Skip to content

Why Customers Love Keepit’s Ease of Use

The Keepit Approach to the Five Quality Components of Usability One prominent aspect of Keepit’s cloud backup and recovery solution that customers rave about most is its simplicity and ease of use. Where other similar solutions often require weeks of training, the Keepit solution is plug and play, capable of being implemented and fully operational within minutes – and by everyone on the team. No extensive courses and diplomas are required. The intuitive ease with which Keepit locates and restores files also means our customers are actively incorporating it into their day-to-day internal support operations, rather than just using it for finding and recovering files that have simply gone astray. The ease of use comes from a dedicated design process, which puts usability up front and users in the driver’s seat. There are many different opinions on what the word usability means, so here at Keepit — as with many other things — we are inspired by what we observe in the workplace and then have our take on it that fits our product. The Keepit Design Hierarchy Creating and following a design hierarchy goes to the heart of how we build and continue to improve Keepit’s backup solution. For every design and feature we implement, Keepit follows a clear usability vision that strongly focuses on following a design code. The hierarchy in which we make design and usability decisions is built around Principles, Pillars, and Patterns. Starting with our Design Principles, everything we do is based on these principles: They are abstractions of how we design our products and help designers make the right decisions. Design Pillars are more focused on how we implement designs and how the user should experience the Keepit solution. Pillar example: “The right functionality, at the right time, to the right person.” This Pillar is used rigorously for each feature we create throughout the entire user flow. Is this the right functionality being presented to the user? Is this the right time to show this functionality? Will it work for the person who is going to use it? Finally, we have Patterns. Design Patterns are specific implementations of functionality. This could be how we implement breadcrumbs, how we handle truncation, checkboxes, dropdowns, and wizards, just to name a few. Defining Usability Usability is a quality attribute that assesses how easy user interfaces are to use. The word ‘usability’ also refers to methods for improving ease of use during the design process. The most popular definition of Usability has five components, as explained by the Learnability: How easy is it for users to accomplish basic tasks the first time they encounter the design? Efficiency: Once users have learned the design, how quickly can they perform tasks? Memorability: When users return to the design after a period of not using it, how easily can they re-establish proficiency? Errors: How many errors do users make, how severe are these errors, and how easily can they recover from the errors? Satisfaction: How enjoyable is it to use the design? There are many other important quality attributes, one of which is utility, which refers to the design’s functionality. In other words, does it do what users need? How Keepit Measures Usability Learnability in Keepit: Let us look at the first item: Learnability. The nature of a backup application is not something our users check in to merely to “get a dopamine kick” from watching cool facts about their running backups. Instead, backup is more “set it and forget it,” and usually, our users come to the platform for one of two reasons. One, is to make sure that everything is running as it should. Two, is to restore data that was lost. For many of our users, the fact that the application is so easy to learn and understand saves them much time, money, and the frustration of being unable to find the data that needs to be restored. Memorability in Keepit: Our approach is not just that things should be easy to learn but also that they must be easy to get back into after being away for a period of time. We do this with a consistent system: most things work in a predictable, similar way, following the same ideas. This increases the chance that something is memorable and easy to re-learn. There are, of course, many things we do to improve the memorability of Keepit, with consistency and recognizability of the applications they are backing up being just some of them. Efficiency in Keepit: All of this leads to Keepit’s Efficiency. We like to look at efficiency from the point of view that you should “take the time to look before you jump.” This means we do not consider “few clicks” a success criterion in itself, but rather, we consider “carefully placed” clicks as a step in the right direction – i.e., solving the problem with just the right number of clicks. Errors in Keepit: Naturally, we do everything within our power to ensure the number of mistakes made in relation to the task being solved is at a minimum and that a tight correlation exists between the number of errors the user is making and the solution’s efficiency. Every time the user makes an error, it sends them back into the flow, and they will have to redo actions, which again leads to an ineffective solution. Learnability and memorability directly impact the user’s errors, so everything is connected, as you can see. Satisfaction in Keepit: Finally, there is one more thing to address: satisfaction. Satisfaction is a tricky topic to discuss when talking about a solution that’s practical in nature and does not contain any real incentive to be a pleasurable experience. In the Keepit design, we have gone to great lengths to fight against the tendency of “functional design” that flourishes in the world of IT management tools. Instead, we have moved toward the concept of “emotional design” because IT administrators also deserve good tools. In functional design, where the idea that showing everything all at once means more control and empowered admins, Keepit believes showing the right thing, at the right time, to the right person offers the ultimate degree of control and empowerment. We also believe that creating a pleasurable and satisfying experience with administration tools like Keepit, where everything “just works,” frees up administrators to focus on other priorities. Final Thoughts Despite our mission to create the perfect solution that requires no previous knowledge to recover data, we are painfully aware that achieving perfect usability is a goal yet to be reached. But we strive every day to get there. That said, we recommend that our users regularly make sure they understand the flows and the emergency training so that in the case of an emergency, they know exactly what to do and when to do it, which we’ll save for a future blog post. At Keepit, we put a lot of effort into ensuring that the design leaves little room for mistakes and is easy to pick up again after a long vacation – even for an inexperienced administrator. Help The Keepit Design Team We are always looking for people who would like to provide feedback on our solution and help us create the best design in the world. Please if you are interested in becoming part of the user feedback forum.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Common SD-WAN Challenges & How to Avoid Them

