Skip to content

Leading UK Loan Lender Deploys Portnox Cloud-Native NAC Across 75 Sites

Everyday Loans is the UK’s leading independent loan lender, operating dozens of branches across the country and boasting a personal, hands-on approach to lending, uncommon in today’s digitally anonymous financial services industry.

Today, personal lending in the UK has grown to become an industry approaching 24 billion GBP, with recent acceleration due to widespread financial uncertainty and hardship in the wake of the COVID-19 pandemic.

The company’s IT department, led by Head of IT Tony Sheehan, experienced the tangible impact of this market growth as more and more customers walked through the doors of Everyday Loans’ many branches, and as the company increased its employee headcount in response to demand.

With more guests and customers on-site as well as a growing workforce, Sheehan and his team began to assess potential cybersecurity vulnerabilities – beginning with the corporate network.

Sheehan describes the company’s initial network security vulnerabilities: “We have a presence online, but we’re predominantly a face-to-face lender. We have over 75 offices with many new and repeat customers coming in to discuss a loan, as well as part-time staff for cleaning, security and maintenance. As a result, we knew network authentication was an obvious vulnerability.”

Shifting Focus to Network Authentication

Implementing a solution for network authentication was a logical next step for Sheehan’s IT team. Given the increased branch foot traffic, the company needed to ensure it had total device awareness across the network. “This was a concern voiced to our new CTO when he came on board. He agreed, so we went about looking at different tools for network authentication and access control,” said Sheehan.

Another factor driving a focus on NAC was staff turnover. “Like every company, we have staff that leave us, and we need to ensure they can no longer access our network after they’ve departed,” said Sheehan. At that point in time, Everyday Loans knew that it’s usage of a hidden SSID paired with a PSK was not up to snuff from a security standpoint. As Sheehan and his team began to research potential solutions for network authentication and access control, two requirements became apparent:

  • They had no desire to build upon their existing on-prem or virtual footprint; adding maintenance tasks to the laundry list of other IT responsibilities was a non-starter
  • The company wanted a SaaS solution that could support its existing cloud-native hardware – primarily Meraki network devices and ChromeBox endpoints

Considering Network Access Control Options

Sheehan and his team found themselves at a crossroads as they mulled over these requirements. “We were either going to double down and stand-up another datacenter as part of a general infrastructure expansion initiative which would also enable us to deploy network access control on-premises, or we were going to go out and find a cloud-native NAC solution that fit our needs,” Sheehan said.

Portnox CLEAR was the only true cloud-native NAC we could find with the deployment and support model we wanted.

-Tony Sheehan, Head of IT at Everyday Loans

Having considered Microsoft NPS for RADIUS authentication and 802.1X, and Cisco ISE for full network access control, Sheehan and Everyday Loans’ IT team made the executive decision that neither tool was suited to their existing network security needs, internal skillsets, resource bandwidth or networking infrastructure. “We came across Portnox CLEAR fairly quickly thanks to the help of our partner, Haptic Networks,” Sheehan continued. “It was the only true cloudnative NAC we could find with the deployment and support model we wanted. Each of the other vendors had some solutions that were close in functionality, but in the end, they didn’t cover our needs totally – either functionally or operationally in terms of their ease-of-use. Ultimately, we went with Portnox CLEAR since it provided coverage across all our network devices and connected endpoints.” 

Up & Running with Portnox CLEAR

After beginning a proof of concept of Portnox’s cloud-native NAC-as-a-Service, Everyday Loans ruled out competing alternatives. “It worked as expected. After comparing Portnox CLEAR’s robust, easy-to-use functionality to that of the other vendors up for consideration, we soon dismissed alternatives as they did not meet our technical security requirements,” Sheehan said.

The trial continued and Sheehan’s team threw every possible authentication and access control use case they could conjure up at the system to test its durability.

“Anyone with good network experience will pick up Portnox CLEAR with ease – it’s just a case of ensuring how you setup the network hardware and what control you have over employee and guest devices,” Sheehan went on to say.

Anyone with good network experience will pick up Portnox CLEAR with ease – it’s just a case of ensuring how you setup the network hardware and what control you have over employee and guest device.

-Tony Sheehan, Head of IT at Everyday Loans

Everyday Loans was able to deploy Portnox CLEAR across its 75 sites with relative ease, saving the company’s headquarters for last. “Portnox CLEAR has exceeded my expectations. Now that it is fully deployed, the visibility and control we have of users authenticating to the network is unparalleled,” Sheehan concluded.

“It is a huge bonus that the system easily integrates with Azure Active Directory and provides its own certificate authority out-of-the-box. Having multiple methods for authentications helps us ensure all our bases are covered. The solution has been reliable from day one.”

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Prometheus network monitoring: a new open source generation

Prometheus seeks to be a new generation within open source monitoring tools. A different approach with no legacies from the past.

For years, many monitoring tools have been linked to Nagios for its architecture and philosophy or directly for being a complete fork (CheckMk, Centreon, OpsView, Icinga, Naemon, Shinken, Vigilo NMS, NetXMS, OP5 and others).

Prometheus software, however, is true to the “Open” spirit: if you want to use it, you will have to put together several different parts.

Somehow, like Nagios, we can say that it is a kind of monitoring Ikea: you will be able to do many things with it, but you will need to put the pieces together yourself and devote a lot of time to it.

Prometheus network monitoring architecture

Prometheus, written in the go programming language, has an architecture based on the integration of third-party free technologies:

Prometheus kubernetes monitoring

Unlike other well-known systems, which also have many plugins and parts to present maps, Prometheus needs third parties to, for example, display data (Grafana) or execute notifications (Pagerduty).

All those high-level elements can be replaced by other pieces, but Prometheus is part of an ecosystem, not a single tool. That’s why it has exporters and key pieces that in the background are other Opensource projects:

  • HAProxy
  • StatsD
  • Graphite
  • Grafana
  • Pagerduty
  • OpsGenie
  • and we could go on and on.

What is Prometheus monitoring?

As we mentioned, Prometheus is an open-source monitoring tool.

The main difference with the rest of the tools we have, is that Prometheus is conceived as a framework for collecting data of undefined structure (key value), rather than as a monitoring tool. This allows you to define a syntax for your evaluation and thus store only in case of change events.

If you’re familiar with RRD, you’re thinking the right thing.

Prometheus does not store data in an SQL database.

Like Graphite, which does something similar, like other systems from another generation that store numerical series in RRD files, Prometheus stores each data series in a special file. 

If you are looking for a Time series database information gathering tool, you should take a look at OpenTSBD, InfluxDB or Graphite.

What to use Prometheus for?

Or rather, why NOT use Prometheus.

They themselves say it on their website: if you are going to use this tool to collect logs, DO NOT DO it, they propose ELK instead.

If you want to use Prometheus to monitor applications, servers or remote computers using SNMP, you may do so and generate beautiful graphics with Grafana, but first of all…

Prometheus Settings

All Prometheus software configuration is done in YAML text files, with a rather complex syntax. In addition, each employed exporter has its own independent configuration file.

In the event of a configuration change, you will need to restart the service to make sure it takes the changes.

Prometheus reports

By default, Prometheus monitoring has no report type.

You will have to program them yourself using their API to retrieve data.

Of course, there are some independent projects to achieve this.

Dashboards and visual displays

To have a dashboard in Prometheus, you’ll need to integrate it with Grafana.

There is documentation of how to do this, as Grafana and Prometheus coexist amicably.

Scalability in Prometheus

If you need to process more data sources in Prometheus, you may always add more servers.

Each server processes its own workload, because each Prometheus server is independent and can work even if its peers fail. 

Of course, you will have to “divide” the servers by functional areas to be able to differentiate them, e.g.: “service A, service B”. So that each server is independent.

There does not seem to be a way to “scale” as we understand it, since there is no way to synchronize, recover data and it does not have high availability or a common access framework to information on different independent servers.

