Skip to content

Data speaks volumes: how analytics improves network visibility

Network management is pivotal and complex in the increasingly connected world. The task is enormous, whether it’s understanding the intricate user activity patterns, keeping a keen eye on data traffic, or monitoring device activity within the network.

Enter the analytics territory, where data doesn’t just speak; it roars volumes. By harnessing tools such as activity logs, server usage analytics, and Device Posture Monitoring, network visibility reaches a new height into a new dimension.

Different challenges require diverse solutions

A company network is a complicated organizational ecosystem. Various aspects, like the load of data traffic and employee connections, require specific attention. These targeted approaches help in decision-making, identifying problems, and streamlining network performance.

The use of data analytics in network management is transformative in addressing different issues:

Security concerns

  • Behavior analysis – continuous monitoring and analyzing data traffic, unusual patterns, or anomalies can help detect signs of a security breach or threats.

  • Compliance monitoring – regular scans and assessments ensure that network configurations meet the industry’s compliance regulations.

Network performance optimization

  • Bottleneck identification – real-time analysis of network traffic data helps identify potential bottlenecks or overloaded devices, allowing proactive action to prevent slowdowns.

  • Capacity planning – historical data analysis allows organizations to predict future network needs, making planning for expansion or upgrades easier.

Troubleshooting and maintenance

  • Root cause analysis – analytics can provide deep insights into the root causes of network issues, allowing for quicker and more accurate resolutions.

  • Predictive maintenance – by analyzing trends and historical data, predictive algorithms can forecast potential hardware failures or performance degradation, enabling preventative maintenance.

User experience and behavior understanding

  • Application performance monitoring – insights into how applications perform on the network can lead to optimizations that enhance user experience.

  • User behavior tracking – understanding how users interact with the network provides valuable security and performance-tuning insights.

Cost Management

  • Resource allocation – data-driven insights help efficiently allocate resources, ensuring no part of the network is over- or underutilized.

  • Cost prediction – analyzing trends helps forecast bandwidth usage, hardware upgrades, and maintenance costs, aiding budget planning.

Strategic planning and decision-making

  • Trend analysis – long-term data analysis can uncover emerging trends and potential opportunities for innovation or improvement.

  • Decision support – data-driven insights support informed strategic decisions, aligning network management with business goals.

Device monitoring in network management

  • Device Posture Monitoring – understanding the state and security of all connected devices is crucial for a robust network environment, including:

    1. Real-time assessment – monitoring device states in real-time, tracking factors like software versions, security patch levels, and endpoint configurations to determine their compliance with security policies.

    2. Threat detection – identifying potential vulnerabilities through continuous device behavior surveillance and comparing them against established baselines. This allows for an immediate response to unusual activities.

    3. Integration with security protocols – Ensuring devices connecting to the network meet specific compliance and security standards is crucial. This is achieved by integrating posture assessments with existing network access controls.

    4. Automated remediation – to prevent potential security breaches, execute automatic actions to correct non-compliant devices, such as quarantining or patching.

    5. Visibility and reporting – providing comprehensive visibility into the devices connected to the network and generating detailed reports for compliance tracking and security auditing.

How NordLayer incorporates analytics for network visibility

NordLayer’s approach is all about simplicity. We offer a unified platform to manage your organization’s network from one central place. Different pieces of information give insights into varying elements monitored from a data perspective.

Here are the scenarios where NordLayer can come in handy when looking for an analytical angle of network performance.

An overview of connections and actions: Activity monitoring

Activity log 1400x7000 (1)

The network of a small company and a large enterprise needs to record every organization member to identify who has access to connect. It’s like a window into what’s happening within the network and how each element behaves at a surface level.

NordLayer’s Activity monitoring is a helpful functionality for admins. It allows organizations to not only identify a connected member but also have their details and session time to evaluate the tool’s usage.

From a user activity perspective, information like member name, device name, given ID number, and email helps spot any deviations in created user profiles. You can also track when members connect and disconnect from the network in a provided table, ensuring compliance with security policies.

The Activity monitoring also shows a list of admin’s actions, from creating gateways and logging in to enabling or enforcing specific features. It’s practical to track down what actions were performed retrospectively in case of an audit, procedure revision, or simply to avoid accidentally duplicate actions. The functionality supports troubleshooting, helping to find if single errors have affected the team level.

Admins can use an export capability to have all concise data in one place and use it for generating insights. The export capability allows downloading encrypted connection reports, often used for compliance audits and internal process reviews.

Track service performance: server usage analytics

Connection statistics help better understand bottlenecks and overloads of the company network. From the number of members to what servers they are connected to, it provides visibility to network managers to distribute teams more effectively.

Cramped servers lead to performance issues that impact your workforce’s productivity. Therefore, the data about service usage is crucial in future decision-making and establishing processes. NordLayer’s Insights tab in the Control Panel has interactive dashboards for server usage visibility.

The Insights tab provides a detailed data summary to analyze protocol connectivity patterns and see active sessions in a given time. The information available for protocol usage displays the company’s dedicated server metrics.

The active sessions dashboard lists data about the number of users connected to specific dedicated servers. It makes it easy for admins to analyze the distribution of connections and plan for potential future needs, such as additional dedicated servers.

Maintaining a record of network activity: Device Posture Monitoring

Hybrid work and bring-your-own-device (BYOD) policies increase the risk of malicious connections.

Managing and gaining visibility into the devices within the network is challenging. You need to verify the identity of connecting individuals and ensure their connecting devices aren’t infected and don’t threaten the organization’s network.

NordLayer’s Device Posture Monitoring functionality addresses this challenge by accurately monitoring who connects to the company network based on predefined rules. The feature is convenient for registering deviations from established norms.

Device Posture Security allows admins to define periodical device check rules listed below.

  1. Enabling a list of organization admin-trusted devices.

  2. Defining a preferred OS and its version.

  3. Specifying the supported NordLayer app version.

  4. Enforcing checks if the device is jailbroken or rooted.

  5. Confirming that the device contains a specific file.

  6. Checking for an allowlisted IP address on the device.

The functionality improves the admin’s visibility of a device’s compliance with internal policies and its up-to-date status. To increase actions based on the Zero Trust framework, the functionality provides information about access, device health, and activity data for devices in the organization.

Benefits of network visibility features

Having data and knowing what to do with it offers substantial benefits for organizations. By offering a panoramic view into the complex labyrinth of connections, server usage, connected devices, and their security posture, network visibility features not only enhance the control and management of the network but open doors to numerous advantages.

Additional security

Network visibility allows organizations to monitor and analyze network traffic effectively. By observing network behavior, IT admins can detect and respond to security threats. This approach helps identify suspicious activities or unauthorized access attempts.

Network performance

Insights into the network enable understanding and optimization. It assists with the identification of bottlenecks, congestion, latency issues, and network failures. Better network management enables a landscape where data informs and empowers, leading to a smarter, safer, and more efficient work environment.

Troubleshooting

Detailed insights provide information to make troubleshooting and resolving issues easier, thus saving time. When problems occur, IT admin can use all of these capabilities to analyze traffic patterns and pinpoint the source of the problem.

Embracing the future with advanced network visibility

As the digital landscape expands, the importance of a transparent, secure, and efficient network cannot be emphasized enough. With tools like NordLayer, organizations can confidently navigate this evolving terrain.

NordLayer showcases the future of network management, where data doesn’t just inform but empowers growing businesses that face increasingly complex network challenges. Embracing advanced analytics and visibility tools is not just a luxury—it’s a necessity.

