Skip to content

Identity Lifecycle Management: A Comprehensive Guide

A key part of safeguarding an organization’s critical infrastructure is ensuring that user identities are effectively created, changed, and disabled when employees join the company, shift departments, get promoted, and leave the organization. This is essential for businesses to protect sensitive information. In fact, according to a recent survey[1], 42% of the respondents felt that security gaps in their organizations were the primary area of concern. 

identity lifecycle management
What is Identity Lifecycle Management? 

This is where identity lifecycle management becomes critical for businesses to grant users access to required data. In this blog, we will explore the core concept of identity lifecycle management, how it works, its phases, and its benefits.

Exploring the Concept: What is Identity Lifecycle Management?

Identity Lifecycle Management (ILM) is all about managing user identities from when they join an organization to when they leave. It’s like having a detailed plan to ensure every employee has the right access to the right resources exactly when they need them. By using ILM, companies can boost security, streamline operations, and stay on top of regulatory requirements, ensuring everything runs smoothly and securely.

So, what does the identity lifecycle management really include? Think of it as three main steps:

  • Getting new users set up (user provisioning)
  • Keeping their access up-to-date as they move around the company (access management)
  • Safely removing their access when they leave (user de-provisioning)

User provisioning ensures new hires have everything they need from day one. Access management adjusts permissions as employees’ roles change, and user de-provisioning ensures access is promptly and securely revoked when someone leaves. This holistic approach minimizes risks and keeps unauthorized access at bay, ensuring a secure and compliant environment throughout the user’s journey in the organization.

How Does Identity Lifecycle Management Work?

Identity Lifecycle Management (ILM) is a structured process that manages user identities throughout the user’s entire journey within an organization, from joining to departure. Here’s a straightforward look at how ILM works:

1. User Provisioning

The ILM process begins with user provisioning. When a new employee joins the company, their digital identity is created. This means setting up their login credentials, assigning them to the right teams, and granting them access to the necessary tools and resources. Automated workflows often handle this step, ensuring that new hires are ready to go from day one without any hitches.

2. Access Management

Once the new user is set up, the focus shifts to access management. This involves maintaining and adjusting access permissions as the user’s role evolves within the company. For example, if someone gets promoted or moves to a different department, their access rights need to be updated to match their new responsibilities. Access management ensures that users have the appropriate level of access—just enough to do their job, but no more. This minimizes security risks and keeps everything running smoothly.

3. Monitoring and Reporting

Continuous monitoring and reporting are crucial for ensuring that the ILM process is effective and secure. This step involves tracking user activities, access patterns, and any anomalies that might indicate security issues. Regular reports help in auditing access controls, identifying potential risks, and ensuring compliance with security policies. By keeping a close eye on user activities, organizations can quickly respond to any suspicious behavior and maintain a high level of security.

4. User De-provisioning

The final phase is user de-provisioning, which happens when an employee leaves the organization. It’s critical to revoke their access promptly to protect the company’s data and systems. Automated de-provisioning processes ensure that this is done quickly and thoroughly, preventing any former employees from accessing company resources after their departure.

Key Identity Lifecycle Management Features and Functions

Effective Identity Lifecycle Management (ILM) relies on a set of essential features and functions that streamline the management of user identities throughout their lifecycle. Here are the key components that make ILM indispensable for modern organizations:

1. Automated User Provisioning

Automated user provisioning ensures new employees are set up quickly and accurately with the necessary access rights and permissions. This automation reduces errors, saves time, and enables new hires to be productive from day one.

2. Role-Based Access Control (RBAC)

Role-based access control (RBAC) allows organizations to assign permissions based on the roles within the company. This ensures that employees have the appropriate level of access required for their job functions, enhancing security and efficiency.

3. Access Review and Certification

Regular access reviews and certifications are crucial for maintaining up-to-date access controls. This feature involves periodic audits of user permissions to ensure they align with current job roles and responsibilities, helping to prevent unauthorized access.

4. Self-Service Password Management

A user-friendly feature that enhances productivity is self-service password management. It allows users to reset their passwords and manage their credentials without needing IT support, reducing downtime and easing the burden on IT teams.

5. Monitoring and Reporting

Continuous monitoring and detailed reporting are essential for maintaining a secure and compliant ILM system. This feature tracks user activities and access patterns to identify irregularities or potential security threats, with regular reports providing insights into access controls and compliance status.

6. Audit and Compliance Management

ILM systems include strong audit and compliance management features to help organizations meet regulatory requirements. These tools provide detailed logs of user activities, access changes, and system modifications, ensuring preparedness for audits and demonstrating adherence to industry standards.

7. User offboarding

Secure user offboarding is critical when an employee leaves the organization. This feature ensures that all access rights are promptly revoked and the user’s digital identity lifecycle is effectively terminated, preventing any residual access and safeguarding against potential security breaches.

8. Integration with Existing Systems

Effective ILM solutions seamlessly integrate with existing IT infrastructure, including HR systems, directories, and various applications. This integration ensures that identity management processes are cohesive and streamlined across the organization.

The Importance of Identity Lifecycle Management (ILM)

The importance of ILM in modern organizations cannot be overstated. Here are five key reasons why ILM is essential:

  • Operational Productivity: The benefits of automated ILM include streamlined processes for user onboarding, access management, and de-provisioning, which save time and reduce administrative overhead.
  • Regulatory Compliance: ILM helps organizations comply with industry regulations and standards by maintaining accurate and up-to-date access controls and audit logs.
  • Improved User Experience: Automated ILM provides users with quick and efficient access to necessary resources, improving overall productivity and satisfaction.
  • Risk Mitigation: Continuous monitoring and regular access reviews identify and address potential security risks, ensuring a secure IT environment.

Identity Lifecycle Management Best Practices

Implementing best practices in identity lifecycle management ensures a secure, efficient, and compliant system. Here are some key practices to follow:

  • Automate the ILM Process: Automating the identity lifecycle management process helps streamline user provisioning, access management, monitoring, and de-provisioning, reducing errors and administrative burdens.
  • Regular Access Reviews: Conduct regular access reviews to ensure users have appropriate permissions. This helps in maintaining security and compliance by identifying and rectifying any unauthorized access.
  • Strong Authentication Mechanisms: Implement strong authentication methods, such as multi-factor authentication (MFA), to enhance security across the identity lifecycle phases.
  • Enforce the Least Privilege Principle: Apply the principle of least privilege by ensuring users have the minimum level of access required to perform their tasks. This minimizes the risk of unauthorized access and potential security breaches.
  • Comprehensive Monitoring and Reporting: Utilize continuous monitoring and detailed reporting to track user activities and access patterns. This enables quick identification and response to any anomalies or security threats.

The identity lifecycle management phases include onboarding (user provisioning), access management, monitoring and reporting, and offboarding (user de-provisioning). Following these best practices across each phase ensures a secure identity lifecycle management framework.

The Difference Between ILM and Privileged Access Management

Identity Lifecycle Management (ILM) and Privileged Access Management (PAM) are both crucial for keeping an organization secure, but they focus on different things. ILM is all about managing every user’s identity from the day they join the company to the day they leave. It makes sure everyone has the right access to do their job and nothing more, covering tasks like setting up new user accounts, adjusting permissions as roles change, and revoking access when someone leaves.

On the other hand, Privileged Access Management (PAM) is specifically about handling accounts that have elevated access rights – think of admin accounts that can make significant changes to systems or access sensitive data. PAM’s job is to keep these high-level accounts under strict control and constant watch, using tools like session monitoring and secure storage for credentials to prevent misuse.

In short, while ILM looks after the lifecycle of all user identities, ensuring smooth and secure access throughout, PAM zeroes in on the more sensitive, high-risk accounts that need extra security measures. Both play vital roles but focus on different aspects of managing and securing user access.

Streamline Identity Lifecycle Management with Scalefusion OneIdP

Scalefusion OneIdP enables businesses to enhance their security posture through comprehensive identity, access, and endpoint management. It features efficient single sign-on (SSO) capabilities, advanced conditional access controls, and seamless integration with existing directory services.

By leveraging these capabilities, Scalefusion OneIdP simplifies the identity lifecycle management process while improving security and compliance, making it a vital tool for modern organizations.