But as we warned at the beginning, this is not a “closed” solution but a framework for designing your own final solution.

Of course, there is no doubt that Prometheus is able to absorb a lot of information, following another order of magnitude than other better known tools.

Monitoring with Prometheus: exporters and collectors

Somehow, each different “way” of obtaining information with this tool, needs a piece of software that they call “exporter”.

It is still a binary with its own YAML configuration file that must be managed independently (with its own daemon, configuration file, etc.).

It would be the equivalent of a “plugin” in Nagios.

So, for example, Prometheus has exporters for SNMP (snmp_exporter), log monitoring (grok_exporter), and so on.

Example of configuring an snmp exporter as a service:

Prometheus monitoring exporter SNMP
Prometheus monitoring exporter SNMP

To get information from a host, you may install a “node_exporter” that works as a conventional agent, similar to those of Nagios.

These “node_exporters” collect metrics of different types, in what they call “collectors”.

By default, Prometheus has activated dozens of these collectors. You may check them all by navigating to Annex 1: active collectors.

And, in addition, there are a multitude of “exporters” or plugins, to obtain information from different hardware and software systems.

Although the number of exporters is relevant (about 200), it does not reach the level of plugins available for Nagios (more than 2000).

Here we have included an example of an Oracle exporter.

Conclusion

Prometheus’ approach for modern monitoring is much more flexible than that of older tools. Thanks to its philosophy, you may integrate it into hybrid environments more easily.

However, you will miss reports, dashboards and a centralized configuration management system.

That is, an interface that allows observing and monitoring information grouped in services / hosts.

Because Prometheus is a data processing ecosystem, not a common IT monitoring system.

Its power in data processing is far superior, but the use of that data for day-to-day use makes it extremely complex to manage, as it requires many configuration files, many distributed external commands and everything must be maintained manually.

Appendix 1: Collectors active in Prometheus

Here are the collectors that Prometheus has active by default:

These “node_exporter” collect metrics of different types, in what they call “collectors”, these are the serial collectors that are activated:

arp Exposes ARP statistics from /proc/net/arp.
bcache Exposes bcache statistics from /sys/fs/bcache/.
bonding Exposes the number of configured and active slaves of Linux bonding interfaces.
btrfs Exposes btrfs statistics
boottime Exposes system boot time derived from the kern.boottime sysctl.
conntrack Shows conntrack statistics (does nothing if no /proc/sys/net/netfilter/ present).
cpu Exposes CPU statistics
cpufreq Exposes CPU frequency statistics
diskstats Exposes disk I/O statistics.
dmi Expose Desktop Management Interface (DMI) info from /sys/class/dmi/id/
edac Exposes error detection and correction statistics.
entropy Exposes available entropy.
exec Exposes execution statistics.
fibrechannel Exposes fibre channel information and statistics from /sys/class/fc_host/.
filefd Exposes file descriptor statistics from /proc/sys/fs/file-nr.
filesystem Exposes filesystem statistics, such as disk space used.
hwmon Expose hardware monitoring and sensor data from /sys/class/hwmon/.
infiniband Exposes network statistics specific to InfiniBand and Intel OmniPath configurations.
ipvs Exposes IPVS status from /proc/net/ip_vs and stats from /proc/net/ip_vs_stats.
loadavg Exposes load average.
mdadm Exposes statistics about devices in /proc/mdstat (does nothing if no /proc/mdstat present).
meminfo Exposes memory statistics.
netclass Exposes network interface info from /sys/class/net/
netdev Exposes network interface statistics such as bytes transferred.
netstat Exposes network statistics from /proc/net/netstat. This is the same information as netstat -s.
nfs Exposes NFS client statistics from /proc/net/rpc/nfs. This is the same information as nfsstat -c.
nfsd Exposes NFS kernel server statistics from /proc/net/rpc/nfsd. This is the same information as nfsstat -s.
nvme Exposes NVMe info from /sys/class/nvme/
os Expose OS release info from /etc/os-release or /usr/lib/os-release
powersupplyclass Exposes Power Supply statistics from /sys/class/power_supply
pressure Exposes pressure stall statistics from /proc/pressure/.
rapl Exposes various statistics from /sys/class/powercap.
schedstat Exposes task scheduler statistics from /proc/schedstat.
sockstat Exposes various statistics from /proc/net/sockstat.
softnet Exposes statistics from /proc/net/softnet_stat.
stat Exposes various statistics from /proc/stat. This includes boot time, forks and interrupts.
tapestats Exposes statistics from /sys/class/scsi_tape.
textfile Exposes statistics read from local disk. The –collector.textfile.directory flag must be set.
thermal Exposes thermal statistics like pmset -g therm.
thermal_zone Exposes thermal zone & cooling device statistics from /sys/class/thermal.
time Exposes the current system time.
timex Exposes selected adjtimex(2) system call stats.
udp_queues Exposes UDP total lengths of the rx_queue and tx_queue from /proc/net/udp and /proc/net/udp6.
uname Exposes system information as provided by the uname system call.
vmstat Exposes statistics from /proc/vmstat.
xfs Exposes XFS runtime statistics.
zfs Exposes ZFS performance statistics.
Colectores activos por defecto en Prometheus

Appendix 2: Oracle exporter example

This is an example of the type of information that an Oracle exporter returns, which is invoked by configuring a file and a set of environment variables that define credentials and SID:

  • oracledb_exporter_last_scrape_duration_seconds
  • oracledb_exporter_last_scrape_error
  • oracledb_exporter_scrapes_total
  • oracledb_up
  • oracledb_activity_execute_count
  • oracledb_activity_parse_count_total
  • oracledb_activity_user_commits
  • oracledb_activity_user_rollbacks
  • oracledb_sessions_activity
  • oracledb_wait_time_application
  • oracledb_wait_time_commit
  • oracledb_wait_time_concurrency
  • oracledb_wait_time_configuration
  • oracledb_wait_time_network
  • oracledb_wait_time_other
  • oracledb_wait_time_scheduler
  • oracledb_wait_time_system_io
  • oracledb_wait_time_user_io
  • oracledb_tablespace_bytes
  • oracledb_tablespace_max_bytes
  • oracledb_tablespace_free
  • oracledb_tablespace_used_percent
  • oracledb_process_count
  • oracledb_resource_current_utilization
  • oracledb_resource_limit_value

To get an idea of how an exporter is configured, let’s look at an example, with an JMX exporter configuration file:

---
startDelaySeconds: 0
hostPort: 127.0.0.1:1234
username: 
password: 
jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:1234/jmxrmi
ssl: false
lowercaseOutputName: false
lowercaseOutputLabelNames: false
whitelistObjectNames: ["org.apache.cassandra.metrics:*"]
blacklistObjectNames: ["org.apache.cassandra.metrics:type=ColumnFamily,*"]
rules:
  - pattern: 'org.apache.cassandra.metrics<type=(\w+), name=(\w+)><>Value: (\d+)'
    name: cassandra_$1_$2
    value: $3
    valueFactor: 0.001
    labels: {}
    help: "Cassandra metric $1 $2"
    cache: false
    type: GAUGE
    attrNameSnakeCase: false

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Hunting down Sandworm and Wizard Spider: How ESET fared in the ATT&CK® Evaluation

The results of the latest round of the MITRE Engenuity ATT&CK® Evaluations are out. This time the evaluation was modeled against the Wizard Spider cybercrime and the Sandworm nation-state groups. ESET is a pioneer of research on Sandworm, with some of the most significant discoveries made about this threat group under our belt – but more on that later.

First, let’s take a brief look at the evaluation methodology and, most importantly, how ESET Inspect (formerly ESET Enterprise Inspector) fared.

Evaluation overview

As stressed by MITRE Engenuity, “these evaluations are not a competitive analysis” and thus “there are no winners”. The evaluations are a professionally executed, transparent, and objective snapshot of an endpoint threat detection tool’s capabilities to detect some of the adversarial behaviors demonstrated by the threat groups selected as the theme of the current round. At the same time, there are certain areas – crucial in real-world defense – that are out of the scope of the evaluations.