Share article

 

Copied

Copy failed

 

Genetic data leak, 23andMe point to credential stuffing

Hackers are selling genetic data stolen from users of the company 23andMe. The company itself says they weren’t breached, although their users’ data was used by what seems to be a single threat actor stealing personal details and genetic data. This data was then published or advertised online. 23andMe suggested that the threat actor(s) gained unauthorized access with “recycled login credentials”, a technique known as credential stuffing.

The logic is simple: Keep trying stolen username/password combinations, and eventually, they’ll work on another site. An easy solution to credential stuffing attacks? You guessed it: Multi-factor authentication (MFA). While 23andMe has offered an MFA feature since 2019, it was not made mandatory for users. With genetic and personal data at stake and up to 7 million users affected by these recent breaches, it might be time for a change in policy.

The Bleach Breach: Clorox revenue and supply chain hit

Clorox, the household cleaning giant, predicts a more than 20% drop in quarterly sales due to a cyberattack (thought to be ransomware) that caused product shortages and operational disruptions. Manufacturing, often kept running by legacy systems and sprawling workforces, suffers more cyberattacks than any other industry.

The Clorox incident is being linked to the same group responsible for the MGM and Caesars Palace hacks, discussed in our previous episode, which occurred around the same time in August 2023. “Scattered Spider” is notorious for using social engineering methods to gain access to internal systems. The Clorox Company’s share price has dropped by over 7 percent in the last month.

Wearable AI: Trendy or just trending?

Tech companies are rushing to secure the lead in wearable AI products. Meta has collaborated with Ray-Ban on a pair of high-tech glasses, enabling wearers to live stream directly from the glasses to Facebook or Instagram and voice activate Meta AI, “an advanced conversational assistant”. Jony Ive, Apple’s legendary former design lead, and OpenAI are reportedly teaming up to design the “iPhone of AI”.

Rewind.ai unveiled a neck-worn pendant that records conversations to your smartphone and creates a searchable database of life moments. Humane, imagining “a world where you can take AI everywhere”, have developed a smart device that resembles a badge or lapel pin.

The common goal here seems to be for technology to rely less on screens, to fade from view, and become all but invisible.

Stay tuned for the next episode of Cyberview.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

DNS Security Best Practices


What is DNS Security?


DNS security,

often referred to as DNSSEC (Domain Name System Security Extensions), is a set of protocols and techniques designed to protect the DNS from various threats and vulnerabilities. The primary goal of DNS security is to ensure the integrity, authenticity, and confidentiality of DNS data. By doing so, it helps prevent malicious activities such as DNS spoofing, cache poisoning, and man-in-the-middle attacks that can redirect users to fake websites or compromise their data.


Why DNS Security Is Important

DNS security is vital for preventing disruptions in operations. Any disruption to a business’s online presence can have devastating consequences. DNS attacks, such as DDoS attacks or cache poisoning, can render websites and services inaccessible. DNS security measures, including robust DNS hosting and protection, mitigate these risks, ensuring uninterrupted operations and customer access to primary and secondary DNS servers. Moreover, DNS security protects sensitive data. DNS queries contain sensitive information about the websites users intend to visit, and without adequate security, these queries can be intercepted by malicious actors. Implementing DNS security ensures the confidentiality of DNS data, and protects user privacy.

Without DNS security, there are risks of phishing and fraud. Cybercriminals often use DNS to conduct phishing attacks. Malicious actors create deceptive websites with domain names similar to legitimate ones, tricking users into revealing personal information. DNS security measures help detect and block these fraudulent domains, reducing the risk of phishing and fraud incidents.

In addition, many industries and jurisdictions have specific regulations and compliance requirements related to data protection and cybersecurity. Implementing DNS security measures can help companies meet these legal obligations and avoid enormous fines for non-compliance related to IP addresses and DNS settings.

DNS Security Best Practices

Log all DNS activities: Maintain detailed logs of DNS queries and responses to monitor for suspicious activities and troubleshoot issues effectively. Analyze these logs regularly to detect security vulnerabilities and respond to potential threats.

Keep the DNS cache locked: Make sure that cached data in your DNS server is secure and not vulnerable to cache poisoning attacks. Implement measures to prevent unauthorized access or manipulation of the cache.

Configure access control lists (ACL) precisely: Implement strict ACLs to control which devices and networks are allowed to access and use your DNS servers. Only authorized users and systems should have access to internal DNS servers.

Regularly update the DNS server: Remember to update your DNS server software regularly and keep it patched to address known vulnerabilities and security weaknesses. Stay informed about security advisories related to your specific DNS server software.

Deploy dedicated DNS applications: Use dedicated DNS server software designed for security and performance, such as BIND, Microsoft DNS, or other reputable options, rather than repurposing general-purpose servers.

Implement DNSSEC (DNS Security Extensions): DNSSEC adds a layer of security by digitally signing DNS records, ensuring data integrity and authenticity. Enforce DNSSEC for your domains to protect against DNS spoofing and cache poisoning attacks and validate DNS data integrity.

Mask the primary DNS server and information: Hide the identity of your primary DNS server and its version number to minimize the risk of attackers targeting known vulnerabilities in your DNS software.

Time limit the recursive DNS query response: Set a time limit for how long your DNS server will spend processing a recursive query. This helps prevent your server from being tied up by malicious or excessive requests.

Facilitate random DNS socket pool utilization: Configure your DNS server to use a random selection of source ports and request IDs to make it harder for attackers to predict and spoof DNS responses.

Ensure DNS availability with adept redundancy: Implement redundant DNS servers to maintain service availability even if one server becomes compromised or goes offline. Use load balancing and failover mechanisms for seamless DNS operation.

Reinforce the name servers: Secure the physical and network infrastructure of your name servers. Limit physical access, use strong authentication for administrative access, and employ firewalls and intrusion detection systems.

Filter and Monitor DNS Traffic: Employ DNS traffic filtering to block known malicious domains and monitor DNS traffic for anomalies and suspicious patterns. Tools like DNS filtering services and intrusion detection systems can be useful for this purpose.

In addition to these best practices, it’s important to stay updated on the latest DNS security threats, as this landscape evolves continuously. Regular security audits, penetration testing, and employee training can also help ensure the overall security of your DNS infrastructure.

DNS security is a critical component of a robust cybersecurity strategy. By implementing DNS security best practices, you can protect your organization’s online presence, maintain user trust, and ensure the availability and integrity of your online services. Remember that security is an ongoing process, and staying vigilant against emerging threats is key to a secure DNS infrastructure.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

Improving NordVPN’s Android performance using the Compose Compiler plugin

At NordVPN, we’ve harnessed the power of Jetpack Compose and its feature-rich capabilities to craft the user interface of our Android app. While Compose has accelerated our feature development workflow, our commitment to product quality drives us above all. We’re continuously exploring strategies for maintaining optimal performance. 

The new Compose integration has sparked a lot of internal discussion regarding the app’s performance. One of the things we at NordVPN do is to integrate the Compose Compiler plugin in our day-to-day development process, which helps us improve our code. In this blog post, we explain what the Compose Compiler plugin is, how it works, and how we use it at NordVPN.

What problems did we have?

When working with Jetpack Compose, we encountered performance issues related to the stability of composable functions. Our primary goal in working with composable functions was to make them as stable as possible, or “skippable” in Compose terminology. In this context, “skippable” means that if a composable function is recomposed and its parameters haven’t changed since the previous recomposition, Compose will skip the function and reuse the previous values.