Explore OneIdP, a UEM-integrated identity and access management solution, to minimize your attack surface.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

ESET Research discovers NGate: Android malware, which relays NFC traffic to steal victim’s cash from ATMs

  • Attackers combined standard malicious techniques – social engineering, phishing, and Android malware – into a novel attack scenario; ESET suspects that messages impersonating Czech banks were sent to random phone customers in Czechia, and they caught customers of three banks. 
  • According to ESET Brand Intelligence Service data, the group had operated since November 2023 in Czechia, and, as of March 2024, the rating of the group’s techniques improved via the deploying of the NGate Android malware.
  • Attackers were able to clone NFC data from victims’ physical payment cards using NGate, and relay this data to an attacker’s device, which was then able to emulate the original card, and withdraw money from an ATM.
  • This is the first time we have seen Android malware with this capability being used in the wild, and without the victims having had their devices rooted.

BRATISLAVA, KOŠICEAugust 22, 2024 — ESET researchers uncovered a crimeware campaign that targeted clients at three Czech banks. The malware used, which ESET has named NGate, has the unique ability to relay data from victims’ payment cards via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. The primary goal of this campaign was to facilitate unauthorized ATM withdrawals from the victims’ bank accounts. This was achieved by relaying near field communication (NFC) data from the victims’ physical payment cards, via their compromised Android smartphones, by using the NGate Android malware, to the attacker’s device. The attacker then used this data to perform ATM transactions. If this method failed, the attacker had a fallback plan to transfer funds from the victims’ accounts to other bank accounts.

“We haven’t seen this novel NFC relay technique in any previously discovered Android malware. The technique is based on a tool called NFCGate, designed by students at the Technical University of Darmstadt, Germany, to capture, analyze, or alter NFC traffic; therefore, we named this new malware family NGate,” says Lukáš Štefanko, who discovered the novel threat and technique.

Victims downloaded and installed the malware after being deceived into thinking they were communicating with their bank and that their device was compromised. In reality, the victims had unknowingly compromised their own Android devices by previously downloading and installing an app from a link in a deceptive SMS message about a potential tax return.

It’s important to note that NGate was never available on the official Google Play store.

NGate Android malware is related to the phishing activities of a threat actor that has operated in Czechia since November 2023. However, ESET believes these activities were put on hold following the arrest of a suspect in March 2024. ESET Research first noticed the threat actor targeting clients of prominent Czech banks starting at the end of November 2023. The malware was delivered via short-lived domains impersonating legitimate banking websites or official mobile banking apps available on the Google Play store. These fraudulent domains were identified through the ESET Brand Intelligence Service, which provides monitoring of threats targeting a client’s brand. During the same month, ESET reported the findings to its clients.

The attackers leveraged the potential of progressive web apps (PWAs), as ESET reported in a previous publication, only to later refine their strategies by employing a more sophisticated version of PWAs known as WebAPKs. Eventually, the operation culminated in the deployment of NGate malware.

In March 2024, ESET Research discovered that NGate Android malware became available on the same distribution domains that were previously used to facilitate phishing campaigns delivering malicious PWAs and WebAPKs. After being installed and opened, NGate displays a fake website that asks for the user’s banking information, which is then sent to the attacker’s server.

In addition to its phishing capabilities, NGate malware also comes with a tool called NFCGate, which is misused to relay NFC data between two devices – the device of a victim and the device of the perpetrator.  Some of these features only work on rooted devices; however, in this case, relaying NFC traffic is possible from non-rooted devices as well. NGate also prompts its victims to enter sensitive information like their banking client ID, date of birth, and the PIN code for their banking card. It also asks them to turn on the NFC feature on their smartphones. Then, victims are instructed to place their payment card at the back of their smartphone until the malicious app recognizes the card.

In addition to the technique used by the NGate malware, an attacker with physical access to payment cards can potentially copy and emulate them. This technique could be employed by an attacker attempting to read cards through unattended purses, wallets, backpacks, or smartphone cases that hold cards, particularly in public and crowded places. This scenario, however, is generally limited to making small contactless payments at terminal points.

“Ensuring protection from such complex attacks requires the use of certain proactive steps against tactics like phishing, social engineering, and Android malware. This means checking URLs of websites, downloading apps from official stores, keeping PIN codes secret, using security apps on smartphones, turning off the NFC function when it is not needed, using protective cases, or using virtual cards protected by authentication,” advises Štefanko.

For more technical information about the novel NFC threat, check out the blogpost “NGate Android malware relays NFC traffic to steal cash” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Overview of the attack

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

What is WebAuthn? A deep dive into passwordless authentication

We’re sorry, passwords – you’re just not enough anymore

There was a time when passwords were our go-to for authentication. When they were made strong, they were reliable, tough to guess, and hard to crack. These days, however, with hackers using highly sophisticated phishing tactics and advanced password-cracking algorithms, passwords have been reduced to a weak link in our security practices. Sad but true.

And so, it’s time for us to explore better options for protecting our accounts and data. This means moving to a passwordless approach, which might sound a bit daunting but can actually make things more secure and user-friendly. Let us explain a bit more.

Limitations of password-based authentication

An average internet user has around 170 online accounts. Let’s suppose you have fewer, say, 40 accounts. Even then, once you start using a strong, 16-character password for each and every one of those accounts, you’ll quickly see it’s not a convenient method of ensuring online protection. And the problem is, it’s not so safe anymore, either.

According to Verizon’s 2023 Data Breach Investigations Report, stolen credentials are among the top three main methods of accessing organizations. This happens for a few reasons. First, many people reuse passwords across multiple accounts, so if one account is compromised, it can lead to others being at risk, too. Second, a lot of people use weak passwords that are easy to guess or crack. Third, cybercriminals trick users into revealing their login details through phishing. Additionally, many users don’t use multi-factor authentication (MFA), which normally provides an extra layer of security when hackers get ahold of their login credentials.

With these security concerns in mind, some organizations have explored the possibility of getting rid of passwords altogether and replacing them with something better. This brings us to WebAuthn.

What is WebAuthn, exactly?

Developed by the World Wide Web Consortium (W3C) in collaboration with the FIDO Alliance, WebAuthn is a web standard for secure authentication based on public-key cryptography. In simpler terms, WebAuthn allows users to log in to websites without using passwords, instead relying on biometrics, security keys, or other authenticators like passkeys.

The main goal of WebAuthn is to provide a more secure alternative to passwords, creating a safer online environment and significantly reducing the risk of phishing and other cyberattacks. Importantly, WebAuthn is backed by major web browsers and platforms, so you get a seamless and secure experience no matter what device or service you’re using.

So, how does WebAuthn work?

The process is pretty straightforward, and once you know the steps, you can easily visualize WebAuthn in action. Here’s how it works in a nutshell:

  1. Signing up: When you register for a service, the server sends a random value (also known as a “challenge”) to your device.

  2. Creating keys: Your device uses this challenge to generate a pair of keys: a public key, which is sent to and stored on the server, and a private key, which remains safely on your device.

  3. Logging in: Each time you log in, the server sends a new challenge. Your device encrypts this challenge with the private key, and the server verifies the encrypted data using the public key it has stored.

The whole idea is to keep your private key safe, even if the server gets hacked. This way, unauthorized parties can’t get access because the private key never leaves your device.

 

The benefits of WebAuthn

The WebAuthn standard is a real game-changer for everyone involved, though the benefits vary depending on whether you’re an end-user or a business. So, let’s now break down what each side can potentially gain and dive into how WebAuthn can help both hit a home run.

End-users

The biggest benefit for users is how much easier and quicker logging in becomes. No more hassle with complex passwords – often, it’s just one click to get into your accounts. And you don’t have to stress about security, either. WebAuthn boosts your privacy by using advanced cryptography, making it nearly impossible for cybercriminals to get into your accounts. Plus, it seriously cuts down on the risk of password theft and phishing attacks.

Businesses

For businesses, WebAuthn is a way to fight off the growing threat of credential-based cyberattacks. By adopting this standard, organizations can enhance their security posture with minimal disruption, as WebAuthn integrates smoothly with existing systems and workflows. This transition also translates into cost savings and improved operational efficiency by reducing password-related support requests. Not to mention the fact that businesses that implement WebAuthn can elevate their reputation by being seen as security-conscious.