Some key parameters that the evaluations do not consider include performance and resource requirements, alerting strategy, noisiness (alert fatigue – any product could obtain a very high score on most of these results by producing alerts on every action recorded in the test environment), integration with endpoint security software, and ease of use.

The reasoning behind this is that organizations, security operations center (SOC) teams, and security engineers all have different levels of maturity and different regulations to comply with, along with a host of other sector-, company-, and site-specific needs. Hence, not all the metrics given in the ATT&CK Evaluations have the same level of importance to each evaluator.

To analyze the evaluation results properly, it’s important to understand the methodology and a few key terms. The detection scenarios consisted of 19 steps (10 for Wizard Spider and 9 for Sandworm) spanning a spectrum of tactics listed in the ATT&CK framework, from initial access to lateral movement, collection, exfiltration, and so on. These steps are then broken down to a more granular level – a total of 109 sub-steps. ESET Inspect, which supports Linux machines, was not yet released at the time of the evaluation, so Linux-related steps and sub-steps were out of scope. That means 15 steps and 90 sub-steps were evaluated in ESET’s case. The MITRE Engenuity team recorded the responses and level of visibility at each sub-step for each participating solution.
 
The results were then combined into various metrics, essentially based on the solution’s capability to see the behaviors of the emulated attack (Telemetry category) or to provide more detailed analytical data (General, Tactic, and Technique categories). For more details, read MITRE Engenuity’s documentation on detection categories.

 

Figure 1. Detection categories in the Wizard Spider and Sandworm Evaluation (image source: MITRE Engenuity)

 

 

 

ESET’s evaluation results

The results are publicly available here.

Out of the 15 applicable steps in the detection evaluation, ESET Inspect detected all steps (100%). Figures 2 and 3 illustrate the different types of detection per step.

Wizard Spider Scenario

Figure 2. Distribution of detection type by step in the Wizard Spider scenario (image source: MITRE Engenuity)

 

 

 Sandworm Scenario

Figure 3. Distribution of detection type by step in the Sandworm scenario (image source: MITRE Engenuity)
 

Breaking the attack emulation down to a more granular level, out of the 90 applicable sub-steps in the emulation, ESET Inspect detected 75 sub-steps (83%). Figures 4 and 5 illustrate the different types of detection per sub-step.

Wizard Spider Scenario

Figure 4. Distribution of detection type by sub-step in the Wizard Spider scenario (image source: MITRE Engenuity)

 

Sandworm Scenario

Figure 5. Distribution of detection type by sub-step in the Sandworm scenario (image source: MITRE Engenuity)

 

As the results indicate, ESET Inspect provides defenders excellent visibility of the attacker’s actions on the compromised system throughout all attack stages.

A key metric that is important for SOC analysts to understand what’s happening in their environment is analytics – additional context – for example, why the attacker executed the specific action on the system. ESET Inspect provided this extra information for 69 of the detected sub-steps (92%).

Note that ESET did not participate in the Linux part of the evaluation as the new version of ESET Inspect with Linux support was publicly launched only on March 30, 2022, completing our coverage of all major platforms alongside Windows and macOS.

Linux detections aside (note that ESET’s ecosystem does provide endpoint protection for Linux – but this was outside the scope of this evaluation), ESET Inspect did not identify 15 out of the 90 sub-steps.

Nearly all of those “misses” are due to ESET Inspect not monitoring certain API calls. API monitoring is a tricky business due to an unfavorable signal-to-noise ratio. Considering the enormous number of API calls present in a system, monitoring all of them is neither feasible nor desirable as this would be an enormous hog on resources.

To provide an example, one of the missed sub-steps (10.A.3) pertains to detecting the CreateToolhelp32Snapshot API call, which is commonly used in legitimate applications for process enumeration. This sub-step precedes an attempt to inject malicious code into a process. ESET Inspect takes the more efficient strategy of detecting this process injection, putting focus on the less frequent and more suspicious action.

This is in no way trying to say that API monitoring doesn’t have its place on a defender’s checklist – ESET is continuously evaluating scenarios where it makes sense to stay vigilant and add detection capabilities – yet in some cases this provides very little additional benefit at a very high cost.

The key principle when designing an effective extended detection and response (XDR) solution – and this applies to endpoint security software as well – is balance. In theory, it’s easy to create a solution that achieves 100% detections – simply detect everything. Of course, such a solution would be next to useless and is precisely the reason why traditional endpoint protection tests have always included a metric for false positives – a true comparative test cannot be done without testing for false positives. This is also the reason why security analytics platforms typically suffer from a high false positive rate and have heavy resource demands. Such platforms will have to contend with XDR solutions to remain relevant.

Yes, the situation is a bit different with XDR compared to endpoint protection (because you can monitor or detect without alerting) but the principles still apply: too many detections create too much noise, leading to alert fatigue. This causes an increased workload for SOC analysts, who have to sift through a large number of detections, leading to the exact opposite of the desired effect: it would distract them from genuine high-severity alerts. In addition to the increased human workload, too many lower importance detections also increase costs due to higher performance and data storage requirements.

The essential role of a good XDR solution is not necessarily to alert the analysts to every single procedure carried out during an attack (or sub-step in the ATT&CK Evaluation). Rather it should alert them that an attack took place (or is ongoing) … and afterward, support the investigation by providing the capability to navigate transparently through detailed and logically structured evidence of what happened in the environment and when. This is a functionality that we continue to put great emphasis on in developing ESET Inspect.

Figure 6. Rule A0430c detects the use of WMI to spread NotPetya from an infected machine (sub-step 19.A.6)

 

 

Figure 6 shows the detection of sub-step 19.A.6 – an attempt to spread NotPetya from an infected machine via WMI. Figure 7 depicts the attempt detected from the other side – the targeted machine.

Figure 7. Rule A0429 detects the use of WMI to spread NotPetya on the targeted machine (sub-step 19.A.6)

 

In addition to alerting the SOC analysts to the malicious activity, additional contextual information is provided, including detailed command line parameters executed by the adversary, and the execution chain and process tree – highlighting further related events that were suspicious or clearly malicious.

An explanation of the observed behavior is provided, along with a link to the MITRE ATT&CK knowledge base, and the typical causes for this type of behavior, both malicious and benign. This is especially helpful in ambiguous cases where potentially dangerous events are used for legitimate purposes due to the organization’s specific internal processes, which are for the SOC analyst to investigate and distinguish.

Recommended actions are also provided, as well as tools to mitigate the threat by actions such as terminating the process or isolating the host, which may be done within ESET Inspect.

Wizard Spider and Sandworm

ESET has done extensive research on both groups that were the inspiration for this evaluation round.

Wizard Spider is a financially motivated group behind TrickBot and the infamous Emotet malware, which has often led to the deployment of ransomware such as Ryuk. These have been some of the most active botnets and thus in the sights of ESET’s automated Botnet Tracking service for some time. We have been closely monitoring the development of these threats and our systems have uncovered (and blocked) new variants, configurations, and command and control domains even before they were used in an attack against potential victims.

Our effective defense against Emotet apparently caused significant frustration to Wizard Spider. In addition to implementing protection for users of our security solutions, our extensive threat intelligence on this group helped in the coordinated TrickBot takedown effort that crippled its activity for several months.

Sandworm is an advanced persistent threat (APT) group notorious for its high-impact attacks against Ukraine and other countries. The US Department of Justice and the UK National Cyber Security Centre attributed the group to the Russian GRU. ESET’s research has played a pivotal role in uncovering the group’s activities.

ESET first identified the work of Sandworm, along with the references in its code to Dune from which its name was inspired, as that of the BlackEnergy subgroup in a Virus Bulletin 2014 talk. We have tracked this group’s activity from its inception (around the time of the beginning of the war in Donbas and the occupation of Crimea in 2014), later uncovering both of its attacks against the Ukrainian power grid – the BlackEnergy-facilitated attack in 2015 and the Industroyer attack in 2016.