With Compose, we can see significant performance improvements because even minor improvements can reduce recomposition count levels throughout the app. To assess the stability of composable functions, we can leverage the Compose Compiler plugin.

The Compose Compiler plugin

Compose Compiler is a plugin that can generate reports and metrics for components or code written in Compose. These reports provide detailed insights into the behavior of our Compose code. The plugin was added in version 1.2 of the Compose library.

With this detailed insight, we can begin making improvements to our code.

How does it work?

The Compose Compiler plugin is a Gradle task that generates reports for composable code within a module. It assesses the stability of the code, offering the flexibility to run it locally or in a CI pipeline when necessary.

It is recommended to generate the report in Release builds.

To ensure that the plugin works perfectly, we first need to configure it in the project’s Gradle file.

1

tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach {

2

compilerOptions {

3

if (project.findProperty(“nordvpn-app.enableComposeCompilerReports”) == “true”) {

4

freeCompilerArgs.addAll([

5

“-P”,

6

“plugin:androidx.compose.compiler.plugins.kotlin:reportsDestination=” +

7

project.buildDir.absolutePath + “/compose_metrics”

8

])

9

freeCompilerArgs.addAll([

10

“-P”,

11

“plugin:androidx.compose.compiler.plugins.kotlin:metricsDestination=” +

12

project.buildDir.absolutePath + “/compose_metrics”

13

])

14

}

15

}

16

}
 

The first part of the code generates reports, while the second one generates metrics for those reports.

To run this code, we use the Gradle command as follows:

1

./gradlew assembleRelease -Pnordvpn-app.enableComposeCompilerReports=true
 

Generating a report on release builds is recommended.

When the execution is completed, it generates a file in the build folder like the one below.

compose_generated_report folder

Where,

*-classes.txt: contains information about classes referenced from a composable function.

*-composables.csv: CSV version of the TXT file

*-composables.txt: contains a detailed output of each Composable.

*-module.json: provides detailed statistics as a comprehensive view.

In our case, we’re primarily focused on the *-composables.txt files and will be working with those.

The image above displays the generated value for only one module. However, for NordVPN, we have multiple UI modules, and each module generates its own compose_metrics folder (that has its Compose code) with all relevant reports included.

Refining the generated report

With all of our modules generating reports, here’s an example of how an individual -composables.txt file can contain multiple blocks of code like:

1

restartable scheme(“[androidx.compose.ui.UiComposable]”) fun ScreenContent(

2

stable onBack: Function0<Unit>

3

stable onSettingToggled: Function0<Unit>

4

unstable state: State?

5

stable modifier: Modifier? = @static Companion

6

}
 

Each of these files contains numerous functions that exhibit a Kotlin-style code structure. Additionally, each module with Compose code has a dedicated text file. Before delving into the details, let’s take a closer look at the significance of this code:

Restartable: When Compose detects changes in the function inputs, it restarts the function, invoking it again with the updated inputs.

Stable: This parameter in the provided function is stable; if they have not changed, Compose will skip it.

Unstable: This parameter in the provided function is unstable and Compose always recomposes it when the parent is recomposed.

We then merge all the *-composables.txt files into a single text file within our project using a script we’ve created for this purpose. This combined file plays a crucial role in our development process. Let’s see how we utilize it.

How do we use it in our day-to-day development?

At NordVPN, we’ve seamlessly integrated this workflow into our CI pipeline for every pull request we create, ensuring that we merge only stable Compose code (whenever possible) into our main branches.

However, before implementing this process, we conduct a thorough review to ensure that all of our Composable code contains no unnecessary unstable parameters. This proactive step guarantees that when we introduce this to our pull request flow, we initiate with a clean slate.

Let’s take a closer look at the steps in our pull request workflow:

1. Create pull request: The process begins with the creation of a pull request (PR).
2. CI job: A Continuous integration (CI) job is triggered for the current PR if there’s a change in any of the UI modules. The CI job performs several tasks:
a. Generate report: We generate a report on the release branch, which results in the creation of multiple text files in each module containing Compose code.
b. Merge the text files: At this stage, we execute a script that combines these text files, retaining only the functions containing unstable parameters.
c. Create a markdown table: Next, we create a markdown table that lists the function names along with their associated unstable parameters.

Output Markdown table

d. Post comment: We post this markdown table as a comment within the PR. This informs developers about any potential instability introduced in the PR.
e. Fix: If instability issues are identified, we proceed to fix the affected functions and commit the changes.

The entire process is then rerun, and if the unstable parameter issues have been addressed, no further comment will be posted. Any previous comments on the matter can be resolved.

Execution of the CI pipeline

This practice aids us in utilizing the Compose Compiler plugin as a lint check for our Composable code, which maintains coding standards and contributes to improved performance for the NordVPN Android app.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

IT Support Levels: Optimizing the Support Service through Tiers 0 to 4

Information Technology (IT) support, also known as technical support, is essential for the successful and efficient operation of organizations in the digital age. It helps ensure the stability, productivity and security of your systems and those of the people who depend on them.

Its importance lies in several key aspects such as maintenance of the technological infrastructure (this includes servers, networks, operating systems, software, hardware and other essential components); and ensure business continuity, implement and maintain security measures (such as firewalls, antivirus and intrusion detection systems); periodic updating and maintenance of the software, implementation and management of data storage systems, backup and recovery of data in case of failures; resource optimization (such as server capacity management), keep up to date with the latest technological trends and evaluate how these can benefit the organization and provide data and analysis that help to decision-making.

Content:

The 5 levels of IT support: description, functions and skills

IT Support Level 0: Self-service

IT support level 0, often called “self-service,” is the initial level of technical support offered to users so they can solve technical problems on their own without needing to interact with a support technician. This tier support focuses on providing users with the tools, resources, and documentation needed to address common technical issues on your own. Some key aspects of IT Support Tier 0 include:

  • Self-service portal.
  • Knowledge base.
  • Guided self-service.
  • Online community.
  • Diagnostic tools.
  • Training.
  • Automation.

IT Support Level 1: First person-to-person contact (basic support)

Level 1 IT support, also known as “first person-to-person contact” or “basic support”, focuses on solving the simplest and most common technical problems that do not require advanced technical knowledge. Common features and responsibilities of tier 1 support are described below:

  • Helpdesk.
  • Incident logging and tracking.
  • Troubleshooting common problems.
  • Documentation and updating of the knowledge base.
  • Coordination with other teams.

IT Support Level 2: Technical support

IT Support Tier 2, also known as “technical support” or “advanced support”, handles more complex and technical issues that go beyond the capabilities of Tier 1. Some of the main features and responsibilities of tier support 2 are:

  • Root cause analysis.
  • Development and maintenance of technical documentation.
  • Interaction with suppliers and manufacturers.
  • Training and mentoring of level 1 staff.
  • Proactive monitoring and maintenance.
  • Participation in IT projects.

IT Support Level 3: Expert support

IT Support Level 3, also known as “expert support” or “high level support,” is responsible for addressing the most complex and challenging issues that require deep technical knowledge and expertise. The most outstanding features and responsibilities of tier support 3 are:

  • Research and development.
  • Design and implementation of advanced solutions.
  • Participation in strategic projects.
  • The development of policies and procedures.
  • Crisis management.