WebAuthn in practice – popular use cases

Thanks to organizations like the FIDO Alliance, WebAuthn is gaining traction across many different sectors. In e-commerce, it’s revolutionizing the way customers log in and pay, making transactions more secure and smoother. Banking institutions have started to use WebAuthn to safeguard online transactions and account access, adding a robust defense against unauthorized access. Social media sites are also jumping on board, using WebAuthn to fend off phishing attacks and streamline the login process for their users. There are many other industries where WebAuthn has made a significant impact, which is why it’s becoming a technology that might soon make passwords a relic of the past.

Challenges and limitations

This might sound a little bold, but there are no major challenges or limitations when dealing with WebAuthn. While there might be some obstacles, they can be easily addressed with common-sense actions or by using available tools. Let us explain.

First, for WebAuthn to work properly and provide the right level of security, biometric data must be handled with the utmost care, ensuring it is protected against unauthorized access and misuse. This is a straightforward practice and essential for maintaining user trust. Though some might find this a big challenge, it is manageable with current security protocols and best practices, making it more of a standard requirement than a hurdle.

Second, some might argue that reliance on biometric devices may not be universally available or convenient for all users. However, as biometric technology becomes more prevalent in our digital lives, this concern is diminishing. NordVPN’s survey shows that more than 50% of Americans use biometrics daily, while other research indicates that over 80% of smartphones have biometric capabilities. So, we’re on track to make it a global standard.

Third, some claim that implementing passwordless solutions can be complex for developers, requiring companies to make significant investments and extra effort. However, there are already tools available that simplify this process, enabling businesses to implement password-free logins based on passkeys with ease. One such tool is Authopia.

Introduce passwordless logins for your customers today

Dedicated to helping organizations make passwordless options part of their login experience, we’ve created a tool called Authopia that allows them to easily add a passkey widget to their website or service.

It’s super simple to use: you just grab the pre-written code, have someone with basic IT knowledge implement it, register your product with Authopia, and voilà – you’ve got a passkey option available for your customers. It’s quick, efficient, and doesn’t require a big investment or the hiring of additional IT specialists. So, if you want to be ahead of the curve and enhance your login experience, consider giving Authopia a try.

If you need more info on going passwordless, check out our other materials, like the one where we compare passwords and passkeys to help you decide which is best.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

What is CISO-approved backup?

Background of Keepit’s CISO Kim Larsen

My journey into cybersecurity started long ago when I was a police officer. I was working in serious crime investigation, which then took me to the internet as the world went to cyber, and eventually I joined the intelligence service in Denmark as CSO. After that, I was working with NATO and the EU as a delegate to the security committees.

This background has been incredibly beneficial as it taught me to handle crises, assess risks, and maintain a certain calmness under pressure. These skills are vital in the cybersecurity world, where threats are ever-present and evolving daily. As a police officer, I was trained to see risks that others might overlook, and this perspective has been invaluable in my career role as a CISO.

Understanding the cybercrime landscape

One of the significant challenges in cybersecurity, as I see it, is the dynamic nature of cybercrime. Criminals can constantly change their tactics and crime scenes, making it difficult to combat them. Therefore, it’s crucial to have a strong collaboration between governments and enterprises to prevent these crimes effectively. The cooperation between different sectors is vital because cybersecurity threats don’t respect borders, and international collaboration is often required to address them.

Having the right level of security is key to earning customer trust.

The critical role of a CISO in backup solutions 

At Keepit, we recognize that we are the last line of defense for an enterprise. When everything else fails, businesses rely on their backup systems to recover and continue operations. This is why backup solutions need to be robust, reliable, and secure. My role involves ensuring that we stay ahead of compliance regulations, understand the threats we face, and mitigate those risks effectively. 

Bringing backup to the forefront 

Traditionally, backup systems have been viewed as something in the corner (or quite literally the basement), often neglected until disaster strikes, where it’s hoped everything will work for a recovery.

However, I believe that backup solutions, like those provided by Keepit, should be brought to the forefront of an organization’s strategy. Our solution ensures that data is not only backed up but secure, readily accessible, and restorable, aligning with the critical needs of modern enterprises, such as ensuring business continuity and compliance even in the face of disruptions.

Backup systems aren’t just an IT concern but should be a significant consideration for management, C-level, and the board. Regular testing and daily engagement with backup solutions are essential to ensure they are ready when they are desperately needed — after an attack or other data loss event. 

The Keepit approach to backup 

At Keepit, we provide backup solutions for software-as-a-service (SaaS) environments. This means that we back up data and allow businesses to work live with the information, whether it’s a regional backup or a cloud backup. One of the key features of our solution is the ability to reverse cloud backups to local backups. This ensures that businesses can always access their data, even if they lose connection to their cloud provider, such as Microsoft, Google, or Amazon. This dual approach provides a significant advantage in terms of compliance and business continuity. 

Security measures and certifications 

We pride ourselves on using a well-proven, robust data center solution and maintaining rigorous security standards. Our security measures are based on ISO 27001 certification, which, while not providing security on its own, assures our customers that the entire Keepit organization lives up to the highest international security standards and ensures that we have the necessary controls in place. We focus on maintaining strict control over access, keeping IDs updated, and ensuring that only authorized personnel have access to our servers. 

Identity management and zero trust 

Credential management is critical in cybersecurity. While the concept of zero trust is often more theoretical, we strive to implement as many controls as possible to minimize risks.  To me, zero trust is mostly theory because I don’t think anyone has total control over all of the processes in their infrastructure. For a deeper understanding of zero trust principles, you can refer to the NIST Zero Trust Architecture

So, my advice is to build a control framework that, first of all, protects your critical assets and ensures that you have identified and protected those frameworks of controls that work. By doing that you also map what you might not have sufficient control over, be aware of that, and then protect it even more than you do with the rest of your assets.

It’s essential to understand which assets you need to protect the most and to build a governance framework around those assets. This approach helps in identifying and safeguarding the crown jewels of your enterprise; it’s all about asset identification.

He who defends everything, defends nothing.

Frederick the Great

Compliance and regulations 

Compliance with regulations is a global concern. Whether it’s GDPR or NIS2 compliance in Europe or other data protection laws in the US like DORA (Digital Operational Resilience Act) and others around the world, businesses need to be aware of and comply with these regulations. It’s not just about having a certificate; it’s about living the compliance regulations and integrating them into the enterprise culture. Trust is paramount in our industry, and if customers don’t trust us, they won’t buy our services. 

The impact of AI and future threats 

Artificial Intelligence is rapidly changing the threat landscape. The ability of AI to mimic human behavior and infiltrate systems is a growing concern. It’s crucial to know where your data is and ensure it’s adequately protected. This includes being cautious about using public AI services and understanding what data can be shared and what must remain secure. 

Data management challenges 

One of the biggest challenges in data management is knowing where your data is and how it’s protected. This includes understanding where data is stored when it’s in the cloud, how it’s transported, and how employees share it. Most data breaches occur due to unintentional data sharing rather than malicious intent. Therefore, it’s essential to provide clear guidelines and establish a framework that aligns with how employees work. 

Balancing security and collaboration 

The foundation of any business is data sharing, but this must be balanced with security needs. Over-classification of data can impede collaboration and productivity. It’s about finding the right balance where security measures protect the most critical data while allowing for effective collaboration within the organization. 

The importance of regular testing 

A backup solution is only as good as its last test. Regular testing ensures that the backup system is functional and ready to be deployed when needed. It’s essential to integrate this testing into the daily operations of the organization rather than waiting for a disaster to strike. 

Conclusion 

A CISO-approved backup solution is one that is robust, reliable, and secure. It involves regular testing, strong compliance with regulations, effective identity management, and a balanced approach to data security and collaboration. If you have active backup that is also used on a daily basis for file recovery, for example, the chance that it works and that your organization knows how to use it is significantly raised in case of a large-scale incident. 

CybersecurityData protectionBusiness continuityCompliance

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

ESET Research discovers financial fraud using novel phishing method tailored to Android and iPhone users

  • Standard phishing delivery techniques were combined with a novel method of phishing, targeting Android and iPhone (iOS) users via PWAs, and on Android also via WebAPKs, ESET Research discovers.
  • Installations of PWA/WebAPK applications do not include warnings to the user concerning the installation of a third-party application.
  • On Android, these phishing WebAPKs even appear to have been installed from the Google Play store.
  • Most of the observed applications targeted clients of Czech banks, but ESET also spotted  apps targeting banks in both Hungary and Georgia.
  • Based on the C&C servers utilized, and the backend infrastructure, ESET concludes that two different threat actors were operating the campaigns.
  • ESET notified the victims’ banks in order to protect them, and assisted with the takedowns of multiple phishing domains and C&C servers.