A Software-Defined Wide Area Network (SD-WAN) enables organizations to rely on a combination of transport services. The increasing use of SD-WAN for connecting enterprise networks improves productivity, reduces cost, and increases application performance.  

It is a feature-packed technology that centralizes security, management, networking, and more. Consequently, organizations with cloud solutions view SD-WAN as an infrastructure upgrade to operations. 

Wrong Approaches

A frequent occurrence with businesses is the focus on individual technical elements. Unfortunately, many such enterprises fail to realize  the need to address end-to-end solutions. 

Selection should encompass all available approaches with the choice that best suits the company’s needs, budget, and savviness. Another aspect to  consider is the fact that IT teams often fixate on price. Unfortunately, most of them misinterpret prices, opting for cheaper options resulting in  poor network performance .  

Such 0rganizations often soon encounter issues with high latency, prolonged downtimes, less supportive service-level agreements, and more. As enticing as cost savings can appear, ensure it never poses serious risk to your network connectivity or SD-WAN designs. 

Responding to this Challenge:

  • Ensure that all choices and approaches produce maximum results for the company’s network. 
  • Consider platforms with built-in cloud and security vendor access for appliances. 
  • Ensure to prioritize necessary performance features over novel ones. 
  • Technology evolves at a rapid pace, so plan accordingly with future long-term growth in mind.

Overlooking the Quality of Service (QoS) Concept for SD-WAN

One attribute that should never get overlooked is the QoS. An equally important aspect is the quality of experience. However, SD-WAN service providers never seem to offer end-to-end prioritization. Although it provides an efficient traffic segmentation and path selection, traffic movement often gets delayed. Therefore, seeking an SD-WAN approach with ‘fail safe’ technology features is crucial. 

These options must offer superior performance to MPLS across all applications. MPLS itself comes with end-to-end QoS via six settings for service-level categories, though also with delayed traffic movement.  

Responding to this Challenge:

  • Never compromise on the quality of service and quality of experience with network connectivity.  
  • Be sure to purchase local site-by-site internet underlay with low-cost service that provides high QoS and QoE along with various available features.Consult with experts to get the best-customized recommendations. 

SD-WAN Security Requirements

Some SD-WAN technology lacks security capabilities. Unfortunately, these security lapses often open the door to cyber threats. 

 For instance, there’s usually an edge security change with SD-WAN features such as virtual private network (VPN) deployment. In other scenarios, data get transferred with every migration to cloud solutions. Therefore, deploying hardware and virtualized instances with accessed security policies still comes with risks. 

 Responding to this Challenge 

  • Organizations should take time to research all vendor claims and ensure all security functions meet  company criteria. 
  • Strategize the integration of cyber security and networking solutions instead of separating the two. 
  • Make it a habit to add new layers of security systems where and when necessary. 
  • Try integrating existing security with SD-WAN solutions. 

SD-WAN Management Issues

Today’s SD-WAN solutions help to blur the lines between DIY and the type of management structure in place. Organizations never get to pick the management level traditionally. One of the drawbacks of the SD-WAN model is that it breaks most businesses’ existing centralized security inspections.  

