Skip to content

How Does PAM Help Protect Against Ransomware Attacks?

According to data extracted from a Cybersecurity Ventures‘ survey, ransomware costs will reach $20 billion next year. The survey also predicts this type of cyberattack will target corporations every 11 seconds.

Ransomware consists of malware used by malicious agents to block their victims’ computers and then demand a ransom. This malware has evolved, going beyond encrypting data and causing the shutdown of operations in companies: ransomware such as Maze also causes the leak of sensitive information, endangering the credibility of a company and can generate great financial losses.

The good news is that it is possible to prevent this threat by using Privileged Access Management (PAM), and this is the subject of this article. Keep reading our text to the end and learn everything about it!

  • How to Prevent Ransomware Attacks with PAM
  • In this topic, we will show you how PAM helps prevent ransomware attacks. In practice, it allows to:
  • Know and Manage Privileged Credentials
  • Use Protection Strategies Based on Zero Trust
  • Implement the Principle of Least Privilege
  • Enhance Security in Remote Access
  • Audit Actions Performed Through Privileged Credentials

Below, we explain each of these aspects in more detail:

Know and Manage Privileged Credentials

In various types of cyberattacks, hackers use compromised credentials, and ransomware is no different, after all, to run this malicious software one needs to have privileges.

For this reason, it is recommended to discover and manage privileged credentials through Privileged Access Management (PAM). This solution makes it possible to discover, integrate, manage, switch, and audit credentials, as well as eliminate credentials that are no longer in use.

The best PAM tool for the discovery and management of privileged credentials is PAM senhasegura, which has discovery features considered best-in-class by the PAM market.

Use Protection Strategies Based on Zero Trust

Deploying the Zero Trust-based network security model is also essential to prevent ransomware attacks.
This concept considers no user or device should be allowed to connect to IT systems and services without first being authenticated, according to the strategy ?never trust, always verify?.

In practice, the Zero Trust model works as an extremely effective protection, which verifies credentials continuously before granting access through methodologies such as Just in Time.

Just in Time is a technique that offers each user only the necessary access for the required time to perform their activities.With PAM, it is possible to ensure the granular definition of privileges through strategies based on Zero Trust, such as Just in Time. Forrester highlighted the access granularity of senhasegura in its Wave for PIM report.

Implement the Principle of Least Privilege

One of the ways to prevent most ransomware attacks is through the Principle of Least Privilege (POLP).
This strategy also limits the impact of ransomware that can be installed in your IT environment, preventing hackers from moving laterally and diminishing their ability to elevate privileges.

That is, if the malicious attacker steals a credential with limited access or without privileges, the losses will be much lower. In this sense, endpoint privilege management tools are essential features of Privileged Access Management platforms.

This is because the connection of endpoint devices such as IoT devices, smartphones, laptops, and tablets increases the attack surface, making it easier for malicious attackers to work.

senhasegura offers GO Endpoint Manager for Windows and Linux endpoint and workstation privilege management, which allows segregation for access to confidential information, isolating critical environments.

Enhance Security in Remote Access

Remote access is one of the major security vulnerabilities of companies in general. With it, employees and third-party suppliers do not always adhere to the security practices stipulated by the companies. We highlight the choice of weak or reused passwords or the use of the same password by a group of people among the main failures.

With Privileged Access Management, each user will only have access to resources indispensable to performing their tasks, thus reducing the attack surface, since administrators will be able to approve or deny access requests.

Through senhasegura Domum, secure remote access can be performed by employees and third parties with all senhasegura PAM remote session capabilities, providing Zero Trust-based access to corporate network devices without the need for a VPN.

Audit Actions Performed Through Privileged Credentials

Another capability of Privileged Access Management is to facilitate the audit of actions performed through privileged credentials, controlling risks such as improper access to these accounts.

senhasegura enables the implementation of stricter controls, which automate and centralize access to privileged credentials, protecting the IT infrastructure against data theft and compliance failures.
Through senhasegura PAM, it is possible to:

  • Obtain automated control of privileged account policies, enabling continuous monitoring and adherence to audit requirements;
  • Ensure full visibility of “who, when, and where”, as well as “what” happened during a session with privileged credentials;
  • Issue simplified audit reports from a central audit data repository;
  • Reduce operational costs and response time with ongoing audits.