BRATISLAVA, PRAGUEAugust 20, 2024 — ESET Research discovered an uncommon type of phishing campaign targeting mobile users, and analyzed a case observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. On Android, this could result in the silent installation of a special kind of APK, which even appears to be installed from the Google Play store. The threat targeted iPhone (iOS) users as well.

The phishing websites targeting iOS instruct victims to add a Progressive Web Application (PWA) to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser. At this point, on both operating systems, these phishing apps are largely indistinguishable from the real banking apps that they mimic. PWAs are essentially websites bundled into what feels like a stand-alone application, with this feeling being enhanced by the use of native system prompts. PWAs, just like websites, are cross-platform, which explains how these PWA phishing campaigns can target both iOS and Android users. The novel technique was observed in Czechia by ESET analysts working on the ESET Brand Intelligence Service, which provides monitoring of threats targeting a client’s brand.

“For iPhone users, such an action might break any ‘walled garden’ assumptions about security,” says ESET researcher Jakub Osmani, who analyzed the threat.

ESET analysts’ discovery of a series of phishing campaigns, targeting mobile users, used three different URL delivery mechanisms. These mechanisms include automated voice calls, SMS messages, and social media malvertising. The voice call delivery is done via an automated call that warns the user about an out-of-date banking app, and asks the user to select an option on the numerical keyboard. After  the correct button is pressed, a phishing URL is sent via SMS, as was reported in a tweet. Initial delivery by SMS was performed by sending messages indiscriminately to Czech phone numbers. The message sent included a phishing link and text to socially engineer victims into visiting the link. The malicious campaign was spread via registered advertisements on Meta platforms like Instagram and Facebook. These ads included a call to action, like a limited offer for users who “download an update below.”

After opening the URL delivered in the first stage, Android victims are presented with two distinct campaigns, either a high-quality phishing page imitating the official Google Play store page for the targeted banking application, or a copycat website for that application. From here, victims are asked to install a “new version” of the banking app.

The phishing campaign and method are possible only because of the technology of progressive web applications. In short, PWAs are applications built using traditional web application technologies that can run on multiple platforms and devices. WebAPKs could be considered an upgraded version of progressive web apps, as the Chrome browser generates a native Android application from a PWA: in other words, an APK. These WebAPKs look like regular native apps. Furthermore, installing a WebAPK does not produce any of the “installation from an untrusted source” warnings. The app will even be installed if installation from third-party sources is not allowed.

One group used a Telegram bot to log all entered information into a Telegram group chat via the official Telegram API, while another used a traditional Command & Control (C&C) server with an administrative panel. “Based on the fact that the campaigns used two distinct C&C infrastructures, we have determined that two separate groups were operating the PWA/WebAPK phishing campaigns against several banks,” concludes Osmani. Most of the known cases have taken place in Czechia, with only two phishing applications appearing outside of the country (specifically in Hungary and Georgia).

All sensitive information found by ESET research on this matter was promptly sent to the affected banks for processing. ESET also assisted with the takedowns of multiple phishing domains and C&C servers.

For more technical information about this novel phishing threat, check out the blogpost “Be careful what you pwish for – Phishing in PWA applications” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

End-of-life assets: managing risks in outdated technology

Make new friends, but keep the old: one is silver, the other gold.

Despite enormous advances within information technology, security practitioners are still plagued by common problems. Advances in cybersecurity defenses and overall security awareness are helpful, but organizations still struggle with end-of-life (EOL) assets scattered across the attack surface. This can be a surprisingly difficult problem to solve and, most importantly, from the attacker’s perspective, EOL assets still provide easy footholds into an environment.

End-of-life is not the end

All of the system hardening and security patches in the world cannot protect a system that is not updated to use those features. System vendors generally provide patches and updates for a limited timespan. After that point, end users must invest in an upgrade to a newer version of the system or fend for themselves and hope for the best with an EOL, outdated asset lurking on the attack surface.

EOLed systems often stick around for years, mostly forgotten but still part of an organization’s infrastructure and, therefore, its attack surface. New vulnerabilities are still discovered and exploited in these outdated systems as the April 2024 D-Link NAS issue illustrated. Despite the known exposure, being EOL means that fixes will not be forthcoming.

While this may seem like an academic exercise, EOLed systems are surprisingly common. Our findings show many still-active EOLed operating systems in various environments.

Operating system end-of-life

Operating systems typically have multiple phases of vendor support, referred to as a support lifecycle. The duration of the lifecycle and services provided in various stages vary from vendor to vendor, usually tapering off with fewer updates and patches in later stages.

The two phases we are most concerned with are:

  • Mainstream support during which vendors release patches that may add new features, fix bugs, or mitigate security vulnerabilities.

  • Extended support during which only critical bugs and vulnerabilities are addressed.

While some vendors’ terminology and phases may slightly differ, generally speaking, most support lifecycles can be broadly mapped to these two phases.

When a vendor stops providing upgrades for non-critical issues, the product is considered in an “End-of- Life” (EOL) status. There may be an additional period known as “Extended-End-of-Life” (EEOL) during which the vendor continues to provide updates for critical issues. EOL and EEOL can happen concurrently or separately depending on the system and the vendor. Most importantly, after EOL, systems no longer receive critical updates or security patches, and thus become much greater risks to keep around.

But around they are! Systems have a long tail: if they still work, replacing them with a supported alternative may be more trouble than it’s worth. In some cases, the responsible staff can’t or won’t; in others, the system may host critical functions that are not supported on newer systems. Uptime guarantees and financial considerations may also play a role.

When we look at our sample data for operating systems that are past their extended EOL dates, we see that chart toppers are a pretty even split between Windows and various Linux distributions:

FIGURE 1 – Top OS past extended EOL.

The presence of Ubuntu 18.04 isn’t surprising as it only reached Extended EOL just over a year ago in June of 2023. Ubuntu is often a go-to Linux distribution for businesses and home users alike as well as very popular in cloud environments. Windows Server 2012 R2 is also unsurprising; it reached extended EOL only very recently, in October of 2023. While running an OS a year past extended EOL is unfortunate, it’s not unusual for server migrations to drag on past EOL dates due to logistical and compatibility concerns.

The next major group is composed of various Windows 10 releases that, were they combined, would dominate the chart at 21.55%. Most of these are running the Windows 10 21H2 which reached extended EOL very recently in June 2024. Windows 10 was originally released in July of 2015. Microsoft has generally released two major updates for it every year since. Typically, updates released in the first half of the year are supported for 18 months and those released in the second half are supported for 30 months. There are some variations on this theme, with Long-Term Servicing Channel (LTSC) editions, for example, having longer lifespans. Windows 10 22H2 is the final version of Windows 10 and will reach extended EOL in October 2025.

FIGURE 2 – Windows 10 past extended EOL.

Exposed systems past extended EOL

While operating systems outside of their extended lifespans are always worth looking into, those with exposure to an external attack surface are particularly worrisome. Of all systems exposed to an external attack surface and for which EOL data was available, 15.99% were past their extended EOL dates. That means that roughly 16% of all devices exposed to external attackers are probably not receiving security updates.

For server operating systems specifically, when we group them by family, we see that the largest block are Windows hosts. The percentage may be higher than expected based on Figure 1 above. This is due the long tail of various Windows Server versions going back to Server 2008 R2.

FIGURE 3Server operating systems with external attack surface exposure, past extended EOL.

Case study: the Boa web server

The Boa webserver is an open source web server designed to have low resource requirements for users and to be compatible with embedded applications. The last official release of the Boa webserver, version 0.94.14rc21, was in February of 2005. For comparison, the Colts have won a Super Bowl more recently than the latest release of the Boa web server, and the Colts haven’t won a Super Bowl since 2007!

There are known vulnerabilities in Boa that have been exploited in critical infrastructure in the past. For example, in November 2022, Microsoft disclosed that Boa web servers in Internet-of-Things (IoT) devices were a common attack vector against power grids in India.

