2022-08-15 - Version 2

runZero release notes v3.0.5

A bug that could cause offline self-hosted platform updates to fail has been resolved.
The timeout for Qualys connection tasks has been increased from 60 seconds to 5 minutes.
Fingerprint updates.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

2022 runZero

Worry-Free BYOD: How Portnox’s AgentP Balances Freedom & Security

It may sound cliché, but if there’s one point this decade has hammered home so far, it’s that the only constant is change. From the coronavirus pandemic to the Great Resignation, many of us are navigating new jobs and staffing changes, which means new BYOD (Bring Your Own Device) policies as work shifts from in the office to hybrid or even fully remote.

Freedom vs. Security

BYOD is a huge challenge for both IT departments and users. There is a fine line between keeping the network safe and secure, but not making the policies so restrictive that users won’t want to use their personal devices at all. While most people prefer to keep working on their company laptop, everyone has a smart phone they often use for e-mail and Teams/Slack/G-Suite. Most people understand that security is important, but it’s not realistic to tell them they can’t back up family photos to the cloud or risk having their entire device remotely wiped.

The beauty of remote work is the freedom it gives everyone to manage their day – a break between meetings may mean a load of laundry or a quick errand, secure in the knowledge that they can still be available if someone needs them. A BYOD policy that’s too strict removes this freedom altogether or worse, motivates users to try and find a way around it.

Crushing Candy, Not My Personal Data

Another big concern is the level of access to browsing history and application data your company has, especially if users must install an application for network access. Someone who likes to listen to true crime podcasts may google something like “is Visine poisonous?” and not want to worry about having their desk dusted for fingerprints the next day. Someone on level 9,949 of Candy Crush might not want to risk losing their app data. You get the point.

Freedom to Roam & Install (Almost) Anything with AgentP

Enter the beauty of Portnox NAC-as-a-Service with AgentP – the perfect solution to keep personal data safe and networks secure. AgentP allows for configuring important security policies like “phones that are not password protected don’t get to access the accounting servers” and “devices located in Russia don’t get to join the network at all.” If you’re running Android and you download apps wildly across the internet, you probably won’t be allowed on the corporate network either. And while they see location data via country, city, and zip code, no one is micro-managing your trip to Target to buy cat food before your furry friends stage a revolution (although sneaking off to Hawaii might be a problem.)

In fact, although your access can be blocked based on what applications you’ve downloaded, whether your phone is jail broken/rootkitted, where your phone is physically located, and/or what version of the OS you’re running, there is no way to force updates or application removals – you still retain total control and ownership of your device and everything on it.

How AgentP Strikes the Right Balance

Creating a balance between security and usability will always be challenging, but Portnox NAC-as-a-Service with AgentP is an excellent way to keep both the network and those family photos safe – a true win-win for everyone. And now on to level 9,950 of Candy Crush!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

An Origin Story: vsociety

The Power of the Collective

Welcome to vsociety – the open, independent, and user-centered community with features built specifically to make vulnerability research shareable and actionable at scale. If you’re reading this, it means you’ve discovered the community and we’re pumped to have you here. Whether you’re looking to share original research, participate in security-centric discussion, or watch from the shadows to sharpen your toolkit, a community can’t thrive without its people.

You are our people. And we want you to thrive.

vsociety was born from countless conversations with security researchers who expressed a need for a vendor-agnostic community space where they could work together to solve problems. vsociety is vendor-created, but community-led. It’s for you that we built this community and we now humbly turn it over to you, the community, to help grow, nurture, and protect the open and independent nature of vsociety.

We aim to harness the power of the collective for the greater good, starting with the three pillars close to the heart of vsociety:

Education. Share original research, learn new techniques, ask questions, or read about newly discovered exploits. vsociety aims to provide knowledge at your fingertips, in a consumable fashion that makes sense for industry veterans and newbies looking to break in, alike.
Collaboration. Research is only valuable when it’s shared, vetted, and utilized. Post original research or share your thoughts on what others have contributed. Solve problems with other security pros in the community or solicit their feedback on your projects. We’re all better when we work together.
Democratization. Security should not belong exclusively to the large and the elite. Enterprises big and small deserve access to the most accurate and timely information for securing their networks. A company’s pocketbook should never dictate how secure they can be, and vsociety aims to enable that.

Security Needs a Community

A recent study from the Ponemon Institute cited 60% of breach victims admitting the initial attack could’ve been prevented by patching known vulnerabilities. Likewise, the number of new vulnerabilities published last year was more than double from the same timeframe five years prior. Technology is improving, but progress is stalling. What gives?

Bad actors and the ethically-challenged have long collaborated with one another on various corners of the web, and we think the security community is overdue for a space of their own. A good community – if it does its job well – can connect the like-minded and even reconnect the most ethically disconnected individuals. But it’s essential for everyone – from individual practitioners, to companies, to industries, to government agencies – to do their part to improve cybersecurity. Whether it’s investing in better security tools, sharing lessons-learned with peers, or being more careful about what information you share – we each have our roles.

Our role is in building a community that security researchers, and those interested in their research, may turn to for education, collaboration, and timely info-sharing to better protect the digital world and begin turning the tide on those statistics above.

As security professionals, we are constantly striving to stay ahead of the latest threats, needing to quickly identify, respond to, and prevent attacks – while doing our best to understand their origin and etiology. It’s a never-ending race, but one that is essential to the safety of our digital world. And in today’s security landscape, community plays a pivotal role in driving research toward “good faith” info-sharing that enhances vulnerability and threat hunting for all.

You’re no longer alone. Your community is here.

The launch of vsociety continues our commitment to giving back to the security community and opening up critical information for security practitioners around the world.

Welcome to vsociety. We hope you’ll stay a while.

#themakingof #vsociety #community

Have questions? Check out the FAQ or comment here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.