About senhasegura

We are senhasegura, a company that integrates MT4 Tecnologia, a group founded in 2001 with a focus on digital security.

We are present in more than 50 countries, with a commitment to providing digital sovereignty and cybersecurity to our clients, granting control over actions and sensitive data and preventing information thefts and leaks.

To achieve this goal, we follow the lifecycle of privileged access management through machine automation, before, during, and after accesses. We also work for:

  • Avoiding the interruption of activities of companies, which may impair their performance;
  • Automatically auditing the use of privileges;
  • Automatically auditing privileged actions in order to identify and avoid privilege abuses;
  • Offering advanced Privileged Access Management solutions;
  • Reducing cyber threats; and
  • Keeping organizations in compliance with audit criteria and standards such as HIPAA, PCI DSS, ISO 27001, and Sarbanes-Oxley.

Conclusion

In this article, you saw that:

  • Ransomware consists of malware used by malicious agents to block their victims’ computers;
  • This malicious software can be countered by Privileged Access Management (PAM) tools;
  • This tool allows one to know and manage privileged credentials, use protection strategies based on Zero Trust, implement the principle of least privilege, reinforce security in remote access, and audit actions performed through privileged credentials.

Did you like our article? Then share it with others who want to know how Privileged Access Management contributes to preventing ransomware attacks.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Why do you need both IDS and IPS, or maybe the NGFW too?

I would like to straighten the defense of the web application by talking about Intrusion Detection and Prevention Systems (IDS and IPS) as the third member of this security trio defense: WAF, RASP, and IDPS. In the previous articles, I talked about security defense technology Runtime Application Self-Protection (RASP) and Web Application Firewall (WAF).

What are IDS and IPS?

 

Intrusion Detection Systems and Intrusion Prevention Systems are used to detect intrusions and, if the intrusion is detected, to protect from it.

First, I will focus on explaining the differences between the WAF, RASP, and IDPS.

 

What is the difference between WAF, RASP, and IDPS?

 

I have already explained in previous articles the difference between WAF and RASP. Still, I will introduce IDPS and show you exactly why a combination of this trio is the best security choice.

Summary: IDPS is used to detect intrusions and protect from them. WAF will detect and block attacks based on rules, patterns, algorithms, etc. RASP detects the application runtime behavior using algorithms.

 

Why is it best to use both IDS and IPS?

 

To better understand why it is important to use both systems, we need to know what each of them does and doesn’t do and how combining them gives more effective protection. Each of those systems has its own types, which will be explained below.

 

Location and Range

 

These two types of security systems operate in different locations and have different ranges.

Facts:

·   IDS works across the enterprise network in real-time by monitoring and analyzing network traffic.

·   IPS works in the same network location as a firewall by intercepting network traffic.

·   IPS can use IDS to expand the range of monitoring.

By knowing this and using both IDPS, you can cover more range.

 

Host-based IDS and IPS

 

There are a few types of IDS and IPS. I will mention them so you can know which one targets what, but there is plenty of online documentation for more information.

 

Host-based IDS (HIDS) is used for protecting individual devices. It is deployed at the endpoint level. It checks network traffic in and out of a device, and it can examine logs and running processes. HIDS protects only the host machine. It does not scan complete network data. Similar to this type, IPS has its own Host-based IPS (HIPS). HIPS is deployed on clients/servers, and it monitors the device level as well.

 

Network-based IDS and IPS

 

Network-based IDS (NIDS) works on monitoring the entire network. It looks out at every network device and analyzes all the traffic to and from those devices. On the other side, IPS has its own type, called Network-based IPS (NIPS), deployed within the network infrastructure. It monitors the complete network and, if needed, tries to protect it.

**NIDS and NIPS are very important to network forensics and incident response because they compare incoming traffic to malicious signatures and differentiate good traffic from suspicious traffic.

 

Wireless IPS

 

IPS also has Wireless IPS (WIPS) type that monitors radio waves (wireless LAN) for unauthorized access points, which you can use to automate wireless network scanning. Techtarget site provided ways of using WIPS in enterprise in this article. Check it out!

