Skip to content

runZero 3.9: Set measurable goals, find urgent issues, and preview of Attack Surface Management!

What’s new with runZero 3.9? 

Goals!

runZero Professional and Enterprise customers can now use Goals to set time-bound and query driven targets that are customizable to what matters most to your team. Huge thanks to all of the folks who provided feedback on this feature during the public preview phase.

Goals can be created based on any queryable attribute within runZero. This includes standard fields like operating system versions, end-of-life status, exposed services and protocols, as well as new fields like asset risk, criticality, and ownership. If you can query for it in runZero, it can now be a Goal!

Common goals include:

  • Managing expiring TLS certificates
  • Tracking end-of-life devices and operating systems
  • Remediating Critical Risk on assets within a set timeframe
  • Keeping open management services off of your public facing assets

Attack Surface Management preview

Attack Surface Management (ASM) is the process of discovering, classifying, and assessing the risks across different surfaces of your IT infrastructure. Although runZero supports ASM efforts through external scanning, internal RFC 1918 discovery, and integrations, the platform did not offer a unified workflow or dashboard until now.

The preview version of ASM provides a simple path to define different attack surfaces throughout your organization, providing an overview of risk and coverage along with several custom goals to monitor and communicate your progress. This feature will be in preview until August and will launch publicly as part of runZero 4.0.

If you are a runZero Enterprise customer and are interested in reviewing this feature and providing feedback, please reach out to your CSE or or runZero Support. Participants will be asked to complete a short feedback form after reviewing the feature. You can find additional information about our preview program in the Preview Program FAQ.

Rapid Responses

The runZero research team has shared three new Rapid Response posts since 3.8. These posts cover critical, actively exploited vulnerabilities:

Protocol improvements

runZero now supports the InterMapper and Room Alert protocols, as well as legacy protocols such as time, daytime, chargen, and quote of the day.

runZero’s printer support has been improved, enabling protocol detection on ports normally associated with direct print services. This change allows for more accurate detection of Elastic Search, Neo4J, and LogStash services.

In addition to the changes above, runZero now consistently normalizes the AirPlay protocol fields and gathers even more details using the DNS protocol.

Fingerprint improvements

New fingerprints were added for products by Allen-Bradley, Alma, Amazon, Apple, Avaya, Avigilon, Avocent, Axess TMC, Bodot, Bond, Canon, Canonical, Cisco, ComNet, Dell, Digital Loggers, Eaton, Epson, F5, Fedora, FreeBSD, Fortinet, Google, Hanwha Techwin, Honeywell, HP, HPE, IBM, Johnson Controls, Konica Minolta, LG, Lidarr.Audio, LinkTap, Microsoft, MikroTik, Moxa, NetBSD, Oracle, Panasonic, Philips, Pioneer, Poly, Progress Software, Proxim Wireless, Proxmox, Radwin, Red Hat, RetailNext, Riverbed, Rocky, Samsung, Schneider Electric, Scientific, ScreenBeam, Siemens, Sierra Wireless, SMC Networks, Sony, Standard Networks, SUSE, Tait Communications, Traficon, Tulip, VivoTek, Western Digital, Vasion, Xiaomi, ZeeVee, and ZKTeco.

See runZero 3.9 in action

Release notes

The runZero 3.9 release includes a rollup of all the 3.8.x updates, which includes all of the following features, improvements, and updates.

New features

  • runZero goals are now generally available. With runZero goals, users are able to create and monitor progress toward achieving security initiatives.
  • Improved the goal progress chart display to work in various browser sizes.
  • Goals now shows a pending calculation banner when goal metrics have not been calculated yet.
  • Added source_count and custom_integration_count as searchable fields.
  • Saved queries can now be created for tasks.
  • The search keyword recur_last_task_status is now supported on the task pages.
  • Improved the display of dashboard charts so that no partial rows, other than the last row, are visible to the user regardless of the number of charts displayed.
  • Improved fingerprinting of Fortinet device firmware.
  • Optimized database utilization and improved performance.

Product improvements

  • Non-runZero asset sources can now be removed from assets via the asset details or asset inventory pages.
  • Equivalent emails are now accepted for email updates.
  • Dashboard cards for Asset Source and Custom Integrations should now correctly show only the top 10 counts for each, with a View more link added.
  • A warning is now displayed if a Query is not attached to a Goal.
  • Users with Viewer permission can now see and use the Sites page.
  • Improved reliability of scans so they should stall less frequently.
  • The activation email should display properly in a broader range of email clients.
  • Improved operating system fingerprinting via SNMP Installed Software listing.
  • The status indicator in the explorer datagrid now has text describing the status.
  • External Asset Report Include screenshots toggle now requires that Include asset details is checked.
  • External Asset Report now hides the Top certificate authorities section if Include TLS certificate details is not checked.
  • Outlier calculations have been adjusted for performance and now include the TLS stack.
  • Event rules that result in asset modifications now complete faster.
  • The Npcap driver has been updated to version 1.75.
  • Improved device type identification of Windows Server assets.

