSL.
WSL stands for Windows Subsystem for Linux, which was nothing more than a compatibility layer for native Linux environments within Windows. Its first version was announced in 2016 and it was big news. I remember having the Ubuntu 16.04 terminal running natively on Windows and thinking “this is what I’ve been waiting for, everything I need without losing compatibility”.
Unfortunately WSL, although very useful, had several shortcomings: all the executions were interpreted, there was no access to all the hardware of the machine, the overall performance was quite poor, etc. I didn’t stop using it, but it wasn’t suitable for everyone. Still, it was the first step. In 2019 they announced WSL2, which would no longer be interpreted, it would have the entire native Linux kernel and would be running on Windows at full performance. WSL2 was recently released for all Windows 10 2004 version users. It seems that having everything I needed is now becoming a reality. It’s not perfect, that’s for sure, but it’s impressive how well it works.
“It depends”, that’s the answer. Many of you, due to company policies, will not be able to change the OS of your computer or will be stuck with Windows for using the Office suite or Adobe tools, or even because you feel more comfortable on Windows rather than Linux.
In my case, I have the freedom to choose the operating system I use, my company does not enforce any restrictions as long as it stays updated and has an antivirus active. I have tried using Linux straight away and in the end I always have to go back to Windows or virtualize it and I prefer to virtualize Linux on Windows rather than the other way around.
In my day to day I have many different tasks, although I have a WSL2 terminal always open on one of my virtual desktops, I spend half of the day in meetings with different providers (webex on Linux is a nightmare). I use different VPNs and virtual client desktops, I edit videos for Pandora FMS YouTube channel, etc. And I do many of these things with tools that do not work quite well in Linux, so WSL2 has given me the almost perfect solution for my daily tasks.
(If you think you would be interested in reading an article about my workflow and all the tools I use, leave a message in the comment box).
If you are here, it is because you relate to one of the cases here exposed. Installing WSL2 is very simple, but let’s go step by step.
Remember that you must have Windows 10 version 2004 or higher to be able to use WSL2.
Checking it is as simple as pressing the start key, typing winver and pressing enter.
It will show you a screen like this, where you will see Windows 10 version.
If you comply with the correct Windows version, let’s get to work. If not, it is time to go update Windows.
Step 1: Enable WSL on your system.
The easiest way is to open a PowerShell terminal as administrator and run:
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
Don’t close the terminal or restart yet.
Step 2: Enable virtualization.
Execute the following command in the PowerShell terminal open as Admin.
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
Now restart the machine.
Step 3: Activate WSL version 2 as default.
Open a PowerShell terminal again as administrator and execute:
wsl --set-default-version 2
You will see a message similar to: “WSL 2 requires an update to its kernel component. For information, please visit https://aka.ms/wsl2kernel”. Go to the URL and download the package following the wizard steps.
Step 4: Download the distro, preferably from Windows store. Type in wsl in the search engine so that the options come out (personally I use Arch, but it is not in the store so it is a bit more complicated to install). I recommend installing Ubuntu, the first to be released and in my opinion the one with the most covering support.
Once downloaded, open it and the distro installation will start. It will ask for the username and password. For the Linux system you can set the one you prefer, it has nothing to do with the Windows user.
Once the installation is finished, you will see a screen similar to the following and the prompt ready to use Ubuntu bash.
Step 5: Check the installation from a PowerShell terminal, executing:
wsl --list --verbose
Where it will list the distros installed and their versions. I already said that it used arch and yes I also have Windows running in WSL2 for Docker. In your case, it will show just the one that you have installed, in this case Ubuntu, and it would have to be version 2.
With these simple steps you will have Ubuntu installed within Windows with its kernel at 100% and you can run all the tools you need, such as Docker natively directly in the Linux kernel (something that before with HyperV was not working for me and that WSL1 did not support).
Implementation is not perfect, it has many advantages but it also has some problems to figure out. Even so, I think it is the best current implementation to have a hybrid system where to enjoy the best of both worlds, so I recommend it 100%.
If you are interested in the subject, we can write an article listing the advantages, disadvantages and alternative solutions to certain problems that this technology currently poses. Let me know if you are interested in the comments.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
This article will give you an insight into virtual patching, what makes patching hard for businesses, the value of virtual patching and how to fix virtual patching issues. Let’s get started.
Virtual patching is the process of developing and deploying a short-term strategy to reduce the risks of exploitation that are connected with the discovery of new security vulnerabilities. It removes the possibility of hackers finding and exploiting application or system security flaws.
The main objective of virtual patching is to stop malicious actors from gaining access to a vulnerable application while implementing security solutions.
It enables developers and security administrators to keep a system or application functional until a vulnerability solution is discovered, developed and tested. The patch is installed on a few host systems and can be replicated across the application environment. Nevertheless, virtual patching is not a permanent solution and does not always detect all system or software vulnerabilities.
Virtual patching is also known as vulnerability shielding, which protects against threats that exploit new and known vulnerabilities. Virtual patching works by enforcing layers of security guidelines and regulations that prevent and intercept exploits from following network routes to and from exposures.