 

Protocol-based intrusion detection systems (PIDS) and Application protocol-based intrusion detection systems (APIDS)

 

Both protocol-based systems are the type of IDS. They both monitor traffic to and from devices. The only difference is that PIDS monitors one server and APIDS group of servers.

 

Network behavioral analysis (NBA)

 

Network behavioral analysis (NBA) is the type of IPS that looks for unexpected behavior within patterns of a network itself.

 

IDS and IPS modes

 

IDS is generally set to work in inline mode. As for IPS, it is set to work in the network behind the firewall. It can operate in both modes: as an end host or in inline mode.

 

Most used IDS/IPS tools in 2022

 

According to softwaretestinghelp.com, the list of most used IDS tools is this:

·   SolarWinds Security Event Manager

·   Bro

·   OSSEC

·   Snort

·   Suricata

·   Security Onion

·   Open WIPS-NG

·   Sagan

·   McAfee Network Security Platform

·   Palo Alto Networks

For more info regarding pricing, pros, cons and features of these tools checkout the softwaretestinghelp site.

Also, spiceworks.com provided the list of the most used IDPS tools:

·   AirMagnet Enterprise

·   Amazon Web Services (AWS) GuardDuty

·   Azure Firewall Premium IDPS

·   Blumira

·   Cisco Secure IPS (NGIPS)

·   Darktrace Enterprise Immune System

·   IBM Intrusion Detection and Prevention System (IDPS) Management

·   Meraki MX Advanced Security Edition

·   NSFocus Next-Generation Intrusion Prevention System

·   Snort

For more info regarding pricing, pros, cons and features of these tools check out the spiceworks site. This research will also help you choose the right IDPS solution based on these tools’ features.

 

What is Next-Generation Firewall (NGFW) or Unified Threat Management (UTM)?

 

There is a modern type of technology that combines IDS and IPS with firewalls called Next-Generation Firewall (NGFW) or Unified Threat Management (UTM).

NGFW includes:

·   Standard firewall features (packet filtering, stateful inspection, and VPN awareness)

·   Integrated Intrusion Prevention (IPS)

·   Application awareness of threats

·   Detect and block risky apps

·   Threat intelligence

·   Upgrading security features (such as future information feeds)

·   New techniques that help to address new security threats

Researchers for nomios site have gathered information and made a list of the top 5 vendors for NGFW in 2022. Also, they gave suggestions on what you should look for when choosing the right NGFW tool. Check it out!

 

Conclusion

 

You should combine IDS and IPS because of three things: response, protection, and impact. If you decide to use IDS, the testing will stop at the detection phase but using IPS based on settings and policy testing will also include the prevention. Because IPS reacts immediately, it gives a certain layer of protection aside from detecting malicious activity. However, there are false positives possible using IPS that will end up shutting your network.

Organizations often set up Integration Detection Systems to handle the logs and notifications/alerts, routers, firewalls, and servers to fight threats.

A better solution would be using a combination of IDPS and setting it up when planning security. In the future, when the organization grows and needs better protection, it will be possible to use IDS/IPS solutions for additional networks, servers, or devices.

Also, depending on the organization’s security needs and cost restrictions, NGFW can be a good choice too!

 

Cover photo by krakenimages

#IPS #IDS #IDPS #NGFW

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

10 個節省電子裝置能源消耗的小提示

隨著快速上漲的能源價格給許多家庭帶來壓力,有哪些措施可以幫助降低電子裝置的功耗?