While it is relatively easy for an administrator to determine if a server is running Boa, it is much harder to detect in an embedded device. Boa is common in embedded devices like security cameras and IP phones that are widely deployed in enterprise networks. Therefore, curating an accurate inventory of an organization’s embedded devices, not just servers, that are running Boa is critical for protecting these networks.

FIGURE 4Boa web server version distribution in runZero data. 

Embedded devices running Boa 
Network-attached camera92.3%
Media & telephony devices5.5%
Environmental control devices0.9%
Network devices0.9%
Industrial control devices0.3%

FIGURE 5 – Device types still running Boa in sample runZero data.

New-Old Friends

We’d be remiss if we didn’t mention common operating systems that will reach extended EOL soon. If any of these operating systems are running in your environment, we strongly recommend that you start planning for replacement or mitigation sooner rather than later.

FIGURE 6 – Common OS approaching extended EOL.

Final Thought

The prevalence of EOL systems within organizational networks remains a significant security concern. Despite advancements in security technology and practices, these outdated assets continue to provide attackers with easy entry points. Addressing this issue requires a proactive approach to asset discovery, exposure mitigation, and vigilant attack surface management to ensure that all components of your network, regardless of age, are secure and up-to-date.

runZero customers can find assets that are past their extended EOL by using the Policy: Extended End-of-Life operating systems canned query. You may need to add the OS EOL Ext. column in the Asset inventory in order to view the value.

Don’t forget to download the runZero Research Report to learn more about the state of asset security.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Subnets. What is a subnet? How does it work?

Subnetting is the process of dividing a network into several smaller, independent subnets. Each subnet is a portion of the core network that follows a specific logic. We know the definition of the use of subnets in local networks that we could use in our company, y, since the benefits of using subnetting are several:

  • Increase of network performance: The amount of data traffic on a network with subnets is reduced, as traffic can be directed only to the necessary subnet. This also decreases broadcast traffic (packets that are sent to all devices on the network), being able to send them only to specific subnets.
  • Improved network security: Subnets may be isolated from each other, making it easier to establish boundaries between different network segments by means of a firewall.
  • Ease of network management: Having multiple subnets increases flexibility in network management compared to working with a single network.

Content:

Process for creating subnets

Before you start creating subnets, it is important to know three key concepts:

  • Original IP Address: This is the base IP address from which you will start to create the necessary subnets. IPv4 addresses are divided into classes (A, B, C, D and E). In LAN networks, Class A (10.0.0.0 – 10.255.255.255), Class B (172.16.0.0 – 172.31.255.255), or Class C (192.168.0.0 – 192.168.255.255) addresses are generally used.
  • Subnet Mask: It indicates which part of the IP address corresponds to the network and subnet number and which part corresponds to hosts. In addition, it also tells devices to identify whether a host is within a local subnet or comes from a remote network.
  • Broadcast address: It is the highest address of a subnet and allows simultaneous traffic between all nodes of a subnet. A packet sent to the broadcast address will be sent to all subnet devices.

Once these concepts are clear, you may begin to calculate the subnets.

  • Choosing the source IP address: The choice of this source IP for a local network will usually be class A, B or C and will depend on the number of hosts you need on your network. For the example, we will use the class C address 192.168.1.0/24.
  • Determining the number of subnets: You need to decide how many subnets you wish or need to create. The more subnets, the fewer IP addresses will be available to hosts. In our example we will create 4 subnets.
  • Subnet Mask Calculation: Starting from the IP 192.168.1.0/24, where /24 indicates that we use 24 bits for the subnet, which leaves 8 bits for the hosts. This translates to binary as:
    11111111.11111111.11111111.00000000
    subnet bits (24) host bits (8)
  • Borrowing bits for subnets: To create subnets, take bits from those available for hosts. The formula to calculate how many bits you need is:
    2^n >= N
    Where N is the number of subnets (4 in our example) and n is the number of bits needed. Here, n equals 2, since: 2^2 >= 4
  • New Subnet Mask: By taking 2 bits from hosts, the new subnet mask will be:
    11111111.11111111.11111111.11000000
    subnet bits (26) / host bits (6)
    This translates to /26 or 255.255.255.192.
  • Assigning source IP addresses for each subnet: Using the two borrowed bits, you get the following combinations:
    192.168.1.0/26
    192.168.1.64/26
    192.168.1.128/26
    192.168.1.192/26
  • Calculating IPs for each subnet: For each subnet, calculate the first and last usable IP address and broadcast address:
    • Subnet 192.168.1.0/26:
      • First IP: 192.168.1.1
      • Last IP: 192.168.1.62
      • Broadcast address: 192.168.1.63
    • Subnet 192.168.1.64/26:
      • First IP: 192.168.1.65
      • Last IP: 192.168.1.126
      • Broadcast address: 192.168.1.127
    • Subnet 192.168.1.128/26:
      • First IP: 192.168.1.129
      • Last IP: 192.168.1.190
      • Broadcast address: 192.168.1.191
    • Subnet 192.168.1.192/26:
      • First IP: 192.168.1.193
      • Last IP: 192.168.1.254
      • Broadcast address: 192.168.1.255

Summarizing in a table:

SubnetFirst IPLast IPMain IPBroadcast IP
192.168.1.0/26192.168.1.1192.168.1.62192.168.1.0192.168.1.63
192.168.1.64/26192.168.1.65192.168.1.126192.168.1.64192.168.1.127
192.168.1.128/26192.168.1.129192.168.1.190192.168.1.128192.168.1.191
192.168.1.192/26192.168.1.193192.168.1.254192.168.1.192192.168.1.255

To make the task of performing these calculations easier, there are online calculators such as this one.

Subnet-to-subnet communication

Although subnets may be part of the same local network, let us not forget that now each subnet is a different network. A router is required for devices on different subnets to communicate. The router will determine whether the traffic is local or remote using the subnet mask.
Each subnet connects to a router interface, which is assigned an IP from those available for hosts. This address will be the default gateway that we will set on the computers in that subnet. All computers must have the same subnet mask (255.255.255.192 in our example).

IPv6 Subnets

Creating IPv6 subnets is different and often less complex than IPv4 ones. In IPv6 there is no need to set aside addresses for a network or broadcast address. Considering that IPv4 sets aside addresses for the main network and the broadcast address in each subnet, these two concepts do not exist in IPv6.

Creating an IPv6 Subnet

An IPv6 Unicast address has 128 bits in hexadecimal format. These 128 bits are divided into the following elements:

  • Global Routing Prefix: The first 48 bits indicate the portion of the network assigned by the service provider to a client.
  • Subnet ID: The next 16 bits after the global routing prefix are used to identify the different subnets.
  • Interface ID: The last 64 bits are the equivalent of the host bits of an IPv4 address. This allows each subnet to support up to 18 quintillion host addresses per subnet.

To create IPv6 subnets, just incrementally increase the subnet ID:
Example:

  • Global routing prefix: 2001:0db8:000b::/48
  • Subnets:
    • 2001:0db8:000b:0001::/64
    • 2001:0db8:000b:0002::/64
    • 2001:0db8:000b:0003::/64
    • 2001:0db8:000b:0004::/64
    • 2001:0db8:000b:0005::/64
    • 2001:0db8:000b:0006::/64
    • 2001:0db8:000b:0007::/64

Point-to-point networks

A point-to-point network is a particular type of network that directly communicates between two nodes, making communication between them easier, since each data channel is used to communicate only between those two devices.

Point-to-point subnets

A point-to-point subnet is a type of subnet with a /31 mask, which leaves only two addresses available to hosts. A broadcast IP is not needed in this type of configuration, as there is only communication between two computers.
These types of networks are usually used more in WAN than in LAN, and have the particularities that they are very easy to configure and at low cost, but they are not scalable nor their performance is the best, since all devices may work as client and server in a single link.

Subnet disadvantages and limitations

Although subnets provide several advantages, they also have limitations:

  • Network design complexity: The initial design and configuration may be challenging, and it is necessary to maintain a clear outline of the whole network for proper maintenance.
  • Waste of IP addresses: Each subnet needs to set aside two IPs (primary address and broadcast address) that cannot be assigned to devices. In addition, if subnets are isolated and all have the same size, unused addresses in one subnet cannot be used in another.
  • Appropriate router required: A router capable of handling the infrastructure is required, increasing complexity in routing tables.