IT Support Level 4: Third Party Support

Level 4 IT support, also known as “third-party support” or “external support,” is reserved for extremely complex issues or situations where specialized expertise is required, which goes beyond what an organization can offer internally. Common features and responsibilities of tier support 4 are described below:

  • Technology vendor support.
  • Development of customized solutions.
  • Technology integration.
  • Participation in security audits and reviews.
  • Service contracts coordination and management.
  • Supplier relationship management.
  • Trend analysis and strategic recommendations.

Establishing a tiered help structure

Implementing a tiered support structure involves careful planning and execution to ensure efficient technical assistance. Among the main steps to establish a tiered help structure is the choice of the appropriate IT Service Management (ITSM) platform, which is scalable and customizable.

Once the ITSM tool has been chosen, a self-service platform or a dedicated web portal must be configured there and the IT support levels of the organization must be clearly defined. In addition, the ITSM platform must include process automation, such as ticket routing, incident prioritization or reporting; providing updated documentation at each support level; tools to measure the performance of the IT structure and demand management to plan workloads.

Finally, to create an effective structure it is essential to establish effective communication channels and perform periodic evaluations to adjust the structure and processes to the changing needs of the organization.

Conclusion

Implementing a tiered help structure in an IT environment brings multiple benefits to the organization.

Benefits of Implementing IT support levels

Support levels enable efficient distribution of support requests, ensuring that issues are addressed at the appropriate level for resolution. This operational efficiency results in an improvement of user satisfaction and in cost savings by ensuring that technical resources are used more competently.

On the other hand, quick management of critical incidents provided by the help structure by levels, escalating the problems according to their nature to the different levels of support, allows to guarantee the continuity of the business. Finally, sharing documentation and knowledge allows capacity building among company personnel.

Adapting the structure to the needs of the organization

It is important to note that there is no single and universally applicable IT levels support structure. Each organization has specific needs and requirements, so it is essential to adapt the structure to its particular circumstances taking into account the size and complexity of the organization, the nature of the operations, that it carries out according to the industry to which it belongs, the needs of the users, both internal and external, of the company; the economic and human resources that the organization has and the technological changes that take place and that require a flexible infrastructure capable of adapting to technological and business evolutions.

Frequently Asked Questions

Summary of frequent questions about IT support and careers in this field

What is IT support for?

IT support is a very useful tool, both for companies and individuals, to receive assistance in any of the tasks to be carried out in their corresponding IT environments. It guarantees that they will be able to meet their goals or continue to offer services to their customers even if they suffer hardware, software or network failures.

What are the IT support levels?

  • Level 0: Self-Service
  • Level 1: Basic support
  • Level 2: Technical support
  • Level 3: Expert support
  • Level 4: Third party support

How do I start my career in IT support?

Of course, to get a job in this field requires technical knowledge of systems and processes. To begin with, you could complete related courses or get one of the necessary certifications.

What is remote IT support?

Remote IT support allows support technicians to provide their services to customers more quickly and effectively through remote control, email or chat. Even at a distance, they are able to diagnose any problem and provide the steps to follow to solve it.

What are the skills to work in IT support?

Of course, dealing with clients will always require professional and effective communication skills. Additionally, the ability to effectively troubleshoot and keep up with all IT news is critical for any professional IT.

Expert in journalism and social networks, Laura writes technical articles specialized in technology, innovation and IT entrepreneurship. She also coordinates contents in TicPymes, a media specialized in SMEs and startups.

 
 

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

A quick dive into identity- and attribute-based encryption

Securing data and communications with genuine encryption is not a simple process, as anyone who has ever dealt with S/MIME or PGP can attest. The biggest problem is the trusted public key exchange. You can download a random public key from a server, but how can you trust that this key is also the right one for your intended recipient? That’s where identity-based and attribute-based encryption comes into play.

 

Identity-based encryption

Wouldn’t it be great if we could just encrypt emails directly with a key derived from the email of the recipient? This question was first formalized by Adi Shamir, the co-inventor of the Rivest-Shamir-Adleman algorithm, or RSA, in 1984. The resulting cryptographic concept was called “identity-based encryption.” It took another 17 years until this concept was proven to be secure by Dan Boneh and Matt Franklin using the Weil Pairing.

Identity-based encryption (IBE) solves the problem of trusted public key distribution by letting users calculate the public key of recipients based on their identifier. An identifier can be any kind of string — the email address of the recipient, for example. The concept introduces a central authority whose job it is to generate respective private keys for identifiers.

Simplified overview of Identity-Based Encryption

Simplified overview of Identity-Based Encryption

Since the sender (let’s call her Alice) can calculate the recipient’s (Bob’s) public key offline based on his email address, Bob doesn’t even have to exist in the system yet. When Bob registers in the system, he just requests his private key from the central identity authority and then decrypts the data.

This design also solves the problem of key expiration — a complicated procedure in classic trusted web applications usually requiring expiring certificates. By making the identifier user+currentYear()@example.com, Alice forces Bob to request a new private key from the central authority every year.

Bob could also act as his own central authority, allowing Alice to send emails that could only be decrypted by certain departments. Imagine a scenario in which Bob is a company administrator and he needs to be able to view all company emails. However, he also wants to make sure that no department can decrypt emails from any other departments. The solution? Bob can set up a central authority and Alice can send emails to security@company.com, press@company.com, and info@company.com (all hypothetical email addresses invented for this example), each encrypted under their own identity public key. Best of all, these emails could all go to the same inbox without compromising confidentiality.

So why is identity-based encryption not used widely for email encryption? The biggest hurdle to this system is setting up the central identity authority to manage the generation of private keys. That might be practical in a company where it’s not unusual for administrators to have a master key to access employee data, but what about other non-corporate contexts?

Imagine that you have an image that you would like to show to your doctor — an X-ray from a previous appointment, for example. Maybe the doctor needs to consult another specialist, like a radiographer. You would like to encrypt your X-ray image in such a way that it could be shared among doctors and specialists.

Identity-based encryption wouldn’t allow the first recipient (your doctor) to safely share the data with someone else. For that, we would need something more flexible that would allow us to embed access policies within a message’s ciphertext. We need attribute-based encryption.

Attribute-based encryption

Attribute-based encryption (ABE) is the next generation of identity-based encryption. Instead of binding public keys to identity strings, they are instead bound to attributes.

Relying on attributes allows the sender to craft a ciphertext over a chosen access policy, combining different attributes with “and”/“or” gates to formalize access conditions. This approach is called ciphertext-policy attribute-based encryption (CP-ABE).

You can also do it the other way around — associate the user’s key with an access policy. Doing so is known as key-policy attribute-based encryption (KP-ABE). Similar to identity-based encryption, an attribute authority is responsible for managing attributes and their private and public key pairs. The owner of the attribute authority has global decryption power over all its attributes.

It is simple to make and own an attribute-based encryption scheme. Let’s introduce a central attribute authority, which stores a map of attribute identifiers to (normal, RSA) public keys. For example, imagine the following mappings:

Map of attribute identifiers to RSA public keys

If Alice would like to craft a ciphertext that can only be decrypted by general doctors who have her as a client, she would encrypt her secret text like this:

Cipher_client-alice = enc(text, PB_client-alice)
Cipher_client-alice&general-doctor = enc(Cipher_client-alice, PB_general-doctor)

Note that Alice herself doesn’t need to have access to the attributes. Only people who have access to both private keys of the attribute “has Alice as a client” and “general doctor” can decrypt the ciphertext. First Bob removes the outer layer of encryption by providing the “has Alice as a client” private key and then additionally applying the “general doctor” private key to retrieve the plain text.