Most pertinent to this evaluation round were our discoveries around NotPetya in 2017, as the second detection scenario specifically emulates this faux ransomware. ESET researchers were the ones who linked NotPetya to TeleBots, a subgroup of Sandworm, and uncovered patient zero of what eventually became the most costly cyberattack in history: the supply-chain compromise of M.E.Doc.

For a more detailed overview and timeline of Sandworm’s attacks in Ukraine and around the world, and for information on the recent cyberattacks we detected around the 2022 Russian military invasion of Ukraine, refer to our blogpost, podcast and webinar.

Conclusion

We are happy to see that the rigorous MITRE ATT&CK Evaluation demonstrated the qualities of our XDR-enabling technology and validated the vision and roadmap we have for ESET Inspect looking forward.
 
It’s important to keep in mind that the development of a high quality XDR solution cannot be a static undertaking. As adversary groups change and improve their techniques, so must XDR and endpoint protection platforms keep pace to continue protecting organizations from real-world threats.
 
And that’s exactly the case with ESET Inspect: it is not a solution whose development is disconnected from active threat research. No, it’s our experts who track the world’s most dangerous APT groups and cybercriminals who also ensure ESET Inspect’s rules are effective and capable of detecting malicious activity on targeted systems.

The threat intelligence that is a product of our research is used to improve our security solutions and is also offered to customers as part of our premium threat intelligence offering in the form of private reports and data feeds covering technical, tactical and strategic threat intelligence. This is on top of our publicly available research, for example, on the subject of the Ukraine crisis.  
 
ESET Inspect is just one of the components in our comprehensive cybersecurity portfolio, designed to deliver reliable protection against cyberattacks. ESET Inspect is an integral part of ESET’s multi-layered security ecosystem, which includes strong endpoint security, cloud-based protection, machine learning-based detection technologies, and ESET LiveGrid® telemetry coming from a user base of tens of millions of endpoints (which, among other benefits, allows ESET Inspect to factor into its decisions the reputation of binaries and processes).
 
ESET believes this unified approach to delivering security solutions is absolutely crucial, because while it’s important to have great visibility into an attack executed in your network, it is much more important to be able to spot and recognize it among a myriad of events, or even better, to prevent it from happening at all.

For more information about ESET’s participation in the ATT&CK Evaluations, visit our page here.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ATT&CK® Evaluations: Building on visibility to reach XDR

One of the main goals of MITRE Engenuity’s ATT&CK® Evaluations is to help organizations better understand the level of visibility that endpoint detection and response (EDR) solutions offer to investigate in real time sophisticated threats lurking in a network. Visibility is a crucial metric in any organization’s assessment of an EDR solution it is considering to adopt or when learning the ropes of using one for the first time.

ESET’S 2022 ATT&CK EVALUATION RESULTS

Obviously, visibility is not the only metric. The additional metrics considered in the ATT&CK Evaluations largely center around the context that accompanies the detection of specific adversarial techniques. These have a varying level of importance to each organization, depending on its level of maturity, the different regulations it needs to comply with, and a host of other sector-, company-, and site-specific needs. Yet there are other metrics, such as performance and resource requirements, alert fatigue, integration with other security software, and ease of use, that are unconsidered in the evaluations.

This rich palette of metrics in part reflects the success of EDR as a go-to tool for security defenders. Even organizations without dedicated security teams have gained interest in this type of defense tool. Yet the market is pushing EDR to become even better. Not infrequently, security defenders have been juggling between an EDR solution to hunt down threats and a security information and event management (SIEM) solution to sift through big data sets as complementary activities to defend their networks — the strategy being that what is lacking in one tool can be made up for by the other.

Some might think that if only a synthesis could be achieved between EDR and a security analytics platform, security defenders would have the ultimate tool in their hands. However, Forrester analysts see the situation differently. EDR needs to evolve into extended detection and response (XDR) by learning to ingest data feeds sourced beyond endpoints for analysis and response. Budding XDR solutions can then enter into a toe-to-toe competition with security analytics platforms in a race that appears destined for collision.

On the other side, to remain competitive, security analytics platforms need to be equipped with EDR features like higher-quality alerts and threat response capabilities and use resources more efficiently. The evolved solution that demonstrates better overall security is likely to become the increasingly favored tool for defenders. Our bet is that XDR has the winning odds because of its stronger foundation on EDR solutions that are designed for higher-quality detections with rich context, even if partially limited in overall visibility.

What does XDR mean for ESET?

ESET adopts Forrester’s understanding of XDR as the next generation of EDR that moves beyond endpoints to collect data also from network devices, email servers, cloud-based services, and other sources and allows security defenders to discover and respond to more threats. In order to achieve this increased level of data collection and response capability, XDR can use two integration strategies: hybrid and native.

A hybrid strategy focuses on integrations with third-party tools. A native strategy focuses on integrations with tools from the same vendor. Currently, no vendor offers a complete XDR solution, making it an ideal yet to be achieved.

ESET is committed to building out a full XDR solution by iteratively improving ESET Inspect (formerly ESET Enterprise Inspector) and continuing to add integrations both with ESET’s ecosystem of security tools and with third-party tools. Previously, as ESET Enterprise Inspector, ESET’s EDR solution was positioned for enterprise security teams. Now, as ESET Inspect, it has evolved into the XDR-enabling component of the ESET PROTECT platform, ready for both large enterprise and smaller security teams.

Before looking at the ESET PROTECT platform, let’s consider ESET Inspect a little more closely.

ESET Inspect: Enabling the pursuit of XDR

More than being a mere name change, ESET Inspect is a new version with increased visibility and remediation capabilities. ESET Inspect carries over the familiar features of previous versions, such as the referencing to the MITRE ATT&CK knowledge base in its rule set, a REST API for integration with security orchestration, automation, and response (SOAR), SIEM, ticketing and other similar tools, and the ability to run a remote PowerShell session on Windows machines for precise response and remediation options.

In the latest version of the product — version 1.7 — several major Linux distributions are now supported. This adds to the already existing support for Windows and macOS and marks an important milestone on the road to a complete XDR solution. ESET Inspect’s coverage for Linux machines works in concert with ESET Endpoint Antivirus for Linux and ESET Server Security for Linux (from versions 9.0) to support the following distributions:

Linux distributions supported by ESET Inspect
Red Hat Enterprise Linux 7.6+Ubuntu LTS 18.04Debian 10SUSE Linux Enterprise 15Amazon Linux 2
CentOS 7.6+Ubuntu LTS 20.04Debian 11Oracle Linux 8

ESET Inspect also features an expanded rule set currently consisting of almost 1,000 rules. The rules are used to analyze events happening on endpoints, firewall and network data, user account actions, and other data for potentially malicious behaviors to be investigated by security engineers.

ESET researchers have enhanced a selection of rules with automated responses, for instance, to isolate a computer or block an executable. The use of an automated response in specific rules is made visible in the “Active Rule Actions” column of the “Detection rules” view:

Figure 1. ESET Inspect’s rules can trigger automated responses

The continued growth of ESET Inspect’s rule set and its integration with ESET’s other security products is a good example of building a native XDR solution. For ESET, the core of this integration lies in ESET PROTECT, a management console for IT admins to deploy and configure ESET security products. The ESET PROTECT platform packages endpoint security, server security, encryption, cloud-based, and detection and response solutions with the console to provide businesses a scalable prevention, detection, and response capability.

Thus, positioning ESET Inspect more closely to ESET PROTECT helps create a more integrated experience for security defenders using ESET’s security ecosystem. As mentioned above, one of the key goals of an XDR solution is to incorporate threat data beyond just endpoints, meaning that continuing to extend ESET Inspect’s coverage to more platforms and data sources that are already integrated with ESET PROTECT puts it firmly on the road to that goal.