Organizations often build hub network architectures designed around the consolidation of data streams. The idea is to backhaul traffic through a centralized channel into data centers. Firewalls are used to create  single security inspection points  so that packets get examined before making it into the data center. The presence of an SD-WAN architecture makes this method ineffective. 

By default, SD-WAN solutions lack integrated security that allows routing all traffic through a full security stack for inspection. There’s also the task of threat prevention before proceeding to its destination. 

 With SD-WAN,  lots of traffic moves outside the data center perimeter. As such, connections to the cloud from external sources like remote workers never go through the traditional inspection process. 

The outcome for organizations is a forced decision. They have the choice of forgoing the benefits of SD-WAN by backhauling traffic to the data center for inspection, or simply not securing traffic on the WAN at all. 

Responding to this Challenge:

  • Give the required training to the IT team and staff members  
  • Get dedicated staff that can oversee the end-to-end SD-WAN implementation 
  • Infuse post-implementation monitoring and management into the company’s activity. 

Cloud Connectivity Requirements

When it comes to selecting SD-WAN projects, vendors and the IT team require cloud connectivity to either AWS, Google, or Microsoft Azure. Therefore, SD-WAN vendors typically belong to one of three categories based on their cloud access capabilities. 

  • Native Cloud Access: This category includes built-in access to the vendor’s SD-WAN architecture . It involves using the cloud’s backbone infrastructure for connecting to branch office sites. For vendors that adopt the cloud as a global backbone, this is an everyday occurrence. However, this option is better for connecting to  local cloud data centers since the deployment of cloud gateway architecture is a unique system. 
  • Vendor Access Provision: This category entails vendors delivering SD-WAN appliances to a cloud environment through public gateways or private backbones. Such an option comes with more flexibility regarding  vendor features. Public gateways and private backbones route traffic more efficiently than the Internet. 
  •  Customer Access Provision: Here the customer is responsible for deploying the appliances in the local cloud-based data center with this option. This option offers cloud access in a more ad hoc and  simplified architecture. 

Responding to this Challenge:

  • Normalize analyzing deployment needs and internal application performance. 
  • After implementation, monitor application performance. It ensures that the business takes timely actions and prevents any form of disruption. 
  • It’s crucial to decide the bandwidth requirements and latency policies in a multi-cloud environment. An excellent way to achieve this is by evaluating service dependency on several micro-service segments.

These shortcomings aside, SD-WAN offers numerous benefits for organizations  looking to optimize and transform their corporate networks.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

SafeDNS Recognized as the Must-Have IT Tools for IT Professionals

GetApp, an established software review, and recommendation engine, featured SafeDNS in its “10 Must-Have IT Tools for IT Professionals” report. With an overall rating of 4.7,SafeDNS was mentioned as one of the Must-Have IT Tools for IT Professionals with an overall positive rating of 97%.

Not only this, SafeDNS is a winner of not 1 but 2 GetApp Category Leaders reports in the first half of this year! Check out our incredible win:

SafeDNS has been a top-rated product on GetApp. Our users have made it possible! Check out our performance on GetApp –

Here’s what our users have to say about us:

SafeDNS is a really great product, we have been using it for over 5 years now and it’s really robust. We deploy for all our customers internal networks and this includes our Azure infrastructure and it just works.”

Jason T.

We have been using this software for years and are very happy with the results. School and Parents are grateful for the safety this software brings to us. When I check our stats and can see the protection that is being provided. Makes us very happy.”

Ruth P.

Want to review SafeDNS? Click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Windows Registry Forensics – Pt. 2

Intro

I talked for a bit about the Windows Registry and what are its main purposes, as well as what we can do with it; before delving further into that, I wanted to briefly mention a tool you might use for your forensic Analysis – Autopsy.

I will also just touch upon another tool you might use as well – FTK Imager.

Finally, I will also provide some useful links at the end of the article.

 

Data Acquisition

So, you have a disk to analyze, and want to access it so you can dig around for useful artifacts to uncover what has transpired on the said system. Remember that your disk needs cloning/imaging – this is best practice, and you should always try to copy the data you want to do some forensics on. This is also known as data acquisition.

By now, you know that you can look at the Windows Registry with the registry editor (regedit.exe), however the best way to do this is to acquire a copy of that data and analyze the copy.