Despite these limitations, the benefits of subnetting often outweigh the disadvantages, making it a common practice for many companies to improve the performance and security of their networks.

What do the different parts of an IP address mean?

This section focuses on IPv4 addresses, which are presented as four decimal numbers separated by periods, such as 203.0.113.112. (IPv6 addresses are longer and use letters and numbers.)
Each IP address has two parts. The first part indicates to which network the address belongs. The second part specifies the device on that network. However, the length of the “first part” changes depending on the network class.
Networks are classified into different classes, labeled A through E. Class A networks can connect millions of devices. Class B and class C networks are progressively smaller. (Class D and Class E networks are not commonly used).

Network Class Breakdown

  • Class A Network: Everything that goes before the first point indicates the network, and everything that goes after specifies the device on that network. If you use 203.0.113.112 as an example, the network is indicated with “203” and the device with “0.113.112.”
  • Class B Network: Everything that goes before the second point indicates the network. If you use 203.0.113.112 again as an example, the network is indicated with “203.0” and the device within that network with “113.112.”
  • Class C Network: In class C networks, everything that goes before the third point indicates the network. If you use the same example, “203.0.113” indicates the class C network, and “112” indicates the device.

Importance of subnets

Building IP addresses makes it relatively easy for Internet routers to find the right network to direct data to. However, on a Class A network, for example, there may be millions of devices connected, and the data may take time to find the right device. That is why subnets are useful: subnets limit the IP address for use within a range of devices.
Since an IP address is limited to indicating the network and address of the device, IP addresses cannot be used to indicate which subnet an IP packet should go to. Routers on a network use something known as a subnet mask to classify data into subnets.

What is a subnet mask?

A subnet mask is like an IP address, but only for internal use within a network. Routers use subnet masks to direct data packets to the right place. Subnet masks are not indicated within data packets traversing the Internet: those packets only indicate the destination IP address, which a router will match to a subnet.

Subnet Mask Example

Suppose an IP packet is addressed to the IP address 192.0.2.15. This IP address is a class C network, so the network is identified with “192.0.2” (or technically, 192.0.2.0/24). Network routers forward the packet to a server on the network indicated by “192.0.2.”
Once the packet reaches that network, a router on the network queries its routing table. It performs binary mathematical operations with its subnet mask of 255.255.255.0, sees the address of the device “15” (the rest of the IP address indicates the network) and calculates which subnet the packet should go to. It forwards the packet to the router or switch responsible for delivering the packets on that subnet, and the packet arrives at IP address 192.0.2.15.
In short, a subnet mask helps routers classify and route traffic efficiently within a large network, thereby improving network performance and organization.

Conclusion

Subnetting is a kay technique for dividing large networks into more manageable subnets, thereby improving network performance, security, and management. Although the process can be complex, online tools and calculators can make it significantly easier. Understanding and effectively applying subnetting is essential for any network administrator.

Market analyst and writer with +30 years in the IT market for demand generation, ranking and relationships with end customers, as well as corporate communication and industry analysis.

Analista de mercado y escritora con más de 30 años en el mercado TIC en áreas de generación de demanda, posicionamiento y relaciones con usuarios finales, así como comunicación corporativa y análisis de la industria.

Analyste du marché et écrivaine avec plus de 30 ans d’expérience dans le domaine informatique, particulièrement la demande, positionnement et relations avec les utilisateurs finaux, la communication corporative et l’anayse de l’indutrie.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

What NordPass can do that OS-specific password managers can’t

It’s not about the name – it’s about functionality

Apple recently made headlines with the launch of Apple Passwords, a new password management app currently in beta for iOS 18 users. Although this is significant news, this isn’t the first time a major tech player has ventured into password management. Microsoft introduced its Windows Credential Manager with Windows XP back in 2001, and it has been a part of every version of Windows since then, continuously updated.

When a big name like Apple releases a new product, there’s always a buzz about it aiming to be the best in its category. However, a big brand name doesn’t always guarantee the best option available—though it doesn’t mean the product is bad either.

So, when it comes to choosing the right password manager, it’s important to look beyond the brand and focus on functionality. To help with that, let’s compare the features of these OS-specific password managers with NordPass and highlight the elements that stand out.

OS-specific password managers vs. NordPass

When comparing NordPass to platform-specific password managers, two key factors to consider are security and ease of use. Let’s dive into these aspects in detail:

Security

Although the core function of all password managers is to keep all passwords safe in one place, it is not that all password managers provide the same level of protection.

Password storage

Microsoft Credential Manager stores passwords locally on your device and encrypts them using the Windows Data Protection API (DPAPI). This setup is convenient for Windows users, but it relies on the security of the Windows operating system itself. Apple Passwords, in contrast, stores passwords in the iCloud Keychain, allowing secure access across all Apple devices.

NordPass takes a slightly different approach by keeping all passwords and other sensitive data in an encrypted cloud vault that can be accessed from any device. Moreover, NordPass uses XChaCha20, an encryption standard known for its exceptional security and performance, to encrypt the data before it is uploaded to the cloud. This ensures that all the information stored in the vault remains fully secure.

The zero-knowledge architecture

The term “zero-knowledge architecture” describes a design where a product is built so that the provider cannot access the user’s data stored in the system or service. Microsoft Credential Manager doesn’t fully follow this approach. Although it encrypts passwords, the encryption keys and processes are managed by Windows, which means Windows itself could potentially decrypt the data.

Apple Passwords uses a version of zero-knowledge with end-to-end encryption. This setup ensures that Apple can’t access your passwords because only your device holds the decryption keys.

NordPass goes all in with zero-knowledge architecture, with encryption and decryption occurring only on the user’s device to ensure that no one—including the NordPass team—can access their passwords.

Safe credential sharing

Microsoft Credential Manager doesn’t offer a built-in way to share passwords, so you have to do it manually, which can be quite risky. Apple Passwords makes sharing easier and more secure by using AirDrop and iCloud, with encryption to protect your credentials during transfer. NordPass, however, offers secure password-sharing features directly in the app, allowing you to share passwords with trusted contacts through encrypted channels.

 

Ease of use

The ease of use for password managers largely depends on their compatibility with your devices and how simple it is to use and manage your stored passwords. Let’s look at how these aspects compare among the OS-specific solutions and NordPass.

Compatibility

Windows Credential Manager is well-integrated with the Windows system but is limited to Microsoft environments. It only supports browser extensions for Internet Explorer and Microsoft Edge, which might be inconvenient for users who prefer other browsers.

The Apple Passwords app works seamlessly across Apple devices like iPhones, iPads, and Macs, and integrates well with various Apple services. It also offers browser extensions for Safari, providing a smooth experience for users within the Apple ecosystem. However, its support for non-Apple platforms and browsers is highly limited.

NordPass offers broad compatibility across multiple operating systems, including Windows, macOS, Linux, iOS, and Android. It also provides extensions for popular browsers like Chrome, Firefox, and Edge, ensuring a consistent experience regardless of the platform or browser you’re using.

Login experience

Microsoft Credential Manager does a decent job with autofill and autosave for Windows apps, but it’s quite basic compared to other options. Apple Passwords excels at autofill and autosave features within the Apple ecosystem. It automatically fills in login details and saves new passwords across Safari and other supported apps, making it easy for users to manage their credentials on Apple devices.

NordPass offers robust autofill and autosave features across various browsers and applications. It ensures that your credentials are automatically filled in and saved as you browse, making password management effortless. NordPass also provides seamless integration with its mobile and desktop apps, enhancing the overall user experience.

Additional features

Some modern password managers do more than just help you manage your passwords – they offer extra features that can boost your cybersecurity and make navigating the online world somewhat easier. However, this isn’t true for all of them.

OS-specific solutions

Microsoft Credential Manager mainly focuses on handling credentials without offering much beyond that. Its key extra feature is support for Windows Hello, which allows you to log in using biometric authentication.

Apple Passwords, on the other hand, provides a wider range of features. It can detect weak, reused, and compromised passwords, generate strong new ones, and sync credentials across Apple devices. It also integrates with two-factor authentication, generating and autofilling verification codes for supported accounts. These features make Apple Passwords a more optimal choice for Apple customers.

NordPass

NordPass includes the features of Apple Passwords, such as password health checks, secure credential sharing, two-factor authentication (2FA), password generation, and data breach alerts. But it also offers some additional benefits:

  • Email Masking: This feature lets users create temporary email addresses for signing up for services or newsletters so that they don’t have to share their real email addresses.