Lifting ESET PROTECT Enterprise toward XDR

ESET is building an XDR solution on the ESET PROTECT Enterprise platform, which packages ESET Inspect along with endpoint and server protection, cloud-based threat detection, and encryption to provide a comprehensive security capability.

XDR demands more data for ingestion, but this entails a need for greater database storage capacity that can hit performance hard if not adequately handled. Investing in more hardware to buttress on-premises database solutions is always possible, even if lacking some flexibility. This is why thinking ahead about the database needs for ESET PROTECT and the database needs for ESET Inspect is crucial.

With a cloud deployment, however, scaling up to meet this data storage demand is much more flexible as there is no need to buy new hardware. The cost lies rather in renting more storage space and possibly more powerful machines — a change that can be executed rapidly. The flexibility and scalability offered by the cloud are precisely the qualities required of an XDR solution, as Forrester points out.

Formerly, ESET PROTECT and ESET Inspect were only available for on-premises deployment, which could require considerable hardware investment, server maintenance costs, and on-site staff. While on-premises deployment remains an option, especially for organizations more desirous of keeping their data close to hand, both these solutions are also available in the cloud — a new capability for ESET Inspect since version 1.7 — and thus answer XDR’s call for cloud-native support.

Managed detection and response

In some cases, especially for smaller organizations or those whose core focus is outside of security, extracting value from an XDR solution can be too heavy of a lift to make unassisted. Similarly, managing ESET PROTECT Enterprise requires either full-time security staff or a managed detection and response (MDR) provider to take over some, if not all, of the daily security work.

For some time, the manufacturers and developers of complex products have recognized the need to increase the value of their products with a service offering. This is because at times customers struggled to see the value of their purchase when they did not have the expertise to use the product well, often misconfiguring it or failing to use all its features. More importantly, offering services reflects the type of relationship that providers wish to have with customers — for ESET that means engaging in a security partnership with customers.

ESET’s revamped MDR service assists security teams to set up ESET’s products with the best configuration and optimizations possible for their networks. The service also includes periodic health checks to address any poor security practices or misconfigurations that may have crept in over time. Critically, organizations can request the help of ESET security engineers for on-demand or proactive threat hunting with ESET Inspect.

Interested organizations (in select countries) can explore their options by reaching out via ESET’s MDR service web page.

Conclusion

This article started by discussing visibility and all the other metrics that organizations need to look at when considering a detection and response solution. For a snapshot of the depth of visibility that ESET Inspect can provide threat hunters, read the blogpost: Hunting down Sandworm and Wizard Spider: How ESET fared in the ATT&CK® Evaluations.

Designing a detection and response solution that balances all these metrics is by no means an easy task. The brief journey through XDR taken here has revealed a complexity of issues in developing native and hybrid integrations for EDR solutions and in scaling up data collection via cloud deployments, all while making detections of high quality and rich with context and maintaining high system performance.

While there are certainly mature organizations ready to wade through this complexity, the tough reality for most organizations is that they may have only one or two IT administrators … and they are managing security part time, along with their many other responsibilities. This can make the ATT&CK Evaluations, which concentrates on sophisticated threat groups, or even a discussion about XDR appear as somewhat of a niche focus.

However, both the evaluations and the pursuit of XDR speak to the gamut of security practices — from basic configurations and policies all the way to advanced fine-tuning and optimization — that should be in place to protect against even the most common threats. Furthermore, XDR’s demand for the cloud opens the door to improved security even for organizations without dedicated security teams. Such organizations may discover that their security practice falls short of industry standards when engaging in this discussion. At least in this way — by beginning the game of catch-up on their security — the ATT&CK Evaluations and the pursuit of XDR can provide actionable insight even to less mature organizations.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET’s detection and response capabilities tested in MITRE Engenuity ATT&CK® Evaluations

BRATISLAVA – ESET, a global leader in cybersecurity, today announced the participation of ESET Inspect (formerly ESET Enterprise Inspector) in the fourth round of the MITRE Engenuity ATT&CK® Evaluations for Enterprise. This round of the ATT&CK Evaluations emulated the Wizard Spider and Sandworm threat groups, collecting results from 30 participating vendors and highlighting ESET’s pioneering research into Sandworm, especially the discovery of the Exaramel backdoor.

The ATT&CK Evaluations prioritize threat groups that can have a significant impact on businesses and governments worldwide. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a cyberespionage threat group that is known for carrying out destructive attacks, such as the 2015 and 2016 disruptions of Ukraine’s electrical power grid and the 2017 NotPetya outbreak.

The detection scenarios of the evaluation consisted of 10 steps for Wizard Spider and 9 for Sandworm. As support for Linux in ESET Inspect was released after the evaluation, four steps related to Sandworm were out of scope. ESET Inspect detected all of the 15 applicable steps (100%). The evaluation categorized the level of context provided by the vendor’s tool and you can read more in ESET’s in-depth analysis of the results in this blogpost.

“ESET believes in taking a multi-layered, high performance approach to developing our detection technologies. ESET Inspect is the foundation of our extended detection and response (XDR) capabilities and works together with ESET PROTECT security platform to offer a complete solution that is optimized for ease of use,” said ESET Chief Research Officer, Roman Kováč. “We have been tracking Sandworm since its inception, being the first to identify the work of its subgroups BlackEnergy and TeleBots and to discover the origin of the NotPetya outbreak. For us, it’s critical to keep ahead of the curve with our telemetry and put our solutions to the test through the expert lens of the MITRE Engenuity team.”

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.

The ATT&CK Evaluations demonstrate that ESET Inspect is able to provide defenders excellent visibility and context throughout all attack stages. As an XDR-enabling solution, ESET Inspect is a sophisticated tool with advanced threat hunting and incident response capabilities, and together with ESET PROTECT offers deep network visibility, cloud-based threat defenses, and more. ESET has continuously been named a top player and a leader in the industry for its business solutions.

For more information on ESET’s results in this ATT&CK Evaluation, check out our blogpost and MITRE Engenuity’s evaluation results page.


About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Cyber Security Essential #3: Antivirus

Why is Antivirus Essential?

Antivirus software helps protect computers against malware and cybercriminals. Antivirus software looks at data – web pages, files, software, applications – traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.

antivirus and portnox

Antivirus protection is essential, given the array of constantly-emerging cyber threats. If you don’t have protective software installed, you could be at risk of picking up a virus or being targeted by other malicious software that can remain undetected and wreak havoc on your computer and mobile devices.

Necessary Antivirus Capabilities

Real-time Scanning

While all antivirus software is specifically designed to detect the presence of malware, not all of them detect in the same way. Ineffective products force you to run a manual scan to determine if any systems have been affected, while the best forms of software have dynamic scanning features that are repeatedly checking your computer for the presence of malicious entities. Without this feature, it’s much easier for something to infiltrate a device and begin causing damage before you even realize it.

Automatic Updates

Updates are vital for all forms of software, but this is especially true when it comes to antivirus. Because new types of malware are constantly being developed, antivirus software needs frequent updates in order to track and contain new threats that didn’t even exist when it was first installed. If you have to install updates manually, you might miss important new protections and expose your system to infection, so always make sure your antivirus software is capable of installing updates automatically and frequently.

Protection for Multiple Apps

Threats exist across the entire spectrum of applications and services that you rely on for your everyday tasks. From email clients, to your CRM, ERP, and beyond, harmful software can sneak into systems from a variety of different sources. Antivirus programs need to protect multiple vulnerable applications from potential dangers.

Auto-Clean

If the antivirus software immediately detects malicious software, why wouldn’t it delete the code on the spot? Unfortunately, some solutions simply place the malware in a quarantine zone upon detection, waiting for the user to log on and manually delete it. You should choose a program that utilizes an auto-clean feature to rid itself of viruses.