Tooling

You can go to %WINDIR%\System32\Config and try to copy those files that are in fact our registry hives:

I selected the files here and tried to copy them to my Desktop:

After checking the box and clicking on continue, Windows won’t let me copy the files to the desktop:

This happens because the files are restricted.

Luckily, there are tools that can help us with acquisition of the registry hive files. One such tool is Autopsy, which lets you acquire data from both live system and disk images.

Once installed and ran, you need to create a new case:

You then have some optional info to fill, to help you stay organized etc. (I won’t be doing that here – see the image below)

Further, you need to add a data source:

I am choosing Disk Image or VM file here which I previously downloaded from the Cfreds (Computer Forensics Reference DataSet portal) found here:

Note that if you download the dataset I linked, you should download all the files from .7z.001 to .7z.003 and place them in the same folder; afterward, just extract the .001 and 7z will know to merge the three files together, giving you the disk image I am using in the article here.

For the configure ingest step, you can do a lot of stuff here, but I am choosing just two options – Recent Activity and File Type Identification. If you were to choose all for let’s say a disk that’s slightly larger, you’d have to wait for a bit, before Autopsy did all its stuff.

Now, I just must wait for Autopsy to do its thing and see what I’ve got!

One more quick note: This can take some time and eat up your RAM – Autopsy 64bit recommends you have 16GB RAM. Also, when ran on Windows it will create a max heap size of 4GB, leaving the remaining memory to the OS, and Solr text indexing service. You can change this value by changing the value of Maximum JVM memory, found under Tools -> Options -> Application as shown in the image below:

Going back to our dataset, the situation is now looking something like this:

As you can see in the screenshot above, Autopsy has found a bunch of very interesting things! From Installed software to OS info, Web History, Bookmarks… so many artifacts! 

But, since the topic here is the Registry, let’s investigate that specifically.

Before going further, I’d like to add that this image comes with 12 questions for you to try and answer. This is perfect for the scope of this article and the reason why I included it.

I will answer a couple of questions and leave you to try and solve the others yourself. With some Google-fu, you could probably find the answers online, but for the sake of learning do try to go for the questions yourself first. (There’s even a Youtube video, that I won’t link here, but if you get stuck search for it, or write in the comment section of this article and I will share it with you)

Practice Questions

The questions are:

  1. What operating system was used on the computer?
  2. When was the install date?
  3. Who is the registered owner?
  4. What is the computer name?
  5. Who was the last user to logon into PC?
  6. What is the account name of the user who mostly uses the computer?
  7. When was the last recorded computer shutdown date/time?
  8. What is the timezone settings?
  9. Explain the information of network interface(s) with an IP address assigned by DHCP.
  10. List all accounts in OS except the system accounts: Administrator, Guest, systemprofile, LocalService
  11. What applications were installed by the suspect after installing OS?
  12. List external storage devices attached to PC.

Q1: What operating system was used on the computer?

A: For this, we can look under the Operating System Information – which is the output for the ingest module:

On the righthand side we can see two source files for the Software hive, by clicking on one of those, we can see in the window below all that Autopsy knows about this image.

From the underlined part above, we can conclude that this is a backup of the Registry – because of the RegBack in the path.

When we look at the second Software Hive, we can see what OS is used on this computer:

We now know the answer to first question is – Windows 7 Ultimate SP 1.

  

Q2: When was the install date?

A: I will just drop a hint here! The answer is already visible… no need to even install Autopsy and load the image from this article.

Q3: Who is the registered owner?

A: See above.

Q4: What is the computer name?

A: Same as Q3.

Q5: Who was the last user to logon to the PC?

A:

Q6: What is the account name of the user who mostly uses the computer?

A:

Q7: When was the last recorded computer shutdown date/time?

A: We can look at the System Hive again, and click on the Application tab (remember to use the one that doesn’t have RegBack in its name)

Under application, we drill down to ControlSet001, expand the Control node, and go all the way down to the Windows node (notice the size of the scroll bar)

Highlighting the Windows node, we can see the ShutdownTime key, which we now just need to convert to something human readable

We go to our trusty Cyberchef and create our recipe to decode this value.

Step 1 – We change the Little Endian in our Cyberchef recipe – we used Swap Endianness recipe

Note that I copied the value from Autopsy, but removed the whitespaces

We’re also converting from 8 byte words, so I changed the default 4 byte word length to 8 bytes.