  • Activity Log: With NordPass, businesses can keep an eye on all account access activity across their organizations, making sure that only the right people are getting into the right resources.

  • Data Breach Scanner: Apple Passwords can alert you if your passwords are compromised, and so can NordPass. But NordPass goes a step further with its advanced data breach monitoring tool for businesses. It scans the dark web for any mentions of a company’s credentials and sends instant alerts if its business information is at risk.

  • Company-Wide Settings: NordPass also lets organizations set and enforce a strong password policy for all employees. This ensures everyone uses secure passwords, enhancing overall security.

Additionally, by making it easy to onboard and offboard members, and featuring a user-friendly design that’s easy to navigate, NordPass provides a comprehensive solution that covers a lot of cybersecurity ground. This allows both individual users and organizations to protect themselves more effectively and enjoy greater freedom online.

What are the risks associated with using an OS-specific password manager?

First off, using a password manager tied to a specific OS, like Apple Passwords, can cause issues if you want to sync or access your passwords across different devices, unless they’re all from Apple. This could lock you into one vendor’s ecosystem and make it difficult to switch platforms later without losing access to your passwords. There are also potential security risks if the OS updates, which could affect how the password manager works and lead to compatibility issues or vulnerabilities.

For companies, the problems can be even bigger. Employees on different operating systems might face inefficiencies because there’s no unified solution, leading to downtime and decreased productivity. IT departments would need to manage multiple systems, which can be more complex and require more time to support and maintain. This might also mean extra training, which adds to the costs.

Additionally, since it’s uncommon for all employees to use the same brand of device, enforcing consistent security policies for multiple password managers becomes challenging. This can create security gaps and make it harder to meet some industry standards and data privacy regulations.

Give NordPass a try and form your own opinion

We could go on to explain the differences between NordPass and OS-specific password managers, and point out how we think NordPass excels in terms of security and usability. However, it’s always better to feel the difference rather than just hear about it.

Therefore, we encourage you to try our 14-day free trial for the Business plan (30 days for Premium) and see for yourself how NordPass offers an enhanced password management experience beyond what you might expect from similar tools. We’d be interested to hear your thoughts!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Understanding the differences between DORA and NIS2

Are you prepared for the new cyber storm on the horizon? Major regulatory changes are coming that will impact many European organizations. With the rise of cyber threats in recent years, European governments have introduced new regulations to strengthen the cybersecurity requirements for organizations across industries.

Two major upcoming directives—DORA and NIS2 from the European Union—aim to bolster cyber resilience for essential services. Strengthening defenses is crucial, yet sorting through shifting security rules and standards can feel overwhelming.

While both address improving cyber defenses, these regulations differ in scope and requirements. This guide is here to help you navigate the changes with clarity. We’ll explore the key details of each directive, compare their differences, and discuss how to prepare your organization for compliance.

What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation aimed at ensuring the financial sector within the EU can withstand, respond to, and recover from all types of ICT-related disruptions and threats. It focuses specifically on financial entities like banks, investment firms, and others that provide critical financial services.

The primary goal of DORA regulation is to enhance operational resilience and manage risks associated with third-party service providers. Set to take effect in January 2025, DORA will significantly impact financial sector organizations operating within the European Union.

What is NIS2?

The Revised Network and Information Systems (NIS2) Directive is an updated EU cybersecurity law that expands the scope of its 2013 predecessor. NIS2 broadens the categories of “important” and “essential” entities subject to the regulation beyond just operators of critical infrastructure like energy, transport, banking, financial market infrastructures, and health. 

Essential versus important entities

The directive also imposes new requirements for supply chain security, risk assessments, incident reporting, and third-party risk management. The NIS2 Directive will be enforced starting in October 2024 and apply to any essential service provider operating within the EU.

Why are NIS2 and DORA important?

Attacks can disrupt essential functions and compromise privacy as more services and personal data move online. To mitigate cyber risks, both NIS2 and DORA aim to increase operational resilience and security practices across crucial sectors.

Therefore, the two directives are crucial for businesses due to several compelling reasons:

  • Enhanced cybersecurity. DORA focuses on the financial sector, emphasizing operational resilience and risk management, ensuring financial entities can withstand and quickly recover from cyber incidents. NIS2 applies to a broader range of essential service providers, significantly bolstering their cybersecurity measures.

  • Regulatory compliance. Both directives set strict regulatory requirements. Non-compliance can lead to hefty fines, sanctions, and damage to a company’s reputation. Ensuring compliance helps businesses avoid these financial and legal risks, maintaining a positive standing with regulators and customers.

  • Customer trust & confidence. Compliance with NIS2 and DORA demonstrates a business’s commitment to protecting personal and financial data, fostering trust and confidence among customers. This trust can translate into customer loyalty and a competitive edge in the market.

  • Operational resilience. Both directives aim to enhance the resilience of critical infrastructure. DORA ensures that the financial sector can continue operating smoothly during cyberattacks, whereas NIS2 focuses on ensuring the continuity of services provided by essential entities across various sectors.

  • Supply chain security. NIS2 requires businesses to assess and manage risks associated with their third-party vendors, mitigating potential vulnerabilities. DORA also includes provisions for third-party risk mitigation, ensuring robust measures are in place to manage risks from external service providers.

  • Incident reporting & response. Both NIS2 and DORA mandate comprehensive incident reporting and response mechanisms, ensuring businesses can promptly detect, respond to, and recover from cyber incidents. Regular breach reporting and analysis help improve overall cybersecurity strategies.

  • Harmonized standards. These directives aim to harmonize cybersecurity standards across the EU, creating a more consistent and secure digital environment. This simplifies compliance efforts and ensures businesses operate at the highest security standards across all regions.

  • Future-proofing. As cyber threats evolve, regulatory requirements are likely to become more stringent. By complying with DORA and NIS2, businesses position themselves ahead of the curve, proactively adopting best practices to adapt to future regulatory changes.

Key differences between NIS2 and DORA

Even though NIS2 and DORA directives may seem similar, there are some key differences organizations should be aware of. While both frameworks aim to bolster security, their scopes, sectors, compliance dates, and requirements vary.

  • Scope: DORA applies to financial sector entities within the EU, while NIS2 Directive covers all essential service providers across the EU

  • Sectors: DORA targets the financial sector, whereas NIS2 expands to industries like health, energy, and more

  • Compliance date: DORA is set to take effect in January 2025, while NIS2 Directive goes into effect in October 2024

  • Requirements: DORA regulation emphasizes operational resilience, whereas NIS2 includes comprehensive supply chain reviews and stringent reporting obligations

  • Non-compliance penalties: Entities found non-compliant with DORA may face fines up to 2% of annual global turnover or €1 million for individuals, whereas NIS2 establishes larger fines of up to €10 million or 2% of turnover—whichever is higher—for non-compliance

By recognizing these distinctions, businesses can better navigate their compliance strategies, ensuring they meet the necessary standards and improve their cybersecurity defenses.

Preparing for increased compliance

To effectively prepare for NIS2 and DORA compliance, businesses should take the following steps:

Conduct risk assessments

Perform thorough vulnerability assessments to identify potential vulnerabilities and threats. Evaluate the impact of identified risks on your organization and prioritize mitigation strategies.

Review third-party relationships

Assess the security posture of all third-party vendors and partners and ensure that third-party risk mitigation practices, including regular audits and reviews, are in place.

Develop and document incident response plans

Create detailed incident response plans outlining steps to take during a cybersecurity event; ensure these plans are well-documented and accessible to all relevant personnel.

Implement reporting procedures

Establish clear procedures for reporting security incidents to regulators and stakeholders. Ensure these procedures comply with the requirements of NIS2 and DORA.

Train staff regularly

Conduct regular training sessions on cyber hygiene, focusing on password management and recognizing phishing attempts—provide specialized training on spear phishing and other targeted attack methods.

Document compliance efforts

Maintain thorough documentation of all compliance-related activities and efforts. This documentation demonstrates diligence and can be beneficial during regulatory reviews.

Outsource to experts

Consider outsourcing functions like cloud infrastructure management, security monitoring, or compliance auditing to specialized service providers. Leveraging expert services can reduce the burden on in-house teams and ensure higher compliance standards.