Fights Against All Types of Malware

Between trojans, bots, spyware, viruses, etc., there are many different types of malware that can harm your computer, and antivirus programs are sometimes designed only to target a specific type of software. It’s better to go with a program that can comprehensively detect all forms of malware.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Find that IT job you were aiming for

When you leave the faculty with a smile on your face and after the undertow of the graduation celebration, you hope that the great multinationals approach you with hundreds and varied jobs. “Take this huge sum of money and work on what you always dreamed of”…

But nothing could be further from the truth.

For that reason, today in Pandora FMS blog, we give you our sincere condolences for facing that load of hunting for a job related to “your stuff” and a couple of pages totally necessary to find an IT job.

*We know that there are millions of specialized people that look for an article like this, from water stocker in IT to those who prepare a megalomaniac IA in their garage, but this time we have wanted to focus on looking for an IT job

** Even so, these pages are very versatile and are helpful for many more specialties. Look among them for a job that suits your specialties.

Do you know where you have to look for an IT job?

Ticjob

Good stuff: Ticjob. We dive right into it with one of the most valued portals of IT jobs in Spain

Go in, thread between the offers with enough precision, since you can choose among role categories, development, system, business… Choose and forget about it. Soon you will find something!

If I were you, I would sign up immediately, because you may find companies that usually do not appear in other more well-known platforms. 

TalentHackers

Talent Hackers. We already explained to you why you don’t have to fear the word “hacker”, because it can have positive connotations and, of course, it has them here.

We face here a very singular platform for job hunting

Its aim is to catch talents within the technological scope through one distributed network. That is, by means of searching and picking up professionals through references later repaid. 

What does this mean?
It means that if the candidate which you recommend for a position is the selected one you can take up to 3,000 bucks.

Manfred

Manfred: “We manage talent, not selection processes”. With this quote, the company makes clear that it is not a common portal.

Rather, Manfred claims to be a platform that offers “IT recruitment” and gives the candidate an experience totally different from that we are used to with the rest of this type of services.

Manfred takes less into account the necessities of the companies and worries more about the programmers that look for a job.

  1. You sign up.
  2. You are assigned a person that will be in charge of you, who will inform you about the most interesting opportunities that comply with the profile which you previously detailed.
  3. You are advised with the utmost respect.
  4. You realize everything is for free for IT profiles and they only charge companies that hire them.

TekkieFinder

“We are the ONLY job portal that PAYS you whenever a company contacts you.” This is what TekkieFinder promises. Do you like the idea?

Is very easy: You register, fill in your profile happily, they get you in their database and, here’s the good stuff, when a company is interested in you, it buys your profile from TekkieFinder to be able contact you, and whether you are interested in the offer or not, you get paid!

There is such a shortage of IT professionals that it is changing the way to take control over them. They are like exotic legendary pokemon hidden behind an ancient glitch. What IT professional wouldn’t be thrilled with this platform?

Circular

Looking for something truly individualized and round? Get in Circular

Circular is similar to the previous employment portal mentioned: Manfred. Although it gives you a less personal feeling than Manfred, among the Spanish platforms, it is the best one in this feature.

Circular, like the dating application Tinder, it gathers companies and applicants all together. 

First, you sign up, then a friend of yours/contact within the platform recommends you, since if they do not do it, you will not be able to contact the companies, and that’s it!

GeeksHubs

GeeksHubs is without a doubt one of the best options if you look for an IT job in Spain. 

Systems/DevOps, Back-end, Front-end, Mobile, FullStack,… These are some of the categories that you will be able to find in your sector. In addition to enough information on each vacancy, so that it becomes clear whether it interests you or not. 

And, in addition, they say how much they are willing to pay you, which is the most interesting part and it is what many hide. 

Growara

 Growara gets in your shoes and it never offers to its users a project in which they themselves would not work. In fact, it seems that they only work with companies that are actually worth it.

They never ghost you, since they seem to feed on the feedback that you can offer them.

The best thing? They don’t bother spamming you with thousands of offers that do not have anything to do with your professional development. They look for precise and elegant matches that meet your values and capacities.

Tecnoempleo

Tecnoempleo is that portal specialized in computer science, telecommunications and technology that you’re looking for.

More than half a million candidates and 27 thousand companies guarantee its 20 years of professional expertise in the sector.

Although just for having its own mobile app, and specific sections for working abroad or remotely, or looking for your first job, I would choose it hands down.

Primer Empleo

If you are a newbie this is your site, Primer Empleo.

A job portal founded in 2002 and directed specifically to students and recent graduates without labor experience.

So if you have a junior profile and you want to check it out, go ahead. Even if you have not even finished your grade and you are only looking for an internship, it is quite interesting.

Jooble 

Jooble and Jooble Mexico are websites that take you to many and a wide range of existing job offers in other pages.  Perhaps you lose some time signing up to each one of them, but it may be worth it if you end up getting your way. 

It is worth pointing out that, if you get a job thanks to this article, you should treat us to something, even if it’s just a coffee. Always depending on the job you got and its consequent remuneration, of course!

Conclusions

Looking for a job is a task that is already too ungrateful for you to not accept our help through this article and these links. After all, we have been there and we know how lost and frustrated one can feel.

Good luck and take courage in your job hunting!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Steps towards protecting children online

Biden turns to Congress to limit targeted social media ads for kids.

As the New York Times reports, President Biden is eager to shield children from obscene internet content presented in ads. Moreover, he is planning a broader campaign for the mental health of the younger generation, as he reveals in his first State of the Union speech.

“It’s time to strengthen privacy protections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children,” he declares.

The interaction of kids with social media can be extremely harmful and damaging. Frances Haugen, a former Facebook employee, leaked some of the documents that state Meta was aware they made teenagers feel bad about themselves. Extreme and obscene content is shown to young people, which causes mental illnesses by diminishing kids’ self-worth.

One of the solutions Biden suggests is to ban targeted ads aimed at children, Bloomberg states. The process will take some time to obtain funding and become a full legal act, and meanwhile, you could protect your kids or yourself from the harmful side of the internet in a couple of clicks with a web filtering solution.

SafeDNS offers different kinds of plans tailored to your needs.

Get your 15-day Free Trial and see for yourself!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

IT Service Management (ITSM): A Complete Guide

Currently, most companies rely on their Information Technology department and IT service management (ITSM) to meet the demands of users and become increasingly competitive.

But what is this strategy about after all? In practice, the term IT Service Management (ITSM) refers to the processes and resources used by IT teams to deliver IT services in an agile and effective manner, positively impacting a company’s performance. 

Beyond the delivery of services and support, this set of practices prioritizes the needs of users and the services provided, seeking continuous improvement rather than taking only IT systems into account.

In this post, we bring you a complete guide, with everything you need to know about IT Service Management (ITSM) through the following information:

  • What Is IT Service Management (ITSM)?
  • Benefits and Importance of IT Service Management (ITSM)
  • Key IT Service Management (ITSM) Processes
  • ITSM, ITIL, DevOps: Understand These Abbreviations
  • What Is the Difference Between ITSM And ITIL?
    1. Services Related to ITSM
  • Agile Service Management
  1. Workforce Training: Understand this Approach
  2. ITSM Resources 

Read it until the end!

  • What Is IT Service Management (ITSM)?

IT Service Management (ITSM) needs a strategic approach focused on the end-user. ITSM strategies contribute to creating an IT organization that matches the needs of users and their businesses.

In practice, IT service management (ITMS) consists of the strategies used by companies that offer IT services to their users. Therefore, technologies, processes, and people are essential in ITSM.

This mechanism seeks to understand the needs of the end-user in order to meet them. This involves the design of IT systems with efficient demand management, implementation of processes, hardware, and software that improve services. 

That is, ITSM functions provide the development of IT systems capable of meeting expectations and accommodating evolving technologies.

An institution that uses IT Service Management (ITSM) can effectively offer responsive services with more availability, at an affordable price. This solution also contributes to improving employee productivity and consumer experience, as well as optimizing the assessment and improvement of services.