Integration improvements

  • Improved SentinelOne matching to improve asset merging.
  • AWS credential validation now always shows the results for each service.

New vulnerability queries

  • Hardware: End-of-Life Cisco Small Business Switches
  • Policy: Sun Solaris sadmind RPC service
  • Policy: HashiCorp Consul (unauthenticated)
  • Policy: Cisco Smart Install service
  • Policy: CNCF etcd v2 (unauthenticated)
  • Unpatched: Click Modular Router shell (unauthenticated)
  • Unpatched: HID VertX/Edge controllers vulnerable to command_blink_on command execution

Bug fixes

  • A bug causing Cisco 8xx Industrial Routers as well as Catalyst 94xx/95xx switches to be incorrectly merged has been fixed.
  • A bug where the autocomplete drop down would not always appear on top of other elements has been resolved.
  • A bug where integration sources in dashboard views are displayed as IDs instead of names has been resolved.
  • A bug where data grid search text would propagate to other data grids has been resolved.
  • A bug causing some text inputs to display an autocomplete user experience when it was not intended was resolved.
  • A bug that could allow merging AWS, Azure, and GCP assets has been resolved.
  • A bug which omitted some SNMPv3 scan attributes has been resolved.
  • A bug which caused some project creations to return a 404 error page has been resolved.
  • A bug causing incorrect HTTP response codes for the /org/metrics/{site_id} API endpoint has been resolved.
  • A bug which cleared the organizations table screen when sorted has been resolved.
  • A bug preventing vulnerabilities from sorting correctly on CVSS columns has been resolved.
  • A bug where scan tasks on hosted zones couldn’t be stopped has been resolved.
  • A bug preventing vulnerabilities from sorting correctly on CVSS columns has been resolved.
  • A bug that could result in excessive memory usage has been resolved.
  • A bug that resulted in certain models of Cisco routers being incorrectly merged has been resolved.
  • A bug in which AWS probes fail when run outside of an AWS EC2 environment has been resolved.
  • A bug which prevented IPv6 UDP SYN scans from working on FreeBSD and OpenBSD systems has been addressed.
  • A bug where autocomplete suggestions would not update consistently has been resolved.
  • A bug causing the “download task button” to show for tasks without a log has been resolved.
  • A bug that could cause the SNMP probe to panic in rare scenarios has been resolved.
  • A bug that could cause the SNMP probe to stall scans in rare scenarios has been resolved.
  • A bug that caused scans to take longer than expected or stall in rare scenarios has been resolved.
  • A bug that could prevent the organization dropdown from being clickable has been resolved.
  • A bug that could prevent the rpcbind probe from completing successfully was resolved.
  • A bug with copying some connector tasks has been resolved.
  • A bug causing some connectors to be labeled as scans has been resolved.
  • A bug causing the API /org/hosted-zones endpoint to return an empty list of hosted zones has been resolved.
  • A bug that could result in an invalid asset ownership assignment has been resolved.
  • A bug that could prevent a RUMBLE_CONSOLE override from working in the Explorer configuration has been resolved.
  • A bug that prevented sites with more than 1000 subnets from being saved has been resolved.
  • A bug that could result in odd dashboard chart behavior has been resolved.
  • A bug that required self-hosted users to configure SMTP before setting up their initial account has been resolved.
  • A bug that caused some scan task errors to be displayed twice has been resolved.
  • A bug that could prevent bogus services from certain firewalls from being completely filtered has been resolved.
  • A bug where Asset queries for exact strings was performing a fuzzy search has been fixed.
  • A bug that could cause malformed auto-populated LDAP thumbprints for LDAP credentials has been resolved.
  • A bug that prevented credential validation errors from displaying after verification in the console has been resolved.
  • A bug where searching via clicking on a tag would not return the correct results has been resolved.
  • A bug where multiple subtasks were incorrectly created for the same parent task has been resolved.
  • A bug where filters were not retained when importing a Nessus scan configuration has been resolved.
  • A bug that prevented copying of some connector tasks has been resolved.
  • A bug with linking to the update page on some connector tasks has been resolved.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Finding Fortinet SSL-VPN

Fortinet warned customers this week of potential limited exploitation in the wild regarding a flaw affecting the SSL-VPN software component. This critical vulnerability (tracked as CVE-2023-27997) can be remotely exploited without authentication and can yield remote code or command execution to an attacker. Discovered by researchers Charles Fol and Dany Bach at LEXFO, disclosure-and-fix of this vulnerability coincided with an internal SSL-VPN audit-and-fix effort at Fortinet which covered this and five additional vulnerabilities.

What is Fortinet SSL-VPN?

Fortinet SSL-VPN is a VPN capability offered in some Fortinet products, including FortiGate firewall devices. This service provides secured network communications between a remote client and protected devices on an internal network. Several modes of operation are supported, including “tunnel mode” (which requires use of the FortiClient VPN client) and “web mode” (which does not require client-side VPN software).

What is the impact?