Step 2 – We search for Remove Whitespace module and add it to our recipe

Step 3 – We add Windows Filetime to UNIX Timestamp to our recipe

The output above is what we’re after, we just need to convert the UNIX timestamp. Also, the default is Decimal, which I changed to Hex (Big Endian)

Step 4 – For our final step, we add one last ingredient to the recipe – From UNIX Timestamp

And that’s it! The answer to our question is – last recorded shutdown time was on Wednesday, 25th of March, 15:31:05 UTC, 2015

*Note that in the Windows Filetime to Unix Timestamp Hex (big endian) is selected. Change it to Little endian, and pay close attention to the output.

Questions 8 to 12 (and other unanswered questions) are left for you to try and solve. Feel free to share your experiences, results, or anything really, in the comment section!

FTK Imager

Before concluding, I wanted to mention another tool you might end up using in your analysis – FTK Imager.

This one can also extract files from a disk image (or a live system) through the mounting of the disk/drive in the program.

Below is one screenshot of my mounted C: drive.

You can also extract the Registry Hives with FTK Imager by clicking on the little yellow safe icon (image above) – called Obtain Protected Files.

This option is only there when a live system is being investigated. Also, I’d like to note that this option, even though it can extract all the hives to a path you chose, it isn’t able to copy the Amcache.hve (See 1st part of the series) which keeps information about executed applications, which are usually interesting (even necessary) to investigate when conducting a forensic analysis – specifically because it contains evidence about programs last executed.

Conclusion

I hope you liked my part 2 of the series! It was a blast for me, and I will continue with this topic in the future.

I purposefully chose to make a ‘demo’ by using a tool, but I will also write about some important artifacts/keys that you might want to keep in mind when investigating those hives!

Stay tuned.

 

Links/Resources

https://www.autopsy.com/

https://what-when-how.com/windows-forensic-analysis/registry-analysis-windows-forensic-analysis-part-1/

https://content-calpoly-edu.s3.amazonaws.com/cci/1/documents/ccic_forensics_manual/CCIC%20Chapter%204%20-%20Understanding%20the%20Registry.pdf

https://cfreds.nist.gov/

Cover image by Alexandre Debiève

#autopsy #registry #ftk_imager #windows #hives

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Strengthen your vulnerability management program with asset inventory

Vulnerability scanning plays a crucial role in any enterprise security program, providing visibility into assets that are unpatched, misconfigured, or vulnerable to known exploits. Customers tell us that they can take action on their vulnerability scan results most effectively when paired with comprehensive asset and network context.

runZero’s vulnerability management integrations let Enterprise users:

  • Add asset and network context to their vulnerability data
  • Identify gaps in vulnerability scan coverage
  • Expedite response to new vulnerabilities

Adding context to your vulnerability data

Just like the other inventory views, the vulnerability inventory supports the use of queries to filter your results. You can craft a query using the supported tags, Boolean operators, and numeric comparison operators. A query like this one will list the critical vulnerability results found on your Cisco hardware: hw:Cisco AND severity:critical. Try this one to identify vulnerabilities with a CVSSv2 score of 6.5 or more on EOL assets: os_eol:<now AND cvss2_base_score:>6.5.

Some organizations find it helpful to prioritize remediating vulnerabilities on public-facing assets. With runZero you can easily find them by querying your vulnerability results using fields related to IP addresses. Not only can you use filters like cidr: to include or exclude particular address ranges, but you can also use has_public:t to find results on assets with public IP addresses. Just like in the other inventories, these query parameters can be combined to find exactly the results you need.

Closing vulnerability scan gaps

Being able to track down assets impacted by newly disclosed vulnerabilities is great, but how can you be sure you’re scanning everything by addressing gaps in your scan policies? As a starting point, you can evaluate the assets that have been identified by runZero but are not included in your vulnerability results. You can leverage the source column to identify assets that are known by runZero but are not included in your vulnerability scan results. Try out this query in your asset inventory to see which IP addresses you may not be vulnerability scanning (if you changed the minimum severity setting in your integration configuration, this may not be as accurate for you): source:runZero AND NOT source:[VM vendor]. Swap [VM vendor] with the name of your integrated vulnerability management vendor in any query to find the right results:

  • Qualys: source:runZero AND NOT source:qualys
  • Rapid7: source:runZero AND NOT source:rapid7
  • Tenable: source:runZero AND NOT source:tenable