  • Benefits and Importance of IT Service Management (ITSM)

All companies depend on IT service management (ISTM) to some extent. This is what enables simplified management of problems, service requests, incidents, changes, and IT assets, among other actions.

ITSM helps IT professionals, and the principles of service management favor a company as a whole, ensuring more efficiency and better performance. 

Moreover, structured approaches in IT service management (ISTM) have the purpose of aligning information technology with business goals and standardizing services, considering resources, budgets, and results. It also allows you to reduce risks and expenses and improve the consumer experience. Its benefits include:

  • The possibility of aligning IT teams with the company’s priorities, using metrics that calculate their success; 
  • It enables different departments to collaborate;
  • It unites information technology professionals to development teams through facilitated project management approaches;
  • It also makes it possible to qualify IT professionals to share information that guarantees constant improvements; 
  • It optimizes the coordination of requests, ensuring a more efficient service;
  • It directs the focus of customer services through self-service and optimized processes;
  • It allows one to respond to incidents quickly and prevent future inconvenience.

  • Key IT Service Management (ITSM) Processes

Recently, ITIL’s version 4 has stopped recommending ITSM “processes”, replacing them with ITSM “practices”. This term change explains that certain elements must be considered to achieve a holistic view of the work. Culture, technology, and information and data management are among them.

However, for us, what matters is not the change of terminology, but the use of the best resources by information technology teams to ensure the efficiency of services. The following recommended actions stand out: 

  • Service Request Management

Service request management must be repeated, after all, this is what makes it possible to deal with different requests, such as access to an application, hardware update, and software improvement. This workflow is capable of automating tasks and qualifying customers to accomplish them.

  • Knowledge Management

Knowledge management is the possibility of generating, using, sharing, and managing the knowledge and data of a given institution. It consists of a multidisciplinary approach that allows achieving the company’s goals through good use of knowledge.

  • IT Asset Management

This process aims to allow the assets of a company to be deployed, maintained, accounted for, updated, and discarded at the right time. In short, its function is to ensure the tracking and use of valuable items by a company, whether they are tangible or intangible.

  • Incident Management

Here, we refer to a process that has the function of responding to incidents, such as service interruption. Taking all software services used by companies today into account, there are many chances of failure. For this reason, this process is used in order to solve problems quickly.

When an incident occurs, IT teams need a solution that enables them to respond effectively so that recovery is agile. In this sense, it is necessary to communicate with all stakeholders, remove obstacles to solve the incident and improve the service to avoid further downtime in the future. 

Nevertheless, incident management aims to resume services quickly, without harming the core business. Therefore, it may depend on a temporary solution, trying to identify the source of the problem later on. 

  • Problem Management

In this case, the issue is to detect and manage the reasons for incidents in an IT service. That is, problem management is not limited to identifying and correcting incidents, but to understanding their reasons and eliminating them.

  • Change Management

Change management aims to review the IT system before the requested change takes place in the network of an institution, reducing downtime in the operation. In other words, this process has the function of ensuring these changes do not affect its performance. Additionally, network changes are intended to eliminate vulnerabilities, upgrade a component to optimize performance or replace an obsolete or defective component.

There are three types of changes in the IT system or service:

  • Standard changes, which consist of routine changes and obey a predefined process of risk assessment and pre-approval; 
  • Normal changes, which do not have predefined processes and must involve a risk assessment and an approved implementation plan before making the changes to the network and;
  • Emergency changes, which are necessary when unforeseen interruptions occur, which threaten the network.
  • Configuration Management

Configuration management aims to ensure consistency of performance, functional and physical attributes of a product with its requirements, aesthetics, and operational information.

Also known as IT automation, it allows the configuration of computer system resources, servers, and other assets to be efficient and reliable, most of the time, through a high level of automation. 

This is because automation makes it possible to rely on redundancies that contribute to avoiding problems caused by human failures and keeping assets in good condition. 

Configuration management applies to systems such as: 

  • Servers;
  • Databases and other storage systems;
  • Operating system;
  • Network;
  • Forms;
  • Programs.

The configuration of these systems is extremely important for the good performance of your company, since it is the configuration that guarantees its operation. Other advantages of management include:

  • Decreased number of security interruptions and breaches through the visibility and tracking of changes in your systems;
  • Cost reduction, as duplication of technology equipment is avoided;
  • Improved experience for IT teams and users, immediately identifying and correcting inappropriate configurations that may impair the performance of the equipment;
  • Control of processes through the enforcement of policies and procedures related to asset identification, auditing, and status monitoring;
  • Faster troubleshooting, better service quality, and lower software engineering costs;
  • Effective change management, which allows avoiding problems;
  • Agile recovery of service when there is downtime; and
  • Better release management and transparent status accounting. 
  • ITSM, ITIL, DevOps: Understand These Abbreviations

There are several structures used to guide the work of IT teams. For this reason, there are several abbreviations you need to know about the structures that most influence the work of these professionals. Here they are:

  • ITSM

IT Service Management (ITSM) refers to the delivery of IT services to consumers. This approach can be influenced by DevOps concepts and planned in order to align with ITIL practices.

  • ITIL

This is the most frequently accepted approach to ITSM. It focuses on practices adopted to align IT services with the demands of a business. It can contribute to companies adapting to changes and continuous scales. 

ITIL 4, its latest update, guides IT professionals to a holistic, commercial, and audience-valued benchmark, stimulating a more flexible approach based on teamwork. Its guiding principles recommend simplicity, collaboration, and feedback.

Often, this approach is misunderstood as a set of “rules” rather than guidelines that can be interpreted. 

  • DevOps

DevOps ensures IT services are delivered in a practical and agile manner, as well as improving collaboration between development professionals and IT operations so that software is created and tested securely. Its benefits include: trust, the ability to solve critical problems quickly, faster software releases, and better management of unplanned work. 

The DevOps concept is based on collaboration between teams that previously worked in isolation from each other. It is about working collaboratively. 

Generally, ITSM and DevOps are launched as opposing options. That is, it is not usually very clear what these tools offer and how they can work together.

However, if your team intends to work smarter and faster, without giving up the process and control, they need to use ITSM and DevOps resources. 

This is because ITSM can be used to promote agility and meet the different demands of companies. DevOps benefits the execution of tasks, promoting collaboration. 

  • What Is the Difference Between ITSM And ITIL?

Information Technology Infrastructure Library (ITIL) refers to best practices for IT service management (ITSM). Its latest version is ITIL 4, launched in 2019, which promotes collaboration as a way to provide agility and flexibility for organizations. ITIL 4 is based on six processes, namely:

  • Plan: strategic planning should consider three aspects: user demands, organization limitations, and future directions;
  • Engage: All stakeholders should have their demands understood. For this, user experience needs must be interpreted in order to meet their expectations with IT services;
  • Design and Transition: the design must also be prepared and take into account the needs of the user, in addition to the company’s strategies;
  • Obtain and Build: it is possible to create a new service internally or obtain it, this will depend on the technologies available to meet the user needs;
  • Delivery and Support: after creating the service and making it available to users, IT support must be offered to enable the effective use of the solution;
  • Improve: an efficient IT service management (ITSM) enables the continuous monitoring and improvement of the services offered.
  1. Services Related to ITSM

An example of an IT Service Management (ITSM) related service is when you access an online help center and have your questions answered by a chatbot. These virtual agents are programmed to respond to frequent user inquiries, such as:

  • How do I reset my password?
  • Why is my Internet signal fluctuating?

In addition to answering questions like these, IT Service Management (ITSM) allows one to:

  • Respond to requests based on machine learning;
  • Visualize data in order to prioritize resources and optimize performance;
  • Manage incidents and any problems;
  • Restore services in an agile manner, if necessary;
  • Manage assets.
  1. Agile Service Management

Agile Service Management is a set of values that contribute to making organizations more flexible. Therefore, Agile acts as a solution for the time-consuming development processes, which can delay the release of new features. 