Of the six disclosed vulnerabilities, CVE-2023-27997 is considered the most severe with a “critical” CVSS score of 9.2. This pre-authentication vulnerability is rooted in a heap-based buffer overflow, seemingly similar to CVE-2022-42475 which was disclosed earlier this year as also affecting SSL-VPN (and did have reported exploitation in the wild). Attackers can exploit this vulnerability via a specially crafted request.

The complete list of recently disclosed-and-fixed Fortinet SSL-VPN vulnerabilities is as follows:

  • CVE-2023-27997 (9.2, “critical) – pre-auth heap buffer overflow in SSL-VPN, exploitation could yield code/command execution
  • CVE-2023-29180 (7.3, “high”) – null pointer dereference in SSLVPNd, exploitation could cause a denial-of-service condition by crashing SSLVPNd
  • CVE-2023-22640 (7.1, “high”) – out-of-bounds write in SSLVPNd, exploitation could yield code/command execution
  • CVE-2023-29181 (8.3, “high”) – format string bug in Fclicense daemon, exploitation could yield code/command execution
  • CVE-2023-29179 (6.4, “medium”) – null pointer dereference in the SSLVPNd proxy endpoint, exploitation could cause a denial-of-service condition by crashing SSLVPNd
  • CVE-2023-22641 (4.1, “medium”) – open redirect in SSLVPNd, exploitation could allow an attacker to redirect a user’s browser to a malicious URL

Are updates available?

Fortinet published new firmware versions a few days ahead of this disclosure. A variety of FortiOS, FortiOS-6K7K, and FortiProxy versions have been patched to fix the recently disclosed CVEs affecting SSL-VPN: CVE-2023-27997, CVE-2023-29180, CVE-2023-22640, CVE-2023-29181, CVE-2023-29179, CVE-2023-22641. Admins or owners of Fortinet appliances/products running affected firmware with SSL-VPN enabled should ensure they are updated to one of the newer firmware versions. If updating is not a near-term option, disabling the SSL-VPN service on affected appliances can mitigate the risk of exploitation.

How do I find potentially vulnerable Fortinet SSL-VPN instances with runZero?

From the Services inventory, use the following prebuilt query to locate Fortinet SSL-VPN instances in your network:

_asset.protocol:http AND protocol:http AND (http.head.setCookie:="SVPNCOOKIE%SVPNNETWORKCOOKIE%" OR last.http.head.setCookie:="SVPNCOOKIE%SVPNNETWORKCOOKIE%")

Fortinet SSL-VPN query

Results from the above query should be triaged to verify those assets are running updated firmware versions.

As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

A tour of Nord Security’s new office in Cyber City

It’s official: All Nord Security products have finally moved under one roof at Cyber City. It’s the ultramodern destination for our community that sets a new standard for our employee experience. Dive into this blog to discover what life and work look like at one of the most cutting-edge tech offices in the Baltics.

Our brand-new HQ

In 2020, we started an exciting journey by laying the foundation of a brand-new office that could accommodate our fast-growing community and encourage a collaborative company culture. May 2023 marked the end of this journey as we transitioned over 900 employees from NordVPN, NordLayer, NordPass, and NordLocker to one of the most cutting-edge tech hubs in the Baltics, Cyber City, nestled in the heart of Vilnius, Lithuania.

Tom Okman Eimantas Sabaliauskas

 

Tom Okman and Eimantas Sabaliauskas, co-founders of Nord Security

Located on the grounds of the former “Sparta” textile factory, our new headquarters is a testament to its industrial past. The exterior design of our tech hub mirrors textile patterns, while the preserved iconic chimney standing tall in the heart of our business campus serves as a powerful symbol of our relentless ambition – to build future-shaping cybersecurity solutions from the ground up.


 

Nord Security office is located on the grounds of the former “Sparta” textile factory

Our state-of-the-art HQ building, housing Nord Security, Surfshark, Oxylabs, CyberCare, Hostinger, and other Tesonet community companies, is located on a 35,000 m2 site. Spanning seven floors, our new premises come with a wide range of features (see for yourself below) that raise the bar for our workforce culture.

Cultivating growth and creativity

The Cyber City business hub is the new Silicon Valley of the Baltic states, where the top tech talents and companies meet the best conditions for work, growth, and innovation. With this in mind, our HQ office features:

  • Ergonomic co-working spaces for all-day comfort.

  • 106 meeting rooms built-in with cutting-edge technology (smart cameras, easy room booking, and presentation systems) for seamless onsite and remote collaborations.

  • Modern conference hall and spacious atrium, perfect for hosting internal events, quarterly celebrations, and company-wide festivities.

  • A state-of-the-art production studio for elevating our content creation.

  • Dedicated silent zones for focused, uninterrupted work.

  • Music room equipped with an array of musical instruments for solo improvisation or collaborative jams with colleagues.

  • Hacker and innovation room for team building activities and LAN parties, exploration of groundbreaking tech, captivating video shoots, and immersive tech tours.

  • IQ lounge – a zone full of books and magazines stimulating curiosity and never-ending learning about art, architecture, science, and technology.