Additionally, Alice would like to give all radiographers (Charlie) access to her photo scan. She creates the following ciphertext:

Cipher_x-ray-specialist = enc(text, PB_x-ray-specialist)

She can now combine both ciphertexts into one message and send it to her doctor:

Cipher_x-ray-specialist || (client-alice&general-doctor) =
Cipher_x-ray-specialist || Cipher_client-alice&general-doctor

As we can see, the ciphertext can be decrypted by radiographers (who will decrypt the first part of the ciphertext) or by any general doctor who has Alice as a client (decrypting the second part of the ciphertext).

Overview of an insecure Attribute-Based Encryption system which is vulnerable to collusion

As with most simple cryptography schemes, this system has some issues. In this case, our simple ABE schema is not collusion resistant. That means that if Eve is a general doctor and Dave is a psychologist who has Alice as a client, nothing stops Dave from just providing Eve with the private key for the attribute “has Alice as a client,” allowing Eve to escalate access.

Attribute-based encryption schemas must be collusion resistant. In practice, collusion resistant means that even if users exchange private attribute keys, they cannot gain additional knowledge about plaintexts beyond their access level.

This could be done, for example, by creating an individual user-bound attribute private key for each attribute, essentially combining the identity element from identity-based encryption with attributes. Additionally, ciphertext should not grow in size the more policies are added to them. Contradictorily, in our self-made schema, a ciphertext would grow larger and larger if we had multiple “or” conditions in our access policy.

Nevertheless, one problem remains. The central attribute authority can globally decrypt ciphertexts, allowing it to impersonate any user and issue any attribute to itself. Having this trusted central authority in the medical context is a bad idea, since medical information is highly sensitive and should only be decryptable and accessible by authorized parties. For the corporate context, attribute-based encryption makes more sense because an administrator could issue attributes to users and is allowed to decrypt and access any file in the company. But what if we have multiple companies, each with its own attribute authority?

Multi-authority attribute-based encryption

Multi-authority attribute-based encryption (MA-ABE) is an attribute-based encryption variation where multiple attribute authorities are responsible for managing distinct attributes. Why don’t we set up multiple individual attribute authorities? Well, we still want to be able to combine attributes from other companies with attributes from our own company to enable cross-company sharing.

Overview of an Multi-Authority Attribute-Based Encryption system for different companies

Overview of an Multi-Authority Attribute-Based Encryption system for different companies

In such a system, it becomes a problem to establish globally known parameters for each attribute authority. MA-ABE introduces a new central server that is responsible for setting up new attribute authorities and bootstrapping the system overall.

Early MA-ABE schemes required this central server to have global decryption power over all attribute authorities. On the other hand, modern MA-ABE schemes such as DAC-MACS (effective data access control for multi-authority cloud storage systems) are close to what we need to implement for MA-ABE in real-world scenarios because they don’t require the central server to have global decryption power.

MA-ABE offers some useful new approaches to data encryption:

  1. ABE schemes are group centric, meaning that a single group can be described with a single attribute. This makes encrypting and decrypting for groups easier. On the other hand, encrypting information for single individuals becomes more computationally intensive compared to traditional encryption schemes because these individuals usually don’t share common attributes.

  2. When an attribute gets revoked from a user, the attribute key and all ciphertexts using this attribute need to be rotated and re-keyed. This can be done by the attribute authority or a proxy-reencryption service.

  3. Proxy-decryption is a technique where a server helps the user during decryption. It does so by using the user’s private attribute keys. As the ciphertext is additionally protected with the user’s identifier (IBE), confidentiality is not compromised. Proxy-decryption can be used to help mobile clients with the computationally intensive decryption process.

Is MA-ABE ready to be deployed in modern secure cloud storage solutions such as NordLocker Business or NordPass Business? Personally, I would say no.

Even though the modern MA-ABE schemes fulfill most of the security requirements for end-to-end encrypted cloud storage systems, their system implementation is complex, and the underlying cryptographic principles like pairings are not yet widely adopted in cryptographic libraries. In addition, pairing operations are computationally intensive and not suitable for mobile devices, which require low power consumption for a good user experience.

With the world shifting increasingly further to the mobile side, proxy-decryption might help to decrease the computational overhead on the mobile device, but it requires the user to be always online to access their encrypted files. Finally, MA-ABE can only be cryptographically beneficial if users change their attitudes around encrypting files — away from sharing data with individuals, and towards attributing access policies over their data. It is yet to be seen if users and companies are willing to adopt this mindset change.

The existence and proven security of attribute-based and identity-based encryption schemes show that we are just scratching the surface of what is cryptographically possible with elliptic curves. However, the practical applicability of schemes in real-world scenarios is yet to be seen.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Your Apple devices are not as secure as you think. Learn how to raise their protection

Cyber criminals can use much simpler methods to bypass Apple security than malware.

Despite several notable cyber incidents, some iPhone and macOS users may still hold on to the myth that their devices are secure simply because of the way these operating systems are built. The simple answer to these claims is “they are not”; but let’s dive deeper.

Applications (Apps) on iPhone or iPad devices run in their own separate virtual spaces and can communicate with each other to a very limited extent. This also means that malicious applications can neither obtain information from other legitimate applications, nor can they usually spread like they would in the Android OS. This means devices running on iOS are less attractive for a majority of cyber criminals. On the other hand, it also means that an external antivirus app for iOS would only be able to scan itself, and thus, not work properly.

Much like iOS, macOS is also often considered to be more secure in comparison with other operating systems. Built-in protection measures mean lower potential for the creation of security loopholes because Apple created the iOS and macOS ecosystems and has full control over both the OS and app environments. As such, Apple has been seen as being less attractive for cybercriminals because of their lower share of the market.

Armed with that information, you may get a false sense of security about macOS’ and iOS’ security because of their designs, but that is not the end of the story. When attempting to attack devices, attackers have far more options than just using malware. There are other ways they can steal sensitive data, and that is why your iOS or macOS devices’ built-in protections are not enough, and why they can benefit from additional layers of security.

Responding to Apple customers’ needs, ESET brings forward new solutions on a consistent basis. This year’s offering is a huge step forward. Being a digital life protection vendor, ESET introduces two brand-new functionalities for iOS Virtual Private Network (VPN) and Identity Protection  (IP), to already present Password Manager. All these functionalities can be easily managed in updated ESET HOME, the complete security management platform.

MacOS users can have these new features, together with Modern Endpoint Security available in the new subscription-based premium tier product for customers, ESET HOME Security Ultimate.

 

What security threats are targeting iPhones and Macs?

Spreading malware across iPhone apps may be a tough nut to crack, but cyber-criminals can use much simpler methods to bypass Apple security.

For example, they may opt for social engineering techniques such as phishing websites or messages that try to impersonate legitimate companies or institutions to lure sensitive data from potential victims. In fact, Apple was the third-most-impersonated brand in phishing scams in Q2 2023.

Another scam is a false tech support call, wherein a user receives a call impersonating Apple’s support service and requiring personal details in order to deal with an impending problem. To make the call more believable, an attacker will use a spoofed ID, so the caller’s number looks like it is originating from a legitimate Apple support center.

Results of successful phishing attacks depend on how much data can be stolen from the victim in question. The extent of the damage varies from a hijacked e-mail account used for spreading spam to more serious incidents, such as identity theft or money withdrawn from an account.