The Agile Manifesto for Software Development, launched in 2001, presents the following values:

  • Individuals and interactions about processes and tools;
  • Software that works on complete documentation;
  • Customer collaboration on contract negotiation; and
  • Response to change rather than following a plan.

The concept of Agile has gained relevance in other areas, such as sales. This is because people started to apply its main values in all types of businesses, resulting in numerous versions of the Agile manifesto, such as Modern Agile.

In addition to the four values, an Agile Service Management has 12 principles. These are:

  • Meet the expectations of the public through the early and continuous delivery of valuable work;
  • Split complex operations into simpler tasks that can be completed quickly;
  • Understand that the best services are performed by self-organized teams;
  • Provide employees with the environment and resources they need and trust in their ability to execute the project;
  • Carry out processes that enable sustainable efforts;
  • Maintain a constant pace for the completion of a job;
  • Contemplate the change of requirements, even at the end of a job;
  • Daily meetings of the teams throughout the project;
  • Reflect on how to make the operation more effective by the team, followed by adjustments to achieve this goal;
  • Measure the evolution by the amount of work completed;
  • Constantly seek excellence; and
  • Leverage changes to gain competitive advantages.

The goal of the Agile Manifesto is to ensure quality by creating products that meet the demands of the public and meet their expectations. Its 12 principles have the function of ensuring a work focused on the user and able to adapt to the changes in their needs and demands of the market. 

Now that you know what Agile is, you may be wondering how it is translated into IT service management. In practice, for the IT department to act in an agile manner, it must follow the following guidelines:

  • Involve consumers in the design of services and processes;
  • When launching a new solution, launch a version for a small audience and the final version according to its feedback;
  • Search the processes for the user, removing unnecessary steps;
  • Authorize its IT team to go beyond standardized processes to achieve more efficient solutions.

Also, you need to keep in mind the Agile approach to software development is committed to designing a program with regular increments, offering new versions to users after brief periods of work, which are called sprints.

  1. Workforce Training: Understand this Approach

One can have more satisfied users by using innovative technology through workforce training. This concept assumes customers want to actively resolve their demands through their own devices and applications.

In this context, the role of the IT department is to provide everything the user needs to solve their problems and be satisfied.

In addition, the training of the workforce aims to engage employees, after all, this is what guarantees productivity, customer satisfaction, and good performance for the company.

However, in order to ensure the motivation of employees through workforce training, one needs to invest in technology, processes, and IT staff.

  1. ITSM Resources 

Some features cannot be overlooked when it comes to ITSM software and tools. Here is what you should consider:

  • User-friendliness

For all departments of a company to take advantage of ITSM features, the tools must be intuitive and easy to use. For this, it is recommended to adopt a self-service portal that provides the necessary information to users.

  • Collaboration

To achieve the desired effect, IT Service Management (ITSM) must stimulate collaboration between different sectors. Thus, services will gain efficiency and agility.

  • Flexibility

Over time, a company grows, develops, and changes. Therefore, changes should also occur with your IT Service Management (ITSM). For that reason, its tools and software must be planned to adapt to future realities.

  • Easy Setup and Activation

The first obstacle faced by those who need to adhere to software or tool is often a complex setup and activation mode. So, we also recommend the use of self-service portals, as well as efficient support.

This content has explained everything about IT Service Management (ITSM), its importance, functionality, and benefits. If you know someone also interested in the topic, please share our article.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Preventing threats in a digital world demands iterative development

ESET releases a slew of updates enhancing the preventive defenses of businesses

In early 2021, ESET released ESET PROTECT, a new generation of our remote management tool enabling IT admins to securely deploy and manage ESET security products. Now, in 2022, ESET’s line of business products is undergoing a wide-ranging refresh that will touch nearly all business customers.

The overarching goal behind the bevy of upgrades is to sharpen customers’ tools to prevent cybercriminals from playing havoc with their networks. Although it is not possible to prevent all attacks on a network, by reducing the attack surface along with the employment of preventive measures such as speedy patching, careful system configuration, fastidious monitoring, and periodic health checks, it is possible either to entirely remove the ability for some types of attacks to be attempted or to quickly detect the red flags that an attack has started so as to shut it down.

Among the host of changes, four are key in assisting IT admins to better manage the security risks in their environments: auto-updates, the ESET PROTECT dashboard for ESET LiveGuard Advanced, management of Brute-Force Attack Protection, and web control for Android devices.

1. Auto-updates for patch management
A new auto-update mechanism to keep ESET Endpoint Security and ESET Endpoint Antivirus for Windows always up-to-date is now in place. Starting from version 9, auto-update is enabled by default with the possibility for IT admins to turn off this feature entirely or only up to a specific version via the ESET PROTECT console.

The introduction of the auto-update mechanism aims to lighten the burden on IT admins’ shoulders of keeping security software up-to-date in a timely manner, especially when new protective features become available and bugs need to be fixed.  

2. An inside view into ESET LiveGuard Advanced
ESET PROTECT now offers a dashboard for ESET LiveGuard Advanced (formerly called ESET Dynamic Threat Defense). ESET LiveGuard Advanced is a cloud-based technology that analyzes suspicious files submitted by endpoints for new or previously unseen threats, especially new versions of ransomware. By running the submitted samples in the cloud, it is possible to use heavyweight machine learning models and robust detection algorithms that can rapidly analyze and score the samples as malicious, suspicious, or clean.

The ESET LiveGuard Advanced dashboard gives customers a broad view into the detections seen by the technology globally and more detailed statistics for their own networks:

Figure 1. ESET PROTECT dashboard for ESET LiveGuard Advanced

3. Brute-force attack protection for remote workers
To keep pace with the new Brute-Force Attack Protection in ESET endpoint security products for Windows, IT admins can now manage this module from the ESET PROTECT console. Introduced to better defend businesses in the remote work era, this detection layer blocks external IP addresses that exhibit the characteristics of an oncoming brute-force attack on remote desktop protocol (RDP) logins.

With the ubiquitous availability of RDP on Windows machines and the need to work remotely becoming an overnight need in 2020, many businesses turned on RDP to give employees access to company resources from home. In the hope of breaching organizations worldwide who may have failed to secure their use of RDP sufficiently, cybercriminals have been scanning the internet and attempting billions of brute-force attacks as seen in ESET telemetry alone.

4. Protecting Windows on Arm
With the expected growth of ARM64 hardware reaching employees’ hands, ESET Endpoint Security and ESET Endpoint Antivirus now offer ARM64 builds from version 9. Traditionally, ARM-powered processors dominated the mobile device market due to unique hardware characteristics that made them amenable to hand-sized form factors, fanless designs, and long battery life. Taking these ideas to laptop and 2-in-1 platforms has opened a whole new world of useful devices that extend the familiar experience we know so well from mobile devices along with the need to secure them.

Protecting more than just Windows
For Android users, a new web control feature that allows IT admins to regulate employees’ access to websites from their mobile devices is now available via ESET PROTECT Cloud. Using built-in categories and custom rules, admins can blacklist, whitelist, or warn about URLs that lead to sites with harmful content or that can negatively impact employee productivity.

For Mac users, ESET has released ESET Endpoint Antivirus version 7, which is a new generation of the product built with a microservices architecture that replaces the previous monolithic one. As a result, the product has better performance because it uses services only as needed and has an improved multithreaded design for faster scanning on multiprocessors; is more stable because failed components can automatically restart instead of causing the entire application to crash; has better security isolation because components can run with non-privileged user rights; and is compatible with Apple M1 devices via Rosetta 2.

Figure 2. ESET Endpoint Antivirus for macOS v.7 in dark mode

Currently, version 7 of this product can be managed via ESET PROTECT. The graphical user interface on the endpoint will become available for full management of the product in a future release.

Future plans
Finally, while ESET remains committed to protection for macOS devices, work remains to be accomplished in reengineering native builds for Apple M1 devices and in creating the additional protective modules that will integrate into the new microservices architecture to make up the full feature set of ESET Endpoint Security for macOS.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.