Ciber City office premises 4
Ciber City office premises 2
Ciber City office premises 5
Ciber City office premises 1
Ciber City office premises 3
Ciber City office premises 8
Ciber City office premises 7
Ciber City office premises 9
Ciber City office premises 6
Cyber City office premises 10

“What I absolutely adore about our office is the flexibility to work from different locations. Yes, we all have our dedicated spaces, but when you need that extra bit of focus or solitude, you can go and work in silent rooms. You can sit on the couch in the corridor or our spacious atrium if you want more comfort. And if you’re going to discuss your projects with someone in a more informal setting, our kitchen or coffee bar might be just perfect. There’s a place for every mood, every task, and every moment of your working day. Now, if I had to pick a personal favorite, it would be the lighting. I tend to be quite sensitive to harsh, bright lights, which give me headaches and eye strain. But here, it’s all warm, soothing light. It creates a calm and inviting atmosphere that’s just a pleasure to work in,” Ugnė Mikalajūnaitė, Country Manager at NordVPN, Nord Security.

All these forward-looking amenities, coupled with the growth opportunities Nord Security provides, be it internal training, online courses, mentorship programs, or Tech Days knowledge-sharing events – we build an environment that helps our employees stay at the top of their game.

Nord Security events 9
Nord Security events 8
Nord Security events 7
Nord Security events 3
Nord Security events 10
Nord Security events 6
Nord Security events 5
Nord Security events 4
Nord Security events 2
Nord Security events 1

Nurturing a thriving community

At Nord Security, we believe in the power of teamwork. With this in mind, we wanted to have all our products under one roof, so we could foster a sense of community more easily.

Cyber City office Toma Sabaliauskiene

 

Our open co-working spaces, inviting dining areas, cozy coffee spots, and the iconic “Sparta” bar provide a wealth of opportunities to connect and engage with people from different teams and products. And for some light-hearted fun with colleagues, our game room awaits, packed with board and tabletop games, as well as the most popular gaming consoles.

Cyber City office Rita Sereivaite

 

At last, Cyber City not only offers a collaborative work environment but also cultivates our community spirit through celebrated events. One such event was the grand opening of Cyber City, marking the official start of our new life in this state-of-the-art tech hub.

Ciber City Opening Party 9
Ciber City Opening Party 5
Ciber City Opening Party 2
Ciber City Opening Party 1
Ciber City Opening Party 3
Ciber City Opening Party 7
Ciber City Opening Party 10
Ciber City Opening Party 8
Ciber City Opening Party 12
Ciber City Opening Party 14
Ciber City Opening Party 13
Ciber City Opening Party 15
Ciber City Opening Party 17
Ciber City Opening Party 18
Ciber City Opening Party 16
Ciber City Opening Party 19

Enhancing work-life balance

A strong focus on work-life balance is what keeps our results and motivation at their peak. As a result, we follow a hybrid work model, giving us the freedom to connect with our colleagues at the office three days a week and enjoy the comfort of remote work for the remaining two. Not to mention flexible working hours when needed and the opportunity to work from abroad.

Having so many people passionate about sports and an active lifestyle, we can enjoy group training and well-being consultations in Cyber City led by in-house Physical Well-Being Team experts, saving us both time and money. And those who prefer individual workouts have free 24/7 access to a fully-equipped gym.

Cyber City office Deividas Armonas

 

For our working parents looking to strike the perfect work-family balance, we’ve established a dedicated parents’ room. Whether it’s an unexpected school closure or a need to share their workplace with their little ones for a few hours, we’ve got their back. This dedicated space ensures that extra bit of peace of mind when it’s most needed.

Cyber City office Arnas Aukstikalnis

 

The future starts here

Our brand-new workspace was tailor-made with Nord Security people in mind. Its environment mirrors our values, respects individual needs, and fosters a shared culture, sparking creativity and promoting a collaborative atmosphere.

Plus, it creates ample room for fresh talents ready to join our mission of shaping a safe cyber future. Does that sound like you? Check open positions at Nord Security and learn more.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

NordLayer use case: cybersecurity compliance

The regulatory landscape constantly evolves, and the number of cyber-attacks is rising. Organizations face the challenge of meeting strict and complex requirements for cybersecurity compliance. It is essential for companies to comply with the standards and regulations regarding the safety of information and data privacy that are relevant to the industry and global or local laws. 

This article will help you navigate through the compliance protocol labyrinth and show why implementing adequate solutions minimizes the risk of data breaches.

Reasons for complying with security regulations

Cybersecurity compliance is crucial for all companies, regardless of their size. The IBM Data Breach Report found that in 2022, 83% of organizations impacted by IT incidents had multiple data breaches. Neglecting to invest in robust cybersecurity measures leaves vulnerabilities open to malicious actors and increases the risk of non-compliance.

Why should your organization prioritize security regulations?

Avoiding fines and penalties

To protect access to your sensitive data, you must stay up-to-date with industry-specific compliance requirements. Non-compliance can result in substantial fines. The regulatory controls vary depending on the business’s location or data processing practices.