A multi-layered virtual patching method is ideal. This includes features for reviewing and blocking risky activities in business-critical traffic, detecting and preventing intrusions, stopping assaults on web-facing applications and deploying adaptably on cloud or physical platforms.
Here is how virtual patching complements an organization’s existing security technology, vulnerability and patch management policies:
When you study the different ways in which organizations can’t change the source code immediately, the benefits of virtual patching become clear. Based on the organization, the advantages include the following:
From the perspective of a web application security expert, virtual patching opens up another way for offering services to your clients. In recent years, if source code could not be modified based on the above reasons, there is nothing else a consultant could do to assist in solving the issues. A consultant can now offer to use virtual patches to solve problems that are outside the application code.
Some of the difficulties that organizations experience while implementing a virtual patch management system include the following:
When a vulnerability is discovered or reported, organizations need to be very quick and timely. It’s a golden chance for threat actors and cybercriminals. It takes 69 days for a typical firm to fix a critical vulnerability in its application. On average, it takes 60 days for businesses to realize they have been breached.
This window of vulnerability exposes unpatched systems to attacks. Threat actors began ransomware attacks against unpatched servers in January 2020, putting the networks of over 80,000 businesses at risk.
In today’s evolving environment, keeping up with security issues in complex software and web apps can be exhausting. In these circumstances, virtual patching is the best solution. It mitigates risk by patching web app vulnerabilities.
Virtual patches have different benefits over regular patching cycles, which consume a huge amount of time and money. Virtual patches can be installed within a few minutes at a low cost. Additionally, they should be incorporated in the security toolbox with other security technologies such as intrusion prevention systems, firewalls and better defense against developing threats.
Photo by Shubham Dhage on Unsplash
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About vRx
vRx is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
The Municipality of Avezzano is a small town in the province of L’Aquila (Abruzzo) and its territory extends over 100 square kilometers. It is made up of the main town and some hamlets and has more than 40.000 inhabitants. The IT service of the municipality consists of 4 people, who directly provide support and maintain the infrastructure for the approximately 200 employees equipped with IT tools.
During the 2020 pandemic lockdown, the municipality’s ICT service faced the challenge of “smart working” in order to allow their employees to continue in their valuable work of service to citizens and institutions. The classic equipment of municipal employees were desktop devices, posing an additional challenge to the Municipality’s ITC team: since it was not possible to equip each employee with a laptop, they were looking for a way to allow connections from the outside via the employees’ personal devices. The challenge was especially daunting considering the heavy security requirements an institution such as Avezzano has to adhere to.
Awingu was installed on a VMWare virtual machine and was configured by enabling the MFA function and then connecting the various desktop machines with RDP. On the devices used by remote users, the software for the management of USB keys for the digital signature of documents was configured and integrated into Awingu, which was another critical element indispensable for the proper performance of the public officials’ work.
The key role played by our technology partner IFIConsulting allowed us to identify the solution to our challenge in a very short time. IFIConsulting’s constant presence and collaboration were invaluable in addressing existing issues and were crucial in defining our future needs in terms of resources and performance.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Parallels
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.
Dublin, Ireland, 19th January 2022 – Similarly to other leaders across the globe, the Irish government recommend working from home to fight the spread of COVID-19. Many organisations have already shifted to a more permanent remote working approach, with a recent survey showing more than 90% of Irish executives have hired, or plan to hire people to develop their remote work policy. But with cyber-attacks continuing to rise, how can organisations ensure their remote assets are adequately protected?
Too often, many are still relying on the use of a VPN (Virtual Private Network), but these lack the granular controls needed to allocate users with specific rights and should never be relied upon as a single solution to enable remote working. To provide secure remote access, a flexible solution that can be scaled up or down when required is essential.
Awingu is a leading provider of secure remote access technology that has been recognised by Gartner as a ‘Cool Vendor in Unified Workspaces’. Organisations of all sizes can use Awingu as a cost-effective and simple workplace solution that, unlike other providers, does not require agents or software to be installed on end-user devices. Awingu runs entirely in the browser, where it combines existing applications into one online workspace without hassle, including SaaS and “legacy” Windows or Linux applications.
Awingu firmly believes in a “Zero Trust” security context for businesses. Zero Trust is an all-encompassing strategy involving users, devices, applications, networks and more. The solution enables more secure hybrid working and BYOD (Bring Your Own Device) policies through providing encrypted connections, multi-factor authentication, context-awareness, a full usage audit and eliminating the need to store data locally on devices.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Parallels
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.
About Renaissance
Renaissance has been a trusted partner to Irish resellers and their customers for over 30 years. With the introduction of 35+ new, cutting edge and industry leading Cyber Security and Compliance solutions into Ireland over the past 5 years, Renaissance has created a security ecosystem linking its Vendors, Value Added Resellers and End Users. Renaissance has built its reputation by offering leading edge market technologies, excellent pre/post sales service to its extensive network base, and an ongoing desire to bring added value to its customers. The Renaissance team have founded and continue to run the Cyber Expo & Conference Ireland, now in its 4th year. For more information,
NEW YORK and TEL AVIV, Israel, Jan. 18, 2022 /PRNewswire/ — SCADAfence, the global leader in cybersecurity for Operational Technology (OT) and Internet of Things (IoT) environments, announced today that they were named a market leader in the new ISG Provider Lens™ – Manufacturing Industry Services 2021 report which was published by ISG, a leading global technology research and advisory firm.