The same logic can be used to find high-value assets or subnets that are not covered by your vulnerability scanning. If you’ve been using sites or tags to organize your assets, you could use the site: or tag: query fields with AND NOT source:[VM vendor] to find matching assets that have not been vulnerability scanned. You can also search for services or protocols that might be a cause for concern, such as protocol:smb AND NOT source:[VM vendor] to find SMB services on assets that haven’t been vulnerability scanned. The query logic also supports filtering by IP address ranges or subnets, meaning you could use cidr:192.168.30.0/24 AND NOT source:[VM vendor] to find unscanned assets in that subnet.

Since many vulnerability management solutions support importing a line-delimited list of IP addresses into a scan policy, you could use the results of these queries as a scan range. Simply export them to a CSV from the runZero Console then copy the address column into a text file. Or, if you’d prefer to use the export API, the following command will pull the results into JSONL format, filter for the address field, and clean up the extra characters. Just switch [VM vendor] in the URL to the right value and you’ll be left with a line-delimited text file of all the addresses that you might not be vulnerability scanning.

curl --location --request GET 'https://console.runzero.com/api/v1.0/export/org/assets.jsonl?search=source%3A%22runzero%22%20AND%20NOT%20source%3A%22[VM vendor]%22&fields=addresses' \
 --header 'Authorization: Bearer <EXPORT API TOKEN>' \
 |  jq -r ".addresses[]?" | sort | uniq > IPsNotVulnScanned.txt

Expediting your response

When the latest vulnerability hits the news, you can use runZero in many cases to quickly check for impacted assets. runZero’s Rapid Response series is a great way for readers to stay on top of breaking security news and track down affected assets. The ability to query across vulnerability and asset details can help you find impacted assets while you’re getting your vulnerability scanner ready for a full analysis. This is just one example of how a comprehensive asset inventory can work in tandem with your vulnerability management tools.

runZero’s rich datasets of devices, manufacturers, and operating systems, coupled with our highly-tuned scanning and processing logic, provides high quality and high confidence asset and service fingerprints. Pulling your vulnerability data into runZero lets you leverage our extensive fingerprinting capabilities to enrich your vulnerability scan results with the asset and network data being gathered by your runZero Explorers, letting you find vulnerabilities impacting specific operating systems, hardware, or services.

With the data already collected by your runZero Explorers, you can quickly identify vulnerable or exploitable assets based on various datapoints, like vendor name and service version. For example, you can use the following query to find BIG-IP assets that might be vulnerable to authentication bypass without having to run a new scan.

_asset.protocol:http AND protocol:http AND (service.vendor:F5 OR html.title:"=BIG-IP%" OR html.copyright:"F5 Networks, Inc" OR http.body:"/tmui/" OR favicon.ico.image.md5:04d9541338e525258daf47cc844d59f3)

When updated vulnerability scan data is available, you can use queries to find results that match a specific CVE or scan plugin ID to better prioritize your remediation efforts. For example, this query can help you find external-facing assets with vulnerable Log4Shell installations: has_public:t AND cve:CVE-2021-44228.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Digital security and the generations

The notion that only young people use the internet is long gone. The fact is that the online world has consumed all of us. We may not like it, but by all of us, we mean toddlers to seniors. And therefore, we should all consider ourselves the “digital generation.” But that does not mean we all perceive and use technology the same way. There are certainly tangible differences in how we interact with technology.

The younger a generation is, the sooner they were likely to have been introduced to technology. On the other hand, older generations may have become familiar to technology later in life, but combined with their life experiences, they might have approached their technology use more responsibly. The approaches different generations take is certainly different; some are earlier adopters of innovations, but one does not lag behind the other.

The Pew Research Center conducted research in 2021, where they measured generations’ use of the digital world. For example, 99% of Gen Z and Millennials claim they use the internet. Gen X has a slightly lower usage, which still comes to 96%, compared to the Baby Boomers, where only 75% claim they use the internet. The interesting finding of the study is that since the year 2000, the gap between the oldest and the youngest internet users has gotten smaller, from 56 to 44 percentage points.

The data doesn’t lie, and proves that in fact all generations are part of the digital world. The difference is their involvement, perception and use. Generations look at technology and innovation based on their own background and knowledge. And that differs among virtually all of them. Many of them came into a world that was already full of technology, and others had to adapt to it at a more mature age.