近年來,我們家中連接的裝置數量激增,據估計,歐洲普通家庭現在擁有大約 17 個諸如電腦、智能手機、平板電腦、智能家居設備、AI 語音助手、智能電視等這樣的設備,而美國則增加到 20 個。隨著西方國家認真開始碳中和之旅,以下有一些措施,可幫助您減少能源費用並讓地球變得更環保。

  1. 如果您打算購買新的裝置,請參考能源標籤,能源少 30 – 65% 的能源消耗。
  2. 手提電腦或流動裝置充滿電後,可拔下電源。
  3. 手提電腦使用的能源比桌面電腦少。
  4. 避免在裝置上使用熒幕保護程式,這會消耗額外的電量。
  5. 使用裝置的睡眠模式,以確保它們在不使用時關機。
  6. 即使裝置已關閉,只要插上電源,它們仍可能在用電,可考慮拔下所有不用的插頭。
  7. 考慮使用高級拖板,這些拖板可以阻止裝置在不使用時消耗電力。
  8. 避免使用遊戲機觀看串流視頻,它們使用的電量是平板電腦或手提電腦的 10 倍。
  9. 將電視切換到節能模式,使背光變暗並有助於將功耗降低三分之一。
  10. 使用智能電錶,實時監控家中不同的電器裝置各自使用了多少能源。

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟件提供商,其獲獎產品 — NOD32防病毒軟件系統,能夠針對各種已知或未知病毒、間諜軟件 (spyware)、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布裏斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事處,代理機構覆蓋全球超過100個國家。

10 個節省電子裝置能源消耗的小提示

隨著快速上漲的能源價格給許多家庭帶來壓力,有哪些措施可以幫助降低電子裝置的功耗?

近年來,我們家中連接的裝置數量激增,據估計,歐洲普通家庭現在擁有大約 17 個諸如電腦、智能手機、平板電腦、智能家居設備、AI 語音助手、智能電視等這樣的設備,而美國則增加到 20 個。隨著西方國家認真開始碳中和之旅,以下有一些措施,可幫助您減少能源費用並讓地球變得更環保。

  1. 如果您打算購買新的裝置,請參考能源標籤,能源少 30 – 65% 的能源消耗。
  2. 手提電腦或流動裝置充滿電後,可拔下電源。
  3. 手提電腦使用的能源比桌面電腦少。
  4. 避免在裝置上使用熒幕保護程式,這會消耗額外的電量。
  5. 使用裝置的睡眠模式,以確保它們在不使用時關機。
  6. 即使裝置已關閉,只要插上電源,它們仍可能在用電,可考慮拔下所有不用的插頭。
  7. 考慮使用高級拖板,這些拖板可以阻止裝置在不使用時消耗電力。
  8. 避免使用遊戲機觀看串流視頻,它們使用的電量是平板電腦或手提電腦的 10 倍。
  9. 將電視切換到節能模式,使背光變暗並有助於將功耗降低三分之一。
  10. 使用智能電錶,實時監控家中不同的電器裝置各自使用了多少能源。

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟件提供商,其獲獎產品 — NOD32防病毒軟件系統,能夠針對各種已知或未知病毒、間諜軟件 (spyware)、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布裏斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事處,代理機構覆蓋全球超過100個國家。

runZero 3.4: Vulnerability import from CrowdStrike Spotlight (plus something for everyone)

What’s new with runZero 3.4?

  • Vulnerability import from CrowdStrike Spotlight
  • Integration performance improvements and enhancements
    • Automatic expiration of ephemeral AWS assets
    • Processing performance improvements
    • Enrichment-only integration support
  • OAuth Client Secret authentication
  • Simplified site import and export format
  • Rapid Response queries for MegaRAC and Cisco
  • User interface improvements

Vulnerability inventory from CrowdStrike

runZero Enterprise customers can now import vulnerabilities from CrowdStrike Spotlight. runZero 3.4 automatically imports vulnerabilities when a credential is supplied that has access to the “Spotlight” OAuth scope. CrowdStrike Spotlight vulnerability data can be viewed from the asset detail page as well as in the vulnerability inventory. CrowdStrike vulnerability attributes include the relevant CVE identifier, severity, exploitability status, vulnerability detail, and any recommended actions to remediate the issue. Use the filter source:crowdstrike in the asset or vulnerability inventory to see CrowdStrike-sourced data. Use the following queries to track down common concerns: Ready to complement your runZero inventory with vulnerability data from CrowdStrike? To get started, set up a connection to CrowdStrike using a credential with access to Spotlight vulnerabilities. Vulnerabilities from CrowdStrike Spotlight

Integration performance improvements and enhancements

The 3.4 release delivers new features and performance improvements to runZero integrations.