Analyst firm ISG has recognized SCADAfence as the market leader in portfolio attractiveness & competitive strength in their latest ISG Provider Lens report
In this quadrant report, ISG lays out the current market positioning of providers of OT security solutions and how they address the key challenges that industrial organizations face. ISG observes that the traditional OT security market is niche and mature, with focused products that address legacy industrial platforms and networks. As these legacy systems evolve into cyber-physical systems, their security becomes strategically important for both OT and IT stakeholders. ISG’s 2021 report is relevant to enterprises across all industries that are evaluating solution providers of OT security solutions.
The ISG report commends SCADAfence for its unique approach to governance and compliance in OT security. SCADAfence’s industry-leading IT/OT governance and compliance portal takes the passive data existing in their networks and enables customers to find out their degree of compliance with their industry standards. The portal covers industrial compliance frameworks such as IEC62443, ISO27001, NERC, NIST, CMMC, and other important compliance regulations. ISG analysts view the governance portal as a true differentiator for SCADAfence in the OT security market.
ISG highlighted the different product strengths of SCADAfence in the OT security landscape such as the new multi-site portal and 100% deep packet inspection. The analysts noted SCADAfence’s multisite portal benefits their customers with central configuration, management, licensing, and centralized software updates all in one platform. The full report can be accessed here.
“We are pleased to recognize SCADAfence as a leader in our quadrant report,” said Avimanyu Basu, Senior Lead Analyst at ISG.
“SCADAfence’s OT security platform DNA is integrated with a product-led growth approach around IT/OT governance and compliance and proprietary DPI-based technology. With their advanced OT security capabilities, we expect SCADAfence to dominate the OT security market.”
“We’re honored to be recognized as a leader by ISG in their Provider Lens report for Manufacturing Industry Services 2021, OT security solutions,” said Elad Ben-Meir, CEO of SCADAfence. “This acknowledgment and industry recognition for our ongoing efforts in the OT & IoT security space is an affirmation of our hard work and the strength of our unique product vision in the OT security market.”
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
BRATISLAVA, MONTREAL — January 18, 2022 — ESET researchers have uncovered recent campaigns and an updated threat arsenal of the infamous APT group Donot Team (also known as APT-C-35 and SectorE02). According to research findings, the group is very persistent and has consistently targeted the same organizations for at least the last two years. For this research, ESET monitored Donot Team for more than a year from September 2020 to October 2021. According to ESET telemetry, the APT group focuses on a small number of targets primarily in South Asia — Bangladesh, Sri Lanka, Pakistan and Nepal. However, targeting embassies of these countries in other regions, such as the Middle East, Europe, North America, and Latin America, is not outside the group’s realm. These attacks are focused on government and military organizations, Ministries of Foreign Affairs, and embassies and are motivated by cyberespionage.
Donot Team is a threat actor operating since at least 2016 that is known for targeting organizations and individuals in South Asia with Windows and Android malware. A recent report by Amnesty International links the group’s malware to an Indian cybersecurity company that may be selling the spyware or offering a hackers-for-hire service to governments of the region.
“We have been closely following the activities of Donot Team, and have traced several campaigns that leverage Windows malware derived from the group’s signature yty malware framework,” says ESET researcher Facundo Muñoz, who led the investigation into the group’s activities.
The main purpose of the “yty” malware framework is to collect and exfiltrate data. The malicious framework consists of a chain of downloaders that ultimately download a backdoor with minimal functionality, used to download and execute further components of Donot Team’s toolset. These include file collectors based on file extension and year of creation, screen capturers, keyloggers, reverse shells, and more.
Countries targeted in recent Donot Team campaigns
According to ESET telemetry, Donot Team has been consistently targeting the same entities with waves of spearphishing emails every two to four months. The spearphishing emails have malicious Microsoft Office documents attached that the attackers use to deploy their malware.
Interestingly, the emails that ESET researchers were able to retrieve and analyze did not show signs of spoofing. “Some emails were sent from the same organizations that were being attacked. It’s possible that the attackers may have compromised the email accounts of some of their victims in earlier campaigns, or the email server used by those organizations,” says Muñoz.
In the latest blogpost, ESET has analyzed two variants of the yty malware framework: Gedit and DarkMusical. ESET researchers have decided to call one of the variants DarkMusical because of the names the attackers chose for their files and folders: many are western celebrities or characters in the movie High School Musical. This variant was used in campaigns targeting military organizations in Bangladesh and Nepal.
For more technical details about the Donot Team’s latest campaigns, read the blogpost “DoNot Go! Do not respawn!” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
