Skip to content

Windows Enumeration

You have gotten a shell but you are not yet a privileged user, and now you want to enumerate the system to try and find a way to escalate those privileges so that you can become a system level user.

System Enumeration

With a quick findstring – findstr, and a couple of other commands we can issue a command like this:

You can easily see what system and version you run, architecture, etc. Remember! You want to find adequate exploits for the system in question, you might run into an x86 architecture, or a Windows Enterprise system, so you don’t want to bombard it with random exploits. That’s why enumeration is key – so you can extract information that you can use. As we all know there are five stages to the process – but enumeration is usually the vital part! Enumerate, enumerate, enumerate!!

To check for patches and other stuff that’s installed on the target Windows computer, you might use a command like this:

wmic qfe

Wmic is the Windows Management Instrumentation (WMI – sysadmins/engineers and our support guys knows what this is about) and the WMIC is a command-line interface for the WMI.

QFE in the command above will look for recently installed patches. Very useful when trying to discover what type of exploit the computer will be vulnerable to. QFE stands for Quick Fix Engineering. After running the command on my system, you can observe the following:

As you can notice, you will see the related KB – knowledge base, type of update (security, etc.), who installed it, the HotFix ID, as well as the date it was installed on. Further, if you only want specific stuff, like the Caption, HotFixD and Installed on, you can run something like this:

wmic qfe get Caption,HotFixID,InstalledOn

To enumerate drives, you can issue a command like this:

wmic logicaldisk

This will give a messy output, though, so you can use the same methodology as the above and for example say get Caption:

wmic logicaldisk get Caption

And quickly check if there are any drives other than the C: drive on the computer. (In my case there’s not, but if there are, this command will find them, and you might want to look around those drives in search for something interesting…)

Of course, you can also use the good ol’ hostname and whoami to check the name of the computer you’re currently within, and to check the domain/username of that same computer, respectively.

Network Enumeration

I will just do a few of the commands here, just so you can get a basic idea of what you might end up doing upon entering the system. You would probably start with the basic ipconfig command or the ipconfig /all command to see the information about stuff like the default gateway, DNS server, etc. If you’re on a domain, you might see a DC as a DNS server.

Another one is arp -a which can tell you about the stuff that’s communicating with your box. A quick look at the route tables, with a route print you can also see where your machine is communicating too. This is cool as it will show you the NICs on the machine, telling you if you need to elevate or if you can just pivot of that other NIC.

A very important command here to do is netstat! You want to do the netstat -ano and check what services are listening and where. You can gather a lot of information here, and in conjunction with the commands above with all this stuff you might also glean a bit on the architecture of the said network/systems. Of course, the mileage may vary. If you’re a seasoned pro, even though you might be using the same commands, you would immediately understand what’s happening, but regardless, it is a place to start no matter the experience.

User Enumeration

Here you can do something like:

whoami /priv

To check for the privileges you have.

whoami /groups

To see which groups you belong to.

Further, you would want to do a net user command to see what user you are… remember, if you just gained a foothold on a box, you might not necessarily be a user, you could also land on a service. In that case, you will probably want to find more users so you can escalate to them, or just immediately escalate to an administrator user.

You can also do net user <username> or net user administrator – to see what groups they belong to. To see the administrator group members you would do net localgroup administrators.

These are some basic quick and dirty commands to check stuff about your users, groups, and their privileges.

 

Remarks

All of the above can be done, and probably will if you’re doing this professionally, with tools that can automate the process. But, in order to better understand those tools and what they’re doing in the background, I created this short intro, cause ultimately it will be some variation or a more complex version of the stuff above with some more stuff tacked onto it.

Lastly, those tools just might not work, or something else along those lines. Be aware of those caveats, as for example, WinPEAS is a very, very, good tool but it requires a version of .NET that’s greater than 4 which will obviously be useless if your Windows box that you got a hold of doesn’t have and you are a user that can’t install it, or you don’t want to set off the alarms.

The main idea here is to understand the context, which is also why all the pentesting tutorials and other resources almost exclusively emphasize the importance of having rock solid understanding of the basics.

Tooling

Some of the tools you might end up using:

You might want to try these in your lab environment to familiarize yourself first. There’s also probably way more of these tools out there, but these are some of the ‘main’ ones, as they’re tried and tested.

Conclusion

Before concluding, I’d just like to emphasize again how important it is to know the context you’re in. Also, sometimes less truly is more and even though the tooling can be a tremendous time-saver, you first need to understand its nuts and bolts, otherwise you’re basically doing what script kiddies do. Take your time, and it will pay off.

Finally, enumerate, enumerate, enumerate!

Stay tuned.

Cover image by Omar Flores

#windows #enumeration

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Introducing SCADAfence’s “Tailored Threat Intelligence”

A SCADAfence New Feature report

“Could we be next?”  

One of the biggest challenges for an industrial OT/ICS security professional is figuring out if their organization is vulnerable to the latest announced strain of ransomware.  Reports of new OT security breaches and ransomware attacks being released every day it can be hard to know which ones are a concern to your organization, and which ones you can safely ignore.  While it’s important to remain prepared, it’s equally important not to create a false sense of urgency. What you need to remember is that although attacks are commonplace, they are often very specific. Not every threat pertains to every OT network setup. Malicious actors carry out attacks by targeting known vulnerabilities on specific devices. If your facility doesn’t use that device, you are less vulnerable to that attack. But with so many attacks happening daily, keeping track of which ones are a threat to your organization is a challenge.

Introducing “Tailored Threat Intelligence”

The SCADAfence platform now allows you to receive a feed of the latest industry news and intelligence customized specifically to your OT network containing only information relevant to your organization. Every time a new attack report is released, it is analyzed and curated by the SCADAfence Research Team. The information, including signatures and attack insights is added to the industry event database along with detailed explanations and recommendations on minimizing each risk. Then a custom news feed is delivered to each client, with only information that is relevant to you and your organization. The context delivered by SCADAfence’s Tailored Threat Intelligence provides valuable knowledge about each event, such as the types of assets being attacked, from which vendors, and the protocols being used. For each alert, SCADAfence Platform can determine the level of relevancy per customer based on the customer’s site details, asset inventory and network traffic. As a result, the SCADAfence Tailored Threat Intelligence provides users with a well-organized list of relevant industry news, each prioritized by a relevancy score, and actionable recommendations on what can be done to reduce the risk from the event. Tailored Threat Intelligence

Your fully customized and prioritized SCADAfence Threat Intelligence Feed.

SCADAfence’s automated threat updates and prioritization are a breakthrough for increasing your efficiency of the response to industrial cyber security events. It improves your ability to know which industry events are relevant, reduce risk and respond effectively without wasting valuable resources.

Summary of Benefits of Tailored Threat Intelligence

  • Industry-specific security events are analyzed by SCADAfence’s Research Team, and tailored to your needs.  Save time by not having to wade through irrelevant information.
  • You’ll understand the relevancy to your organization of each reported cyber attack
  • Helps your organization avoid a false sense of urgency from ransomware attacks not relevant to your organization’s deployed devices.
  • Provides a custom relevancy score for each event
  • Dramatically reduces the need for manual review of each new reported threat.
  • Feed is constantly updated through the SCADAfence cloud

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Scanning your external attack surface with runZero

While runZero is mostly used for asset inventory behind the firewall, you can also use its scanner to discover your external attack surface.

External scans are beneficial for a number of use cases, such as:

  • Getting visibility into external hosts and exposed services
  • Assessing infrastructure of corporate acquisition targets
  • Performing vendor security screening
  • Reconnaissance for penetration testing

Differences between runZero and EASMs

New users sometimes wonder about the differences between runZero and solutions for external attack surface management (EASM), such as Censys and ShodanHQ. Many of these solutions scan the whole world so you can query their host database. However, network owners can ask to exclude their IP ranges for all users (i.e., not all hosts show up in your search). Some vendors will have tools or services that discover all of your externally-facing assets.

By contrast, runZero:

  • Is primarily an internal asset inventory and network discovery tool, but also has the ability to discover public-facing hosts.
  • Collects data through a combination of active scanning and integrations.
  • Takes inputs in the form of ASNs, domains, IPs, and FQDNs (as well as public IPs discovered in internal scans).
  • Can integrate with Shodan & Censys to identify hosts and augment data.
  • Augments scans with other sources through integrations (e.g., cloud hosting providers, vulnerability scanners, and EDR platforms).
  • Offers a much richer data set per asset.

How to scan your public-facing hosts

If you don’t have access to runZero Enterprise Edition, you can sign up for a free 21-day trial to follow this walkthrough. The free Starter Edition doesn’t contain some of the features described in this blog post.

Step 1: Determining domains and ASNs to scan

The easiest way to get started with external scans is through:

  • Domains – There are several options for finding the domains associated with your organization. Best to check with the person who’s managing your domain registrations and renewals. Doing a reverse WhoIs lookup hasn’t been a good option for a couple of years now, but if you lack alternatives, use Whoxy to find all domains registered to the same company.
  • ASNs – If you don’t know the ASN for your company, you can use a lookup service, such as ASNLookup to identify the ASNs for your organization.

For this example, let’s scan the external attack surface of a real organization and its properties, but blur any identifying data to ensure that the organization doesn’t become a target as a result of this post.

ASN lookup

Step 2: Adding Censys or Shodan integrations

You can also discover your external hosts via Shodan or Censys integration. The integration can pull in additional machines that may not be in your ASN or domain scope. To use the integration, go to Inventory > Assets in your navigation menu and select Censys search or Shodan search from the Connect dropdown menu. You’ll have to set up credentials with an API key to build the query.

Censys Search configuration

In the Censys configuration, we query acme.org in our search. This will also find any hosts that use the string acme.org in the common name of a TLS certificate. You can run this import either once or on a schedule.

Alternatively, you can set the Censys search mode to All external assets, which will not discover new assets, but enrich the assets already captured in runZero with Censys data. However, for this use case, we’ll go with the former setting.

The import will pull any information about the matching hosts, including services and attributes, into your inventory. You should now see some assets with limited data being populated in your runZero inventory. You can view the details for one of the imported hosts and see the following information:

Censys attributes

Step 4: Starting an external scan using hosted zones

In runZero, set up a new organization or project, then go to the inventory, click the Scan button and select Standard scan.

From the scan configuration page:

  • Choose US – New York as the Hosted zone (this is a runZero-hosted Explorer in the cloud).
  • Increase the scan rate from 1,000 to 5,000 (to accelerate the scan).
  • In the Discovery scope, enter the following data:
    • public:all: This will scan all the public IPs that were pulled in via Shodan or Censys in the previous step. If you are scanning your internal network with runZero, this will also add all public IPs discovered by any other means into the scope.
    • asn4:12345: Enter all ASNs in this format to target all IP addresses registered to this ASN. Note the digit 4 after ASN in the notation.
    • domain:acme.org: Add all domains that you are targeting. runZero will add all subdomains connected to these domains.
Scan configuration

Click Initialize scan. runZero now looks up both the IPs registered under the ASNs as well as all subdomains associated with the domains you are looking to scan and displays a sample for confirmation. Confirm your scan settings.

Scan configuration confirmation

Once the scan task has completed, go view your populated inventory.

View your populated inventory

runZero hosted zones are deployed with Digital Ocean. If you prefer to host your own Explorer, we recommend Digital Ocean because AWS, Azure, and GCP all rate-limit or filter outbound scan traffic in a way that impacts the quality of scan results. The runZero hosted zones performed much better than running a scan from an ISP as well, regardless of whether a VPN was used or not.

Step 5: Digging into your inventory

Looking at this data set, there are quite a few hosts with EOL operating systems. You can use the following query to find these:

os_eol:<now

Some operating system vendors will enable you to purchase extended support services. To only view systems that are outside the extended support period, use the following query:

os_eol_extended:<now

Assets can often leak secondary IP addresses, often within the RFC 1918 range. These machines are potential pivot points into private network spaces. To find those quickly, use the query:

has_private:t

Best practices are to have as few services on a single host as possible, especially when they are public-facing, to avoid the risk of one vulnerable service compromising another one. Sorting the column with the number of services per host reveals one host with eight services. After opening the Asset Details page, we can see these in the Services section.

Services list

Each one of these services has an extensive list of attributes that provide more information.

Step 6: Finding problematic SSH services

Looking at the SSH service on port 22, we see that it supports the authentication method of both password and public key. Allowing a simple password authentication may indicate elevated risk to your infrastructure.

SSH service

Clicking on the magnifying glass with the + sign next to the attribute name reveals that there are a total of 24 hosts that allow this kind of authentication.

Auth method results

Clicking on the attribute value or the count will display a list of hosts that match the query.

Back on the Asset Details page, clicking the magnifying glass next to the banner shows an overview of all the different SSH versions deployed in the infrastructure.

SSH versions

This works for all of the banner versions for other protocols as well. For example, you can very quickly and easily get a list of all of the Microsoft SQL Servers deployed in the environment, sorted by version number.

Going back to the Asset Details page, clicking the magnifying glass next to ssh.hostKey.md5 displays the frequency report for this attribute. It shows that several machines share the same SSH private key. This presents a security risk because if one of the hosts is compromised, it would also compromise other hosts sharing the same SSH private key. This typically happens when virtual machines are cloned without regenerating the SSH keys.

SSH host keys

Step 7: Identifying databases exposed to the Internet

Generally, databases should be accessible only to the applications that require access. They should never be accessible on a public IP. The same host exposes MariaDB version 10.5.15 on port 3306, which has several associated security vulnerabilities.

Identify databases exposed to the Internet
Is runZero a vuln scanner?

runZero is an asset inventory and network discovery solution, not a vulnerability scanner, but its findings can sometimes point to security vulnerabilities.

Step 8: Looking at exposed services

Let’s move on to the Services Inventory now. A great way to find unusual services exposed on an external IP is to sort the ports by high numbers first.

Services Inventory

In this environment, we’re seeing a Prometheus Node Exporter metrics server on port 9100, three IRC services, a mySQL/MariaDB service, NFS on port 2049, and RSYNC on three different machines. These may all provide options to an attacker. For example, insecurely configured Rsync servers are found during network penetration tests about a third of the time.

Step 9: Browsing web service screenshots

The Screenshots Inventory lists all screenshots taken from Web services. runZero uses the Google Chrome browser to render and screenshot any web pages. If you are using the cloud-hosted explorer as described above, you’re all set. If you are hosting your own explorer, please ensure that you have Chrome installed on the same machine to enable this feature.

Screenshots Inventory

Browsing through the screenshots is a great, visual way to inspect exposed websites. In our example, we’re seeing Jitsi Meet and GitLab sites, which may be OK to host externally as long as they’re updated and use strong authentication.

Step 10: Looking at software inventory

runZero can also infer installed software if it can be deduced either from a network scan or an integration. runZero’s Software Inventory provides a great way to get insight into software installed on hosts that are reachable over the Internet.

Software Inventory

A view that may be even better in understanding your product exposure is the Most seen products report on the dashboard. To access the report, go to the Dashboard and look for the Most seen products card. After you find it, click View more.

Most Products Seen

The results for least seen products are actually more interesting than the most seen ones because these show the long tail of the software inventory. If a piece of software is only installed once in your environment, it is less likely to be well configured and patched.

Step 11: Create a report for your external assets

Now that you have discovered and analyzed all of your externally-facing assets, you can also generate a report for others to review. Go to Reports, find the External Assets Report, and launch it.

External Assets Report configuration

From the External Assets Report configuration screen, you can choose what you’d like to include in the results. Additionally, if you need to view it regularly, you can set up a schedule and email it to yourself (and any other runZero user who wants a copy). Initialize the report when you’ve finished configuring the settings. The generated report will display and show you the results. You can save the report as a PDF to easily share with others.

External Assets Report

Step 12: Get alerted on changes to your external asset inventory

If you work in enterprise security, you probably want to know about any changes to your external asset inventory. In this case, you should set up a Censys or Shodan import and run the hosted scan on a schedule. Then, you can set up alerts to trigger post-scan, so you know everything that has changed in your environment.

In this example we’ll use email as the method of communication. To set up an alert, go to Alerts > Channels and click Create channel. Pick a name for your channel, select Email as Channel type and enter the email address you want to notify. Then click Save channel.

New channel

Go Alerts > Rules, and click Create rule. Select new-assets-found and click Configure rule.

Rule event

When the New rule configuration page appears, enter the following:

  • Name:
    • A name for your rule.
  • Conditions:
    • Enter 0 to the right of is greater than. This will trigger the rule if there are any changes to assets.
    • In Limit to organization, select an organization if you have several in your account. You may choose a different organization (or site) for your external point of view rather than your internal assets.
  • Action:
    • Choose the notification channel you just created.
New rule

You’ll now be notified after each import or scan if the assets have changed.

Use runZero for your internal asset inventory

runZero is primarily made for discovering your internal asset inventory. As you can see, it can also be useful for understanding your externally-facing assets.

As a next step, you should set up another organization and to scan your internal network to get a better understanding of your asset inventory. You can sign up for the free 21-day trial of runZero Enterprise Edition (no credit card required). If you are a private user or work for a company with less than 256 assets, you can use runZero Starter Edition for free.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

CISA Urges Organizations to Prepare For Future Quantum Threats

As the world anticipates quantum computing, many believe it has potential benefits for every industry. Equally excited and awaiting its rollout is the hacker community who could use these powerful quantum computers to compromise the digital systems we use daily including online banking and email software

The US Cybersecurity and Infrastructure Security Agency (CISA) has already warned that organizations need to take action to protect network infrastructure for the transition to post-quantum cryptography.

Many governments believe that quantum computers can be used to break public-key encryption methods that countless networks use today. A fully-functioning and stable high-qubit quantum machine could potentially wreak havoc across the internet. It will lead to the vulnerability of secure networks and loss of public confidence in major institutions and businesses

The good news is that these governments are developing post-quantum encryption schemes. For instance, the US National Institute of Standards and Technology (NIST) has been running multi-year effort since 2016 calling upon cryptographers around the world to devise quantum-resistant encryption methods. It aims to standardize one or more quantum-resistant cryptographic schemes to foster a transition to seamless security for the general public.

What is Quantum Computing?

Quantum Computing focuses on the development of computer-based technology hinged on the principles of a quantum theory. Experts believe the present experimental quantum computers can render the conventional system obsolete. Its benefits include advanced research, higher-level simulation, and accelerated growth of artificial intelligence models.

Is Quantum Computing a Risk?

Despite these promising benefits, there are concerns about some negative implications which include ethical and security risks for businesses, quantum attacks from hostile nation-states, and exacerbating current issues like data harvesting.

CISA’s Stance on Quantum Threats

CISA asserts that critical infrastructure is more at risk largely due to the public-key cryptography that U.S. networks rely on to secure sensitive data.

CISA provides insight to all critical infrastructure owners to have a successful transition in their Post-Quantum Cryptography Roadmap. The roadmap stipulates the following measures:

  • Taking actionable steps like inventory assessments of current cryptography technologies.
  • Developing acquisition policies for post-quantum cryptography.
  • Training staff about the upcoming transition from conventional to quantum computers is necessary.
  • Increasing engagement with standards developments relating to necessary algorithms and dependent protocol changes.
  • Managing inventory assessments and the security of critical datasets for an extended time.
  • Organizations must identify systems where public key cryptography is used and mark these systems as quantum vulnerable.

Preparing Organizations for the Quantum Threat to Cryptography

Many believe the time to worry about quantum computers threats is in a decade — but it’s sooner than we think. The process of adopting new standards usually takes years so it is crucial to begin planning for quantum-resistant cryptography now.

Organizations need to make arrangements and budget for a transition plan. This should include upgrading IT systems and deploying standardized quantum-resistant cryptography. They also need to be aware of how vendors plan to upgrade software and hardware. The preparation process should include software upgrades, and system patch delivery to systems using cryptography. They should also ensure the security of these upgrades and authenticate the source.

Moreover, organizations need to take advantage of agencies promoting awareness of quantum computers’ impact on cryptography. These agencies also provide steps to prepare for the transition to quantum-resistant cryptography when it comes.

The agencies partner with others to evaluate the next generation of quantum-resistant cryptography. The aim is to replace current cryptographic applications.

The Challenges With the Quantum Resistance Ahead

New technologies come with new opportunities and new risks — and quantum computers are no exception.

Building a large-scale quantum computer already has several challenges – fabrication, verification, and architecture. The technology derives its power from the ability to store a complex state in a single bit. Unfortunately, this also rather complicates the process of building, designing, and verifying. The verification issue is a cause of concern since it affects communication mechanisms, control circuitry for quantum operations, and more. Moreover, there’s no telling if it impacts the security of data within the technology itself.

Code breaking is another area of focus. An easy way to break codes in conventional computers is to try all possible keys. However, it is a much longer and difficult process. Quantum computing uses Grover’s algorithm to speed up this process. Another method called Shor’s algorithm is capable of breaking or weakening cryptographic algorithms within hours.

The potential for harm from quantum threats here becomes huge. Once encryption methods get broken, trust in data transmission becomes low. Cybercriminals will find it easy to create bogus certificates that call for the validity of a digital identity.

The technology’s effect would render communications as insecure as if encoding didn’t even exist. While there are a lot of worries about quantum computing, these fears remain hypothetical. Today’s quantum computing cannot break any commonly used encryption methods. However, concern for the vital security of our global network infrastructure and data drives the immense effort to counter a potential future of quantum threats.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×