Some common compliance regulations include:

  • European General Data Protection Act (GDPR)

  • Health Insurance Portability and Accountability Act (HIPAA)

  • Payment Card Industry – Data Security Standard (PCI-DSS)

  • International Standard to Manage Information Security (ISO 27001)

  • System and Organization Controls Standard (SOC TYPE 1 and 2)

Building your business reputation

Companies with access to confidential data are at a greater risk of becoming a target for cybercriminals. Protecting sensitive information is vital for maintaining your customers’ trust and enhancing your organization’s reputation. Potential data leaks or theft can cause significant financial losses and damage your reputation.

Upgrading your data management capabilities

Modern businesses need to upgrade their data management capabilities. This includes implementing encrypted data, resource management features, and access control tools like single sign-on (SSO), biometrics, and two-factor authentication (2FA).

For example, healthcare organizations must with the new HIPAA encryption requirements and ensure all sensitive patient data is unreadable, undecipherable, and unusable to unauthorized individuals or software.

The challenges of security compliance control

Regulatory compliance means following rules designed to keep organizations in line with industry-specific laws. These regulations reduce breach risks, ensure companies are transparent, and protect them from financial losses or legal penalties. Compliance also boosts an organization’s reputation, integrity, and standing in the industry. Our comprehensive guide on compliance gives you a bigger picture of this important topic.

Non-compliant organizations face significant penalties. For example, Uber had to pay $148 million to settle a data breach affecting 57 million riders and drivers. Equifax paid $575 million for compromising the data of approximately 147 million people. Violating the General Data Protection Regulation (GDPR) can result in fines of up to $ 23 million for companies with EU citizens in their customer base.

Before discussing ways of reducing risks and implementing cybersecurity controls, it’s essential to understand the challenges your organization needs to overcome in security compliance control.

Challenge 1: evolving security environments

Security threats and compliance demands are constantly changing. New regulations are introduced to address emerging cyber risks, making your organization promptly adapt and adhere to updated controls.

Challenge 2: distributed workforce and endpoints

The remote work model has expanded the attack surface, making endpoints the epicenter of threats. Managing and securing many employee devices presents a challenge for any organization.

Challenge 3: larger teams

Coordinating teams and infrastructures across an extensive working environment complicates compliance management.

Additionally, a data breach can result in higher costs and impacts many individuals.

Challenge 4: multiple regulations

Irrespective of the industry, your business must follow many rules and regulations. And companies with employees in different countries must meet compliance regulations specific to each location. For example, processing payments through point-of-service (POS) devices necessitates compliance with the Payment Card Industry Data Security Control Standard (PCI DSS) standards.

Challenge 5: outdated technologies

Relying on manual methods such as spreadsheets and file shares for compliance updates is time-consuming and falls short of cybersecurity requirements. Keeping up with the changing industry regulations demands advanced tools to maintain secure data protection environments.

Understanding compliance protocols

Compliance rules cover various areas, including data privacy and financial reporting, with variations based on industry and location. Ensuring effective compliance with industry-specific regulations can be complex. Through security compliance management, you can bring security and compliance together.

Let’s now explore major compliance protocols that focus on protecting sensitive data, such as personal information, health records, and payment details.

Decoded data compliance protocols

HIPAA

What is it?

HIPAA, or the Health Insurance Portability and Accountability Act, is a federal law in the United States that ensures healthcare providers handle sensitive medical information according to the same regulations. It consists of four rules that provide guidance on achieving HIPAA compliance.

Best practices for HIPAA compliance

  • Familiarize yourself with the HIPAA requirements.

  • Create a HIPAA compliance checklist.

  • Identify and classify your sensitive data.

  • Establish access controls and implement safeguards for Protected Health Information (PHI).

  • Consider using a network access solution like NordLayer for easier HIPAA compliance.

With NordLayer’s HIPAA-compliant solution, you can meet healthcare industry regulations without requiring complex advanced setups or lengthy deployments. Gain secure access to every endpoint in your organization, locking down essential apps and databases while maintaining user-friendly accessibility.

GDPR

What is it?

The GDPR, or the General Data Protection Regulation, is a data protection and privacy law that applies to the European Union (EU) and European Economic Area countries. It focuses on protecting the personal data of European citizens and imposes requirements on how companies should handle such information.

The GPDR enables EU citizens to manage their personal data without restrictions. A company must get an individual’s consent before ensuring confidentiality and safety for any data processing activities. Also, the organization informs the affected person and the right institutions in case of a breach.

Best practices for GPDR compliance

  • Get familiar with a GPDR compliance checklist for companies.

  • Appoint a Data Protection Officer to stay updated on the GPDR requirements.

  • Partner with a trusted security service provider.

  • Map out your  GPDR compliance strategy and determine what security measures your company needs.

NordLayer’s compliance solutions are user-friendly, requiring no hardware and offering easy deployment, start, and scalability. One of our solutions, Zero Trust Network Access, provides enhanced security through multilayered network access control. With our Virtual Private Gateway, your traffic is encrypted, and your identity remains hidden while connecting to a public Wi-Fi. Our secret remote access solutions, such as Secure Remote Access and site-to-site connections, ensure secure and convenient remote access to devices and networks.