And the same goes for digital security. Contrary to popular belief, growing up with technology does not automatically make you more conscious of digital privacy and security. Industry leader NTT’s study shows that people over 30 are more likely to adopt better security practices than the younger generation, Generation Z. Gen Z, even though they grew up surrounded by technology and the risks it poses, are much more laid back and less responsible. They value flexibility and productivity over caution and responsibility. Furthermore, the study found that almost 40% of Millennials would opt to pay a ransom or already have paid one in the past.

To support that, let us present one more study. This time, LastPass studied people’s online behaviors regarding passwords. It revealed that from Baby Boomers to Gen Z, people approach their digital safety and security differently. They found that despite being exposed to technology at an early age, Gen Z is least concerned with their security. On the contrary, Millennials and Baby Boomers are most concerned about their online safety and take extra measures to ensure their digital security.

Not only are the various generations’ use of technology and approaches to digital security different, the threats awaiting them in the digital world also differ. Since they all act in a distinct fashion, they are vulnerable to different types of online safety threats. For example, for teenagers and young adults, currently Gen Z and Alpha, one of the biggest threats is cyberbullying. Older generations face financial abuse, identity theft and other security attacks. Their knowledge on the topic also varies, making them more or less vulnerable to digital threats.

Kids from the age of 3 use devices to watch videos, while our elders use them to stay connected to their families. And for everyone in between, whether it be a Millennial or a Baby Boomer, online behaviors are different, and it is evident that there are different digital security approaches. However, whether you are a security expert or a basic user, without the proper protection and education, you may fall prey to malicious actors on the internet at any time.

It becomes evident that there is no one approach to digital security that fits all. Whether it is one’s personal security, privacy and safety, or an approach taken by a business, the solution is not set. Personalized protection, however, is not always possible. Everyone’s needs are different, and to cater to all would be virtually impossible. Some people and businesses prefer to have somewhat greater or less control over their protection, while others prefer to not be disturbed by it at all. Perhaps the easiest solution in situations like that is to have protection that you don’t have to think about at all. A silent knight protecting your digital world at all times.

One way for customers to procure that is when their Telco or ISP takes direct care of their protection, so they don’t even have to think about it. A solution like this can be incorporated into an ISP or Telco product offering, for example, ESET NetProtect. This security approach can give customers peace of mind, knowing their provider is taking care of their digital security on their behalf.

ESET NetProtect is not only easy to integrate, but also a great addition to a sales plan. Its reputation builds on its easy integration into existing Telco or ISP service offerings, while delivering full-service protection against malware, loss of privacy and phishing on all personal devices. NetProtect makes safe and secure browsing a matter of course. This offering keeps devices safe and online browsing safe from suspicious domains and websites. It also has a filter that allows you to blacklist domains and content categories based on user preference.

And above all, this product runs on your device, without you having to worry about it. Its user-friendly management with a range of settings ensures your overall satisfaction.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Presenting The SCADAfence Cloud

A SCADAfence New Feature Report

SCADAfence now offers new advanced services via our cloud. We use the cloud to deliver continuous OT security updates, software upgrades and OT health monitoring.

Continue reading

Cutting Through the Hype of Securing the Zero Trust Edge

What is Zero Trust?

Zero trust is a strategic approach requiring all network users to be authenticated, authorized, and regularly validated. The framework covers the internal and external users of an organization’s network.  

As a cybersecurity concept, it requires full awareness of security policy based on established contexts rather than assumptions. A well-defined zero trust architecture results in simpler network infrastructure, improved defense mechanisms, and a better user experience.  

How Does Zero Trust Work?

Zero trust pretends there is no traditional network edge in the cloud or hybrid, whether local. Its maxim is to always verify, and trust no user or device. 

The core philosophy of zero trust security is to presume that every user or device is hostile by default. As a model, it responds to the fact that the perimeter security approach isn’t 100% secure. The ability of cyber criminals to breach data even with corporate firewalls is enough proof. Users also access networks from different devices and locations, making  it  harder to clearly define perimeters while increasing the risk of security breaches.  

The approach zero trust uses is to treat all traffic as hostile. For instance, workloads get validated by a set of attributes before they can communicate. It also involves using fingerprint or identity-based validation policies to attain stronger security.   