Audit & update regularly

Schedule regular internal audits to review compliance status and identify areas for improvement. Stay updated on changes in regulatory requirements and adjust your strategies accordingly.

Engage with regulatory bodies

Maintain open communication with relevant regulatory bodies to stay informed about compliance expectations. Seek guidance and clarification on any aspects of DORA and NIS2 that may be unclear.

How NordLayer can help achieve compliance

As a network security provider, NordLayer offers tools and services tailored to help organizations achieve compliance with both directives:

  1. Secure access management: Utilize our business VPN for encrypted connections with masked identities, and implement Always-On VPN and Multi-Factor Authentication (MFA) to ensure safe and controlled access to your network. Secure access technologies ensure compliance with DORA’s emphasis on thorough access control practices, in addition to fulfilling many of the access governance standards outlined in NIS2.

  2. Network segmentation: Enforce stringent security policies using a robust Cloud Firewall and advanced access control features like Network Access Control (NAC).

  3. Continuous visibility & monitoring: A network visibility solution ensures comprehensive monitoring of network activity and devices. It fuses activity information, Server Usage Analytics, and Device Posture Monitoring to track traffic and performance in real-time. Ensure secure network access through features such as DNS filtering and Device Posture Security checks that verify endpoint security posture before network entry. Such visibility is crucial for meeting regulatory requirements, facilitating audits, and demonstrating practical usage of security controls.

  4. Protection of sensitive information: Comply with data sovereignty requirements through comprehensive NAC solutions like VPN gateways, dedicated servers, Cloud Firewall, and Device Posture Security, as well as advanced user authentication methods, such as MFA, biometrics, SSO, and user provisioning—addressing DORA’s and NIS2’s mandates for data protection.

  5. Manage vendor risks: Our solutions isolate third-party access to only needed resources. Additionally, NordLayer can be trusted to comply with customers’ vendor security requirements and international standards.

With NordLayer, businesses can simplify infrastructure security management and meet the stringent requirements of both the NIS2 and DORA directives. Contact us to discuss how we can assist with your compliance journey.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How Minecraft and game modding can undermine your security

ESET Research has revealed a concerning fact — gamers are being targeted by cybercriminals, and it’s no mystery why they are such meaty targets.

The gaming industry is huge — some games generate millions in monthly revenue, satisfying gamers and executives simultaneously. However, in some cases, gaming can present some very real dangers that are a bit more severe than getting a virtual arrow in your knee.

I wanna be, the very best

How far will a person go to excel in their game?

With the advent of online gaming, more and more people are playing together in real-time, leading to more social interactions than ever before. This can lead to a lot of pressure, especially when playing online games with a player vs. player (PVP) aspect like multiplayer shooters or battle arenas.

When you want to be the best, you will focus on improving your skills, right? Well, quite a few people would rather cheat their way to the top of the rankings, raking in the gain without the pain.

Cybercriminals know this, which is why when venturing online, gamers can find a multitude of interesting cheats like wall hacks or aimbots for better visibility and accuracy to help up their game. What they don’t know is that these cheats are often loaded with malware, hence cheating your way to the top can lead to someone else taking a peek at your personal data via infostealers such as RedLine Stealer or Lumma Stealer, which ESET Research’s telemetry confirm as quite active.

What is an infostealer?

An infostealer is a piece of malware that, after infecting your computer, starts exfiltrating (stealing) information from the compromised device. Such data can include credentials saved in browsers, financial information, browser cookies, crypto wallets, or others.

These are often sold as a service, with RedLine Stealer costing just $150 per month. To make matters worse, like home automation software, RedLine works through a simple dashboard, making its deployment to victims hassle-free.

The game has just begun

However, cheats are not the only attack vectors for infostealers to infiltrate your device.

When you really like a game, like Minecraft, for example, you might want to go beyond what the developer offers with the default set of assets and gameplay scenarios. For example, players of the Java version of Minecraft often modify their worlds by adding additional creatures, building blocks, or more ways to use redstone, leading to creations such as functional computers inside the game (the creativity is limitless, really).

While it is great that players seek more creative ways to redefine their game experiences, cybercriminals also abuse this. You see, mods (game modifications) are usually available as downloads —– for Minecraft, typically on web pages like Planet Minecraft or Minecraft Mods. These are all publicly available platforms, hence why cybercriminals try to exploit such places with their nefarious prospecting by updating modifications and injecting them with malicious code. Such was the case reported by Bleeping Computer, when hackers compromised several accounts on modding platforms to distribute infostealers, hijacking existing projects.

Sadly, sometimes not even official resources are free of exploitation due to various vulnerabilities, as was the case when 50,000 Minecraft accounts were infected due to skins injected with malware capable of reformatting hard drives and deleting backups plus system programs, offered as a download on the game’s website.

Since it’s usually kids (based on 2021 stats) who play Minecraft, they probably do so on shared family computers and home networks, hence the resulting damage can spill over to their parents. What’s worse, instead of an infostealer, a computer could get infected with ransomware, but that is more of a concern for gaming companies, who are targeted for monetary reasons.

Did you know?

Ransomware is a threat shared by people and businesses alike. In the world of gaming, a famous example is the 2023 Rhysida ransomware attack on Insomniac Games, the developer behind games such as Spider-Man and the Ratchet and Clank series. As a result of the attack, terabytes of data on both their past projects, as well as net-new, have been leaked.

Nothing is true; everything is permitted

Apart from infostealers, phishing is also trendy in gaming circles. As pictured below, gaming placed No. 10 in the top phishing website category by ESET Research.

Source: ESET Threat Report H1 2024

To paint a picture of how this happens, consider when a gamer is playing an online MMO like World of Warcraft or a game with virtual currency such as Fortnite.

Character skins and various XP boosts might require you to purchase them with said virtual currency. In WoW’s case, for example, there’s the WoW token. You either purchase one with in-game gold for gametime or Battle.net balance (enabling real currency purchases), or do the opposite and purchase one for an influx of in-game gold with real money. Imagine it as a foreign exchange of sorts.

Similarly, in Fortnite, V-Bucks are used to purchase outfits, emotes, and Battle Passes. All these are rather tempting for various reasons, especially when you want to stand out among an online crowd.

Kids, teenagers, and even adults don’t know better sometimes. Via the chat functions in these games (unless disabled or if the account has a parental lock), gamers can be tempted by fellow players to visit certain websites to receive either currency for free! Just insert your login details and you’ll immediately receive an influx of your desired virtual cash/token. Or, more likely, your credentials and account will get stolen, since now you’ve been successfully phished by a cybercriminal.

Infostealer detections

ESET telemetry continues to detect threats like RedLine Stealer and Lumma Stealer, with the former achieving localized detection peaks coming mostly from states such as Germany, Spain, and Japan.

Source: ESET Threat Report H1 2024

On the other hand, Lumma switched its malware to a new variant, leading to a growing trend in its detections as Win/Spy.Agent.QLD.

Source: ESET Threat Report H1 2024

Both infostealers have been detected in payloads of files masking themselves as cheating tools or video game cracks (game executables bypassing copy protection). All in all, infostealers have seen a slight rise compared to the previous period (4% increase) globally.

Global infostealer detections. This also includes non-gaming-related ones.
(Source: ESET Threat Report H1 2024)

ESET has also detected Epsilon Stealer (as JS/PSW.Agent trojan variants .CH and .CI). It was recently present in a popular mod of Slay the Spire, pushed through the Steam update system, after having breached the developer accounts on Steam and Discord. Once installed, Epsilon looks to exfiltrate cookies, saved passwords, and credit card details from web browsers, plus login info for Steam, Windows, and other accounts.

Stay awhile and listen

To protect against infostealers and other malicious threats, your best bet is to raise your protection with strong next-gen security software like ESET Home Security, and thanks to ESET telemetry and ESET LiveSense security layers, it can assure a strong safety net in case a modpack gets infected or If someone downloads an infected executable that had already been caught by one of our global sensors.

The same software also offers anti-phishing protection and secure browsing to block suspicious websites or emails, and to guarantee a safe browsing experience while socializing online.

As for account security, use diverse passwords (we recommend using the ESET Password Generator to ensure their strength), store your credentials in password managers (instead of browsers), and use app or biometrics-based multi-factor authentication instead of SMS to add another layer to your account’s security, keeping threat actors at bay.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.