Your iPhone can be also targeted while using unprotected public Wi-Fi. Connecting to an airport’s Wi-Fi during your travels may be convenient, but also may result in a loss of your sensitive data such as credit card details or passwords. Most public Wi-Fi networks don’t encrypt communications between your device and the router, making your data susceptible to interception.

Lastly, there’s old-school pickpocketing. In February 2023, The Wall Street Journal reported on iPhone thieves across the US who were locking people out of their Apple accounts and draining their bank accounts. First, the thieves watched their victims closely to learn their passcodes, then (physically) stole the devices. Armed with the passcodes, they invaded their victims’ personal and financial lives, while also effectively preventing the iPhones’ owners from locating their phones.

Macs face similar problems when connected to public Wi-Fi, as their users can face phishing threats via emails, private messages, and phony websites, among other threat vectors. Lastly, there are numerous pieces of malware specifically targeting macOS, such as CloudMensis, which was recently discovered by ESET researchers.

How can ESET VPN help?

In general, using public Wi-Fi is not recommended because it is often unsecure. But if you still want to stay connected while in a hotel room or at the airport, connect with a VPN, which establishes a private network connection, making internet users anonymous. After connecting to the ESET VPN application, a user’s device receives a new dynamic IP address, and online traffic is secured and encrypted.

This way, ESET VPN prevents cyber criminals from stealing user data while using public Wi-Fi, and makes it more difficult for third parties to track a user’s activity online, while ESET does not keep logs.

Moreover, using a VPN service can also bring other advantages. For example, users can enjoy access to their favorite streaming services from different parts of the world without geo-blocking.

Introducing Identity Protection* service

Since Apple customers can also fall victim to identity theft, ESET introduces its new Identity Protection* (IP) service for iOS and macOS. It monitors the dark web, searching for leaked sensitive information previously entered by a user such as name, phone number, and account credentials.

If a user is the victim of a data breach, they will be notified if the data they previously entered is found somewhere else online.

For US customers, the IP feature also includes Credit Report Monitoring, Smart SSN (Social Security number) Tracker, Social Media Identity Monitoring, Identity Theft Insurance up to $1 mil., and an on-call identity restoration service. Users will also be notified about leaked credit/debit cards and changes made to credit reports so that they can act against potential misuse of their personal information.

Why having a password manager and 2FA might be useful

Apple has its own password manager iCloud Keychain that stores and protects your passwords, but there are some known vulnerabilities. For example, iPhone thieves described by the Wall Street Journal can also bypass Keychain using stolen passcodes. Having a separate password manager from a different vendor gives you an extra layer of protection in such situations.

ESET Password Manager not only protects and stores your passwords and personal data, but the built-in password generator also prompts you to create strong, unpredictable passwords that you don’t have to remember.

Login credentials are stored automatically as new accounts are created. ESET Password Manager also includes a form completion feature that saves you time by completing web forms automatically and accurately.

To improve account protection even further, experts suggest setting up two-factorial authentication (2FA). This creates an additional authentication layer in case your password has been breached or stolen.

Easily manage your security on the ESET HOME platform

Operating a VPN, Identity Protection*, Password Manager, and 2FA might all sound too complex and time-consuming for a regular iPhone user. But in fact, you can easily manage all these features and more from one, easy-to-use platform, ESET HOME.

This complete security management platform and its companion mobile app for Android and iOS offer users a convenient and informative management dashboard with information about their ESET products, devices, licenses, and services, while also making it all accessible anywhere they go, whenever they need it.

ESET HOME also serves as a notification hub that presents connected devices as an ecosystem, where users can always easily check the security status of their connected devices.

Cyber incidents like leaked private photos of celebrities, iPhone passcode scams, and numerous malwares targeting Macs are proof that even iOS and macOS are not impenetrable, and that there is a need for extra layers of protection. Therefore, having features such as VPN and Identity Protection* can be quite handy, especially if they are easy to manage.

*Currently available in US market only, with global roll out planned in H1/2024

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Is Gmail Becoming a Security Threat?

First Cisco, Now Okta

In May 2022, Cisco was hit with a data breach that resulted in almost 3GB of data being stolen. You can read about what happened in more detail here, but the critical point is how the breach started – with an employee’s compromised Gmail account.

If you use Google Chrome and you sign into Gmail, it helpfully asks you if you would like to sign in to your Google account and sync across devices. This is of course extremely convenient, as most of us have multiple devices we use on a daily basis. This way, you have all of your stuff wherever you go – work laptop, home laptop, phone, tablet. Chrome will also offer to save passwords, so you don’t have to keep typing them in constantly. In some ways, this helps security – if you don’t have to worry about remembering a password, you’re less likely to choose a simple one or re-use a familiar one. Unfortunately, this means that those passwords are there, on any device you use, and if you slip up once, that opens you up not just to personal compromise but professional as well.

The same thing happened to Okta in 2023; the attackers targeted Okta’s customers by gaining access to their support logs, which included HAR files that had session tokens, and thus opened them up to session hijacking. The source of the hack was, again, an employee’s compromised Gmail account.

To be clear, this isn’t entirely Google’s fault – they take measures to protect Gmail accounts from compromise, arguably more than most other e-mail providers do. Users get prompted to review security settings regularly, they have a very robust spam filter, and they offer 2-factor authentication, which is a much better option than just using a password alone.

But humans are still the weakest link in the security chain, and the numbers don’t lie – over 80% of all data breaches involve the human element. And if you think that will get better, well, according to Forrester, in the future, that number will only increase to 90%. Not even Google can compete with the persistence of threats like phishing, credential stuffing, brute forcing, and the generally terrible password hygiene habits we all practice.

To Lock Down, or Not to Lock Down

When the internet first became widespread, many people only had access to it at work. Having a personal computer or laptop was not quite as common, and it was years before smartphones were introduced. This led to it being treated somewhat like the telephone – for the most part, some limited personal use should be considered acceptable. However, in light of the ever-expanding threat surfaces, it makes sense to have stricter policies regarding personal activity on work devices.

You could prevent users from signing in their personal Gmail/Google accounts at work (which is easy to do for both Gmail and Chrome. You can, in fact, turn off the ability to sign in via Chrome altogether if you don’t use Google as your identity provider.) This is definitely not going to win your IT Team any popularity contests, and it’s a bit of a draconian measure. Most people don’t consider it unreasonable to quickly check their personal e-mail at work; it could even negatively impact productivity if someone is constantly having to check their phone for an e-mail from their child’s school, for example.

A much better strategy is to implement passwordless authentication. This way, devices authenticate using a digital certificate instead of depending on a user to enter their username and password. It removes the risk of stored passwords because there simply aren’t any – which actually closes several avenues for potential breaches. Over 80% of all data breaches are related to credentials – weak, reused, easily guessed, or stolen, they remain the weakest link in your cybersecurity armor.

A huge challenge for security is balancing user experience with best practices – make things too locked down, and users will find ways around it. It’s incredibly rare to find a solution that is both more secure and better for the user, but passwordless authentication offers both! Logging into things is seamless and handled completely by the device exchanging the certificate with the identity provider – from the user’s perspective, they just open their laptop and boom, connected.

Another thing you may not realize is that passwords are costing you both time and money – an estimated $5.2 million per year, in fact, and 11 hours per employee. That adds up! And that’s not factoring in all the time spent training people not to click on phishing links with fake e-mails and endless training. Some estimates say that 3.4 billion phishing e-mails are sent every day! Given the prevalence of compromised passwords and the dire impacts a breach can have, it makes sense to get the best possible security measures available. Implementing passwordless authentication can save you time, frustration, money, and keep you safer – what’s not to love?