ISO 27001

What is it?

ISO 27001 is a widely recognized global recognized standard for information security management systems. It provides a framework for organizations to handle and protect various data types, including intellectual property, customer, employee, and financial information.

The regulations outlined in  ISO 27001 emphasize the importance of identifying and managing cyber risks, implementing security controls, and monitoring the system 24/7.

Best practices for ISO 27001 implementation

With Nordlayer’s solutions, you can ensure your data is encrypted and only known devices access your network and prevent unauthorized access with network segmentation or a Zero-Trust access model.

PCI-DSS

What is it?

PCI-DSS, or Payment Card Industry Data Security Standard, is a set of rules designed to protect credit card transactions in the payment industry. It focuses on managing risks associated with payment information and requires organizations to implement security controls, such as encryption and access controls, to safeguard cardholder data throughout the transaction process.

Best practices for PCI-DSS implementation

  • Review the PCI-DSS compliance checklist.

  • You can then assess your systems and processes to identify vulnerabilities.

  • Assess systems and princesses for vulnerabilities.

  • Deploy security measures aligned with PCI-DSS requirements, such as a firewall, traffic encryption, and restricting access to your confidential data

SOC 2 report

What is it?

SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Public Accountants (AICPA) to ensure businesses handle sensitive customer data securely. It provides insights into how a company and its partners manage and secure access to confidential data.

There are two types of SOC 2 reports:

  • SOC 2 Type I describes the organization’s systems and ensures they follow relevant trust principles.

  • SOC 2 Type II describes the operational efficiency of the system.

Best practices for SOC 2 report

To ensure a successful SOC 2 report and that your valuable customer data and privacy are well-protected, you must implement robust security measures like monitoring, access controls, and encryption.

NordLayer has gone through an independent SOC 2 Type 1 audit. What does it mean for your business? It means that all NordLayer’s tools provide adequate security controls to manage customer data and protect privacy.

How NordLayer helped a full-stack insurtech secure data

Rey. id, first Indonesia’s insurtech start-up is an insurance platform offering various healthcare services, including online and offline doctor consultations. As Rey deals with sensitive and regulated data, it was crucial for them to put appropriate security controls in place.

Rey needed a trusted system that meets the Indonesian regulatory requirements and safely store all data for 25 years. Using NordLayer, Rey seamlessly integrated their systems, enabling secure connections to their app and cloud servers. The hardware-free Business VPN service is now mandatory for Rey’s employees based on their job roles and access permissions, and it requires minimal resources for setup and maintenance. Rey also implemented Standard Operating Procedures (SOPs), including Single Sign-On (SSO) for user authentication.

Rey’s team can easily manage new employees, allowlist IP addresses for new servers, and assign specific task groups based on their needs, like code uploading and system deployment. This simplifies the VPN configuration process within the infrastructure, removing its complexity.

With NordLayer, Rey combined security measures with compliance standards, effectively reducing data breach risks. These strong security solutions helped Rey achieve ISO 27001, a huge milestone for a young company like theirs, ensuring the secure handling of confidential data.

Actionable tips and best practices for compliance

Maintaining regulatory compliance in today’s hybrid and remote work environment has become increasingly challenging. Here are some practical tips to help your organization secure access to your sensitive data and ensure compliance.

4 key tips for data compliance and security

  • Encrypt data transfers from untrusted networks. Encryption helps you safeguard data confidentiality, protecting it from unauthorized access. This is particularly crucial for healthcare providers, partners, and subcontractors dealing with Protected Health Information.

  • Monitor and audit your network activity 24/7. With efficient monitoring, logging, and auditing solutions, you can track secured connections, detect anomalies and prevent security incidents.

  • Allow only trusted devices to connect to your internal network. You can ensure the network’s security and health by monitoring and accessing devices based on predefined security rules. Receive notifications about non-compliant devices to take appropriate measures.

  • Implement access segmentation to protect resources and limit cybercriminals’  movement within your network in the event of a breach. Network segmentation enables you to allocate resource access using private gateways, enhancing overall network security.

  • Adopt a Zero-Trust solution to strengthen your network safety. This model ensures that only authorized users can access protected data by implementing strict security measures like 2FA, SSO, and biometrics. With this trust-noone-verify-all approach, you can enhance the safety of your network and safeguard your data.

How can NordLayer help your organization achieve compliance?

Modern organizations face now complex digital security rules and regulations. Poor security compliance exposes businesses to risks, including regulatory fines, reputational damage from data breaches, and financial losses.

As you embark on your way to compliance, you must familiarize yourself with the specific regulations relevant to your industry. For example, healthcare organizations should comply with HIPPA, while companies operating within the European Union must adhere to the GDPR.

NordLayer provides advanced and reliable tools that help organizations merge security and compliance effectively. By integrating our solutions into your compliance strategies, you can secure access to sensitive data. Whatever sector your organization operates in, NordLayer can assist in achieving compliance.