Automatic expiration of ephemeral AWS assets

You can now have your AWS integration automatically remove AWS assets from your inventory that weren’t seen in the latest sync. Many AWS resources are ephemeral, only being in use for a short period of time, and these temporary assets can lead to a slow increase of offline assets over time. If you don’t want to keep those decommissioned AWS assets in your runZero inventory, this feature can be used to automatically delete them. An alternative to this feature is to place your cloud assets in a separate Organization and configure a low stale asset expiration.

Processing performance improvements

The performance of all integration tasks has been improved and processing now completes much faster, with better use of resources, especially for self-hosted customers. This improvement is the most significant for processing data from vulnerability management products.

Enrichment-only integration support

You can now choose to exclude unknown assets from your integration imports. If enabled, runZero won’t import assets from an integration unless they can be merged with an existing asset in your inventory. This places the integration into an enrichment-only mode. This option is helpful when overlaying data from directory providers (Azure AD and Windows AD) as well as MDM and EDR systems that often include off-network assets that may be outside of your runZero scope.

OAuth Client Secret authentication

In addition to being able to access the runZero APIs using bearer tokens, you can now configure the use of OAuth2 client credentials. Simply register an API client and use the client ID and secret to obtain a temporary session token, which can then be using with the existing APIs as a bearer token.

Simplified site import and export format

The process and format for importing sites has been simplified so that you can more quickly add multiple sites based on subnets. The format of the imported CSV has been updated so that each registered subnet can be provided as a separate row, with the results merged automatically during import. Need to add a ton of new subnets to your sites? Export the current CSV, append the new subnets to the end with the same site name, and re-import the list to update your site configuration.

Rapid Response queries for MegaRAC and Cisco

In addition to letting you create queries to fit your needs, runZero includes pre-built queries for recent threats. During the 3.4 release, new queries were added to quickly track down assets running MegaRAC BMC firmware and to locate Cisco 7800/8800 series IP phone assets.

User interface improvements

The 3.4 release includes several changes to the user interface to improve the performance of the runZero console. The tables on the analysis reports, site comparison reports, and SSO groups pages now perform and load faster. This will let users query and sort the results in tables more efficiently, getting to the answers they need faster.

Release notes

The runZero 3.4 release includes a rollup of all the 3.3.x updates, which includes all of the following features, improvements, and updates.

New features

  • The AWS integration now includes an option to automatically remove assets no longer reported by AWS.
  • OAuth 2.0 client credentials can now be used to authenticate with runZero APIs.
  • The edr.name asset attribute is now updated to show when a runZero scan no longer detects the EDR.
  • Tasks can now be stopped during data gathering and processing phases.
  • The site import and export CSV format has been simplified.
  • The performance of connector task processing has been improved.
  • Tables for the Site comparison report, analysis report results, and SSO group mappings have been redesigned for improved performance.
  • Added a new canned query for finding Cisco 7800/8800 series IP phone assets.
  • Improved fingerprinting coverage of Google Workspace assets.
  • Additional fingerprint updates.

Security improvements

  • A bug that could show cross-tenant “no access” role users in the Your team > Current organization view was resolved. This issue only applied to the cloud-hosted version of the runZero platform. The affected build was live for slightly more than two hours. Any customers affected by this issue will receive a detailed notice to the email addresses associated with their superuser accounts.

Product improvements

  • The consistency in asset terminology has been improved.
  • The site import CSV format has been improved.
  • The CLI Scanner --api-url parameter handling has been improved.
  • The DELETE API method for bulk asset deletion has been deprecated.
  • A public API endpoint to check the platform health has been added.
  • OS EOL dates are now reported for Windows 11.
  • A new canned query for MegaRAC BMC firmware has been added.
  • Self-hosted customers can configure concurrent task processing with the RUNZERO_CRUNCHER_INSTANCES option.
  • VMware ESXi instances now display OS end-of-life dates based on version.
  • The scanner now supports a configurable ToS/Traffic Class field in the advanced configuration.
  • Additional operating system and hardware icons are available in the inventory view.
  • Explorer and CLI Scanner binaries are now