  Zero trust draws on technologies, calls on governance policies, and uses push notifications for effective security. Since protection is environment-agnostic, zero trust secures applications. Moreover, it securely connects devices and users via business policies over any network. That way, it can enable a safe digital transformation. 

Why is Zero Trust Important?

The primary reason for introducing zero trust is to reduce risks. However, it also helps to manage risks associated with remote work, insider threats, and third-party and cloud security . 

  • Zero trust protects  organizations in various ways  including: Giving visibility to potential threats while improving proactive remediation and response. 
  • Preventing cyber threats like malware from gaining network access. 
  • Simplifying the management of security operations centers through enhanced automation. 

The Benefits of a Zero Trust Edge

The cloud environment is a highly attractive opportunity for cyber actors to steal troves of sensitive data, financial information, and intellectual property.  

While no security strategy offers a perfect solution to data breaches, zero trust helps reduce the surface attacks and the severity of cybercrimes. This includes the reduced cost and time spent responding to  breaches. 

The approach of not trusting any connection without the necessary verification is a crucial factor. Furthermore, companies deal with many cloud, data sprawl, and endpoints, making  it only logical to adopt a system that guarantees security.  

Other highlighted benefits include:  

  • Reducing the reliance on point solutions designed to detect and stop threat activity. 
  • Limiting possible avenues for data exfiltration. 
  • Enhancing the authority and use of authentication 
  • Reducing the literal movements of attackers within an organization
  • A sneak peek into all user activity
  • It offers improvements in both on-premises and cloud-based security posture.  

Cutting Through the Zero Trust Hype

There’s no doubt that zero trust architecture gives a new face to trusted network-defining perimeters. However, it remains a theoretical concept in practice for many establishments. 

The challenge for these organizations becomes looking beyond the buzzwords of vendors. They need to put the possible outcomes of any security technology into consideration. One major point to note is that the designs of security solutions follow core principles. The zero trust edge security model also has principles that need evaluation before its adoption. 

According to Forrester’s research, the Zero Trust concept focuses on the integrated, dynamic ecosystem of security capabilities and technologies. Simply put, the principles highlight three areas access denial to applications and data by default. These include threat prevention by granting access to networks utilizing continuous and contextual organization policy, risk-based verification across users, and their associated devices. 

Any establishment wishing to integrate the zero trust model  must consider certain parameters such as: 

Internal Applications

An application lacking micro perimeter compatibility or Application Programming Interfaces (API) support to automation finds zero trust implementation impossible. Also, adding new security parameters to existing applications to make them zero trust-aware may not work. Furthermore, it may lead to an existing application’s inability to accommodate a zero-trust model.  

What becomes obtainable is a  good level of reliance on custom applications, while determining the effort and potential cost required. 

Transformation in the Digital Sphere

Adopting the zero trust edge security model could be challenging for organizations using Cloud, DevOps, IoT, and IIoT. These applications do not inherently support the zero trust model. One reason is that they require additional technology to enforce or segment the model. In addition, a straight migration of a raised floor to the cloud discourages zero trust integration. Nonetheless, to bypass this challenge, organizations must develop new cloud applications as a service. That way, it will embrace the zero trust architecture.  

Legacy Infrastructure

Some legacy infrastructure and network devices lack authentication models for modifications to contextual usage. It is the very reason they can’t be zero trust edge aware. In addition, all zero trust implementations require a layered approach to enable systems. 

Organizations must weigh their options carefully before venturing into a zero-trust architecture. Monitoring behavior within a non-compatible application comes with limitations. They only get to monitor external interactions of the legacy device. On the flip side, having an accurate infrastructure inventory comes with benefits. Zero trust expects that administrators have a handle on all corporate infrastructures, from users to devices, data, applications, and services. It also requires where these resources reside. With all these in place, center administrators possess the power to detect and respond to cybersecurity threats promptly.  

The best way to approach the zero trust architecture is to conduct a thorough investigation. IT and security teams need to ensure that the network technologies of the organizations comply with the architecture. Trust models work strictly on keys or passwords with no dynamic models for authentication modifications.  

Security teams also need to navigate through the aggressive claims of vendors, extensively testing against its use cases, and ensuring product verification is top-notch for integration without creating vulnerabilities. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。