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Unraveling the Dangers of Phishing: From Basics to Effective Prevention

Surely you may have at one time or another received an email warning of an outstanding invoice, a parcel shipment that you did not expect or a warning from the bank about suspicious activity in your account. These messages usually adopt an alarming tone and provide you with a link to a website that you must visit right away to verify your personal information or to complete payment information. Caution! This is a “phishing” attempt, one of the most popular scam methods on the Internet!

Content:

What is phishing?

Phishing is a form of cyberattack that uses technology and social engineering to breach user security.

The term comes from the word “fishing”, since cybercriminals employ bait tactics waiting for users to “bite” or fall into the trap. They usually aim to get hold of financial information, payment service passwords (such as PayPal), or login credentials.

Actually, phishing is nothing new. The first cases of this type of fraud date back to the mid-1990s, when a group of fraudsters posed as employees of the AOL company to steal confidential customer data. Already in the 2000s, attacks began to specialize, focusing mainly on the banking sector.

Over the years, scams have become more sophisticated and, despite advances in cybersecurity, phenomena such as the rise of teleworking or the fraudulent use of AI have contributed to the rise of new ways of phishing.

Phishing as a source of concern

Anyone can become a victim of phishing. Even though cybersecurity systems are getting more powerful by the day, scammers have also honed their skills and organized themselves into small teams, specializing in social engineering tactics.

Companies often become the preferred target of these cybercriminals who try to steal your sensitive data or trick intermediary charges into making unauthorized transfers. A fairly common example of phishing is vendor invoice fraud, in which fraudsters impersonate trusted business partners to request payment for an outstanding invoice.

Even more disturbing are cases like the one we saw at the beginning of 2020 in the magazine Forbes in which a Japanese company was the victim of an elaborate scam in which the generative AI was used to clone the voice of a manager and authorize a transfer of 35 million dollars.

Audio cloning, audiovisual deep fakes and, in general, the use of the latest technology for criminal purposes pose a great threat and, at the same time, a challenge for cybersecurity companies.

Risks associated to phishing attacks

Financial losses have an immediate impact, but there are other long-term consequences that phishing victims can experience:

  • Reputational damage: Data breaches can erode customer trust, causing permanent damage to the company’s reputation.
  • Service outage: A cyberattack can cripple the company’s computer systems, especially if it involves ransomware. It all starts by downloading a malicious file included in the phishing messages. Once in the system, it encrypts critical files and blocks access to business-critical information.
  • Fines and penalties: Violation of data protection regulations (such as GDPR) may result in sanctions by authorities.

It is important to be prepared to deal with these threats using robust cybersecurity solutions and internal employee awareness programs as the main weapons to prevent phishing attacks.

Relevant statistics and data

Email fraud already accounts for 27% of economic losses for cybersecurity breaches and is responsible for 90% of data breaches, according to the report Cybersecurity Threat Trends 2021 (CISCO). This is mainly because phishing campaigns have become massive and scammers use hundreds of emails to reach more people.

Key elements in a phishing attack

Luckily, phishing messages are usually quite clumsy and recipients quickly realize that they are facing a scam, but sometimes they are so customized that they cast doubt on whether they are legitimate or not.

To gain the trust of their victims, fraudsters impersonate institutions, banks or companies that offer their services over the Internet.

Most of these fraudulent emails consist of:

  1. An unknown sender, with generic email extensions (Gmail, Hotmail, etc.) or names that resemble those of official companies, but with strange words that we cannot identify.
  2. A generic greeting (“Dear customer”, “Dear friend”) since cybercriminals generally do not know the identity of the recipient.
  3. An urgent request for our personal information (ID, credit card number) under the pretext of solving an issue.
  4. An external link that leads to a fraudulent website with the same logo, design and colors of the brand they intend to impersonate. On this landing page you will be prompted to update your details to continue. Here is where information is stolen.
  5. There is also the possibility that the email contains an attachment infected with malicious software (malware, ransomware). If you download it, it will compromise the security of the system.

It is important to be cautious and learn to recognize these phishing signals to minimize risks.

Types of phishing

There are currently over 10,000 forms of phishing (as reported by Wikipedia). These are some of the best known embodiments.

Traditional phishing

It is the most common form of email fraud. It is based on the random issuance of emails impersonating the identity of a trusted company or institution. Messages include links to fraudulent websites or infected files.

Spear phishing

While traditional phishing is a random scam, spear phishing targets a specific person, usually an influential position within the company. To earn their trust, cybercriminals conduct extensive research on the Internet, collecting personal data from social networks such as LinkedIn, where they check information such as age, location or position within the company.

Whaling

In whaling, the target is important people within the company or executive positions (CEO, CFO, etc.). Scammers investigate their prey for weeks and send highly personalized emails, related to critical business issues.

Smishing

Fraudulent messages are sent via text messages (SMS) or WhatsApp. For example, we received a notice from our bank reporting an unauthorized purchase with our card with a link to change the PIN and login details. If YOU do, we will have fallen into the trap.

Vishing

It comes from the union of “voice” and “phishing”. In this case, the scam is done by phone call. A typical example is technical service fraud where scammers call to report a computer failure that doesn’t actually exist and convince us to install a Trojan that will steal your data.

Angler Phishing

It is a new tactic that consists of creating fake profiles on social networks with the name of prestigious institutions and companies. The goal is to steal sensitive data from other users.

How to detect Phishing attacks?

Recognizing a phishing message is not always easy, but there are some indications that may make us suspect that the request is unusual.

  • Alarmist tone: They often convey urgency and urge the user to act immediately. Cybercriminals use emotions such as fear or curiosity and use intimidation tactics to make us act irrationally.
  • Grammatical errors: Many phishing messages contain spelling and grammatical errors as they were written by non-native speakers. Anyway, nowadays many scammers use tools like Chat GPT to correct their texts, so we must be wary even of messages without spelling mistakes.
  • Suspicious links or unsolicited attachments: Does the sender ask you to click on a link? Does it include alleged unpaid bills or fines that you can’t identify? This is most likely a cyberattack.

How to prevent a Phishing attack?

  • Do not open messages from unknown senders.
  • Do not provide your personal information through a link in an email.
  • Don’t download suspicious attachments.
  • Hover over the link and check if the url starts with https. This indicates that the site has a safe certificate.

If despite these precautions you fell into the trap and provided your data, change the passwords of the affected accounts as soon as possible and report the scam to the local police. You may also contact the Internet User Security Office of INCIBE (National Institute of Security) to investigate the fraud.

Protecting your organization from phishing

IBM assures in its report Cost of a Data Breach Report 2021 that it can take an average of 213 days for a company to warn that it was the victim of a phishing attack. During this time, cybercriminals will access all kinds of confidential information: database passwords, trade secrets, access credentials to the corporate network… That is why it is important to be prepared and work proactively to stop the threat of phishing.

Some preventive measures:

Employee Awareness

Make cybersecurity part of your company’s organizational culture and create campaigns to warn your employees of the risks of Internet scams. A good measure is to implement a phishing simulation software to train them and teach them to differentiate an authentic email from a fraudulent one.

Implementing email security solutions

The first line of defense against a phishing attack is the anti-spam filter built into email. Make sure it’s up to date with the latest versions and security patches. You may also configure email authentication policies as Domain-based Message Authentication, Reporting, and Conformance (DMARC) to reduce the risk of phishing.

Endpoint monitoring and protection

Endpoints are the end devices (computers, tablets, smartphones) connected to the network. EDR solutions have been designed to monitor and detect the presence of malware on these endpoints.

Unlike antiviruses that work with previously identified patterns, EDR solutions are more advanced since they give automated and real-time responses to contain the attack. They use technologies such as AI and machine learning capable of detecting anomalous behaviors, such as the execution of malicious scripts.

Endpoint protection is a basic cybersecurity measure, but should be combined with other solutions such as network traffic monitoring or safe remote access solutions such as Pandora RC.

How does Pandora RC help improve remote access security?

More and more companies are adopting policies of teleworking or hybrid work. It is a reality that poses new challenges in terms of cybersecurity. Remote workers operate in less secure environments than those under the supervision of IT teams.

Tools like Pandora RC help monitor your systems by offering remote support and quick assistance if a phishing attack is suspected.

Other ways Pandora RC can help prevent cyberattacks:

  • It generates 100% local passwords avoiding vulnerabilities in centralized systems.
  • Remote connections must be pre-approved.
  • It uses dual authentication access policies. This reduces the risk of unauthorized access, as users have to validate their identity in two steps.
  • It is a flexible and scalable solution. In addition, it is available as a SaaS or On-Premise solution for companies that want to have more control over their infrastructures.

Other tips to prevent phishing attacks in the business environment

As phishing techniques become more sophisticated, the need for protection is increasing. Therefore, it is not a bad idea to keep in mind some basic tips:

  • Try to stay up to date on new scams, follow the news in the media, and read tech blogs like Pandora FMS blog.
  • Use strong passwords on your accounts that include a combination of numbers, letters, and special characters. Never choose personal data such as date of birth, cities or pet names for your passwords; phishers could guess this information by checking your social media.
  • Use a multi-factor authentication (MFA) system to add an extra layer of security to your connections. That way, if a hacker gets your login credentials, they would still need to know the code sent to your mobile to access your accounts.
  • Installing a firewall is critical to blocking unauthorized access to sensitive information. Make sure it’s properly configured and only allows safe transactions.
  • Keep your browser and operating system up to date as cybercriminals often take advantage of vulnerabilities in outdated systems.
  • Prevents access to sensitive information over public Wi-Fi networks. Many of these networks lack encryption protocols and transmitted data could be intercepted. Turn off the option to automatically connect to open Wi-Fi networks on your mobile.
  • Make automatic backups of company data to be able to recover information in the event of an attack. We recommend them to be immutable backups (they cannot be deleted or modified). This ensures that copies are protected and can be restored even if a ransomware attack takes place.

Conclusion

As we mentioned at the beginning, phishing has existed since the beginning of the Internet and will probably evolve and we will learn about new forms of this form of cyberattack. Although we must be vigilant in the face of these threats, slowing technological development is not the solution. The key is to adopt cybersecurity measures and educate users to minimize risks and create a safe working environment.

Estudié Filología, pero las circunstancias de la vida me llevaron a trabajar en el sector del Marketing como redactora de contenidos. Me apasiona el mundo del blogging y la oportunidad de aprender que se presenta con cada proyecto nuevo. Te invito a seguir mis publicaciones en el blog de Pandora FMS para descubrir las tendencias tecnológicas que están transformando el mundo de los negocios.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

23.11.1 Saturn released

Changes compared to 23.11.0

Bug Fixes

  • Fixed an issue with email settings for Comet Hosted.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

23.11.0 ‘Saturn’ released

Saturn is the latest entry in our quarterly rollup series. It branches off from our main rolling Voyager development into a fixed target for our partners to qualify and build upon.

Saturn is the sixth planet from the Sun and is the second-largest planet in our solar system, after Jupiter. It is large enough that it can fit more than 760 Earths inside it.

Despite its enormous size, Saturn has a relatively fast rotation. A day on Saturn lasts only about 10.7 hours. This rapid rotation causes the planet to flatten slightly at the poles and bulge at the equator.

Saturn has been known since ancient times, and its rings were first observed by Galileo Galilei in 1610. The true nature of the rings was identified by Christiaan Huygens in 1655.

As for the software, Comet 23.11.0 Saturn brings 8 new features and 23 enhancements, including our new VMware Protected Item type.

As always for a new quarterly release, there are two changelogs for 23.11.0 Saturn depending on whether you are coming from the previous quarterly release or the previous Voyager release:

Changes compared to 23.8.3

New Features

  • Added new VMware Protected Item type. Comet supports both the free and paid versions of VMware ESXi for backups and restores
  • Added a lobby option to the Comet Backup desktop app installers, allowing for silent installation with fully-remote device authentication via the Devices page in the Comet Server web interface
  • Updated the name of the Connected Devices page to Devices in the Comet Server web interface and redesigned the page to show all devices
  • Added bulk actions to the Devices page in the Comet Server web interface
  • Added support for restoring Disk image backups as VMware-compatible virtual disks
  • Added new “Comet Storage” and “Comet Storage (Object Lock)” storage destinations, allowing users to select Comet’s new bundled Wasabi storage option for Storage Vaults (including Storage Templates)
  • Added the ability to enforce policies created by a top-level administrator onto tenant administrators and tenant users. This allows top-level administrators to enforce settings and preferences across an entire Comet Server

Enhancements

  • Protected Item types that are not compatible with the device operating system will now be greyed out and disabled in the Comet Server web interface
  • Added the ability to mark jobs that are stuck in the running state as abandoned if they are unable to be cancelled in the Comet Server web interface
  • Changed clients on Linux platforms to log to stdin/stderr for background services
  • Improved the performance of restoring data from backups which contain large amounts of blank data, such as Disk Images
  • Improved Comet Server behavior when it fails to start due to license issues. It now starts successfully with limited functionality and displays an error message indicating how to identify the issue
  • Added logging of the reason the job started at the beginning of backup job logs
  • Added option to aggregate usage by Account Name for Gradient PSA integration
  • Added automatic cancellation of running jobs using a Storage Vault when that Storage Vault is deleted
  • Improved the appearance of the “About” window in the Comet Server Service Manager
  • Reduced memory usage when loading large index files from Comet Server Storage Role-type Storage Vaults
  • Renamed “Restore files and folders” to “Granular restore” when restoring files and folders from a Disk Image or Hyper-V backup
  • Added a new template for Amazon S3 and Wasabi Storage Templates to make it easier to set Object Lock on a template.
  • Added ability to configure server audit file logging from the Comet Server web interface
  • Significantly improved the speed of granular restores from Disk Image backups
  • Improved the performance of restoring files and/or folders from Disk Image backups
  • Significantly improved performance when restoring directories containing only a few files from a File and Folder Protected Item
  • Updated the Activity browser filter names in the Comet Backup desktop app to better clarify their functionality
  • Slightly changed the appearance of the Comet Backup desktop app About dialog
  • Improve security posture of the Comet Server web interface by adding additional XSS protections
  • Updated the preconfigured exclusion list for File and Folder Protected Items on the Comet Server web interface with valid exclusions
  • Lowered memory usage when uploading to S3-backed Storage Vaults in some use cases
  • Removed the device dropdown in the Comet Server web interface when adding a Protected Item when there’s only one device
  • Improved the admin accounts dialogue to have a separate Policies tab in the Comet Server web interface

Changes compared to 23.9.11

Bug Fixes

  • Fixed an issue with the Comet Server web interface showing an internal error popup when the server is first started
  • Fixed an issue with the Comet Server web interface throwing an error before valid VMware credentials have been added

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.