To begin your compliance journey, get in touch with our team. Whether you need ISO 20007 certification, HIPAA compliance, or adherence to the GDPR, we are here to support you on every step of the way.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Creating a culture of cybersecurity in the workplace

In an era marked by increased digital dependence and relentless cyber attacks, the significance of cultivating a cybersecurity-conscious culture in the workplace cannot be overstated. The awareness of cyber risks is the key factor influencing an organization’s resilience to the most prominent type of attack — social engineering. As security measures become more sophisticated, hackers more often target people as the weakest link

This places cybersecurity culture at the forefront of workplace security procedures, including practices, threat awareness, and effective preparations to counter various risks. In this article, we’ll share our insights into the role that a human factor plays in information security and awareness.

Why is cybersecurity awareness important?

Cybersecurity awareness has become crucial with the rise of cyber threats like phishing attacks, social engineering attacks, and data breaches. These threats disrupt business operations and can lead to the loss or theft of sensitive data, causing significant financial and reputational damage. Yet, more employees working remotely created an advantageous environment for various security threats.

The significance of cybersecurity awareness is exemplified by the Reddit incident that took place in early 2023. During this breach, the company fell victim to an advanced phishing attack, leading to the exposure of sensitive internal documents and source code.

However, there was a positive aspect to this story. A vigilant employee who clicked on the malicious link swiftly recognized the ongoing attack and promptly alerted the internal security team. Thanks to their quick response, the cybercriminal’s access was limited, enabling the containment of the damage and safeguarding of the files, avoiding a full-scale data breach.

Main ways how employees put companies at risk

Employees can unintentionally expose companies to cyber threats in various ways. To make the challenge even bigger, bad actors often use psychological tactics, authority (CEO fraud), time pressure, and curiosity to trick employees.

This often happens due to a lack of knowledge, carelessness, or even malicious intent in some cases. Here are the most common ways this can happen:

Phishing scams

Employees may unknowingly open phishing emails and click on malicious links that infect their computers with malware or ransomware. These attacks often disguise themselves as emails from reputable sources. This is one of criminals’ most commonly used tactics to steal sensitive information.

Weak or reused passwords

Employees within an organization may use weak or reuse the same password for multiple accounts. This practice makes hackers’ work much easier because all that’s needed is to try the identical combination on different websites to see if it works. If it does — a hacker can easily take over user’s digital identity, leading to data breaches and information spills. Strong passwords and two-factor authentication enforcement can help organizations to avoid such threats.

Unauthorized device usage

Employees working remotely may use personal or unsecured devices to access company data. As businesses are increasingly adopting hybrid work and bring-your-own-device models, employees are less tied to their company-issued devices. However, when their devices lack proper security measures, this creates plenty of opportunities to mishandle sensitive data, including inappropriate sharing, insecure storage, or improper disposal. This creates a precedent for a huge variety of security threats.

Not updating software

Outdated software is very likely to have security vulnerabilities that hackers can exploit. If employees fail to install updates and patches on their devices, it can put the entire network at risk. While enforcing these updates is possible for company-managed devices, it’s much more difficult to control devices that employees use personally.

Physical security breaches

In addition to digital breaches, physical security is also crucial. If employees leave devices unlocked or unattended or lose devices containing sensitive information, it can lead to data breaches. This issue is even more prevalent as more employees work remotely or in a hybrid environment — dividing time between the office and other places. Shoulder surfing is a technique hackers use to obtain confidential data by physically viewing the device screen and keypads.

How to create a culture of cybersecurity in the workplace?

Despite the availability of sophisticated security systems, human error often remains the weakest link. This makes a robust culture of cybersecurity cultivation a necessity. Here are some tips on how to achieve this:

1. Foster awareness

To adopt good cybersecurity practices, employees must first be acquainted with them. Cybersecurity awareness programs can help demystify cybersecurity and how it can affect the organization and its employees personally. Regular security training sessions should include real-life case studies of cyber-attacks and their consequences, along with clear, concise explanations of terms like phishing, malware, and ransomware.

2. Incorporate cybersecurity into onboarding

Cybersecurity training should not be an afterthought, but it should be integrated into the employee onboarding process. The sooner an employee becomes familiar with cybersecurity norms, the better. New hires are often targets for cybercriminals because of their elevated access permissions and limited knowledge of the company’s cybersecurity best practices. Early inclusion of cybersecurity training in the initial stages will help safeguard both an employee and the company (as well as remote workers).

3. Establish clear cybersecurity policies

A clear, accessible, and detailed cybersecurity policy should be at the top of any organization’s IT strategy list. These policies should cover password management, the use of personal devices, reporting suspicious activity, data sharing and storage, and more. Make sure that all employees are aware of these policies and know where to find them if they have doubts or questions. As the main document for the cybersecurity approach, this allows comprehensive reorganization and even enforcement of best cybersecurity practices.

4. Promote a culture of openness

Employees should be encouraged to report suspicious activity without the fear of blame. A culture focused on punishment rather than problem-solving can make people hide their errors and could escalate into significant security breaches. However, an atmosphere where employees feel comfortable sharing concerns or admitting mistakes allows for quicker threat mitigation. It serves as a valuable learning experience for everyone involved.

5. Make cybersecurity everyone’s responsibility

A solid cybersecurity strategy is only possible with each employee understanding their role in preventing cyber threats. In the end, cybersecurity isn’t solely the IT department’s job. Each employee has a vital role in maintaining the security of the company’s data. Driving this point home can help build a mindset where everyone feels accountable for the organization’s cybersecurity.

6. Involve leadership

Like any other company-wide organizational initiative, a culture of cybersecurity has to be led from the top. The leadership team should endorse the cybersecurity program and actively participate in its implementation. This sends a clear message to all employees that cybersecurity is a priority and should be taken seriously at all levels of the organization.

7. Regular training and updates

The cyber threat landscape never stops evolving. The same knowledge that was relevant last year might be useless now. For this reason, it’s important to ensure that employees are aware of the latest threats and prevention measures and train them regularly. Cyber security awareness training for your employees should cover new types of threats, updates in cybersecurity policies, and reinforcement of fundamental security practices. Regular security drills also help to keep employees alert and prepared for potential threats.

8. Use technology to establish digital obstacles

Implementing security tools and software to automate and enforce security policies helps to prevent or restrict certain employee actions that may pose security risks. Multi-factor authentication, IAM, virtual private networks, regular automatic updates, and firewalls are just some of the tools that can help bolster cybersecurity. With these features, organizations can enhance their Zero Trust cybersecurity posture and protect sensitive data and resources from unauthorized access or misuse.

Individual roles of cybersecurity culture creation

Creating a culture of cybersecurity is a shared responsibility. This means that everyone, from top executives to individual remote employees, has a role to play. Once cybersecurity awareness is established in the workplace, it’s crucial to comprehend distinct responsibilities assigned to each person and ensure they are adequately prepared to fulfill their roles effectively.

Roles in the boardroom

Based on a study by Tanium & Nasdaq, only 10% of board members believed they received consistent updates on cybersecurity threats to their business. While a board can be concerned about a myriad of risks, it’s crucial to discern the correct roles of a board in overseeing cybersecurity risk:

  • Prioritizing: Instruct management to give cybersecurity the attention it deserves and establish an attitude for the entire organization.

  • Assessing: Demand that the organization conducts an official evaluation of cybersecurity threats, employs external specialists and complies with instructions from an established risk-assessment structure.

  • Monitoring: Set the expectation for the board to receive regular updates on managing cybersecurity risks.

Roles of executives

Executive management is central when setting the course for an organization’s cybersecurity operations. Their starting aims should include treating cybersecurity as a key area, designing a cybersecurity plan of action, and allocating suitable resources (personnel and budget). Following this, they should persistently supervise, train, and modify their efforts to sustain best practices. Their responsibilities should encompass:

  • Organizing: Assign responsible individuals for organizing cybersecurity operations and security integration within everyday procedures.

  • Communicating: Advocate for the organization’s cybersecurity initiatives. When employees observe that executive management has prioritized cybersecurity, it naturally becomes a priority for everyone.

  • Preparing: Cybersecurity risk management schemes are incomplete without contingency plans to respond to an incident or breach in your environment. Creating an incident response team is necessary, which might include a third-party forensic accountant.

Roles of staff members

Every individual in an organization has a part to play in mitigating risks associated with phishing emails, spyware, ransomware, and other threats to the company’s critical information assets. Key methods for curbing social engineering and employee-related threats comprise:

  • Training: Participate in all staff training sessions on using company equipment and resources appropriately.

  • Awareness: Provide regular updates about cybercrime trends. Stronger awareness increases caution and lessens various risks.

  • Confirmation: Exercise caution before opening attachments or clicking on email links, especially those originating from unknown sources.

Each person in an organization plays a vital role in the cybersecurity risk management plan. The most effective of them considers defining the appropriate responsibilities and duties for every employee for small businesses and corporate entities alike.

How can we help protect your employees?

Cybersecurity threats follow your employees everywhere. A culture of cybersecurity can dramatically improve an organization’s resilience against various attack types, but it’s not enough. Unsecured Wi-Fi networks, file sharing, and phishing are real risks, and technological solutions combined with well-trained staff is the only cure.

This is why we’ve teamed up with our friends at SoSafe, one of the leading cybersecurity awareness training providers. With behavioral science and enterprise focus in their DNA, SoSafe creates automated and engaging cyber security awareness training programs and phishing simulations at scale. Effectively handle your human risk with minimal involvement.

NordLayer can make internet access security easier, protecting sensitive information in transit, mitigating cyber threats, ensuring regulatory compliance and business operations continuity. By blocking access to malicious websites and controlling entry to specific content categories, NordLayer allows global business exploration and guarantees the confidentiality of users’ and resources’ true location.

As cyber threats evolve, so must our risk management strategies. Contact NordLayer to reinforce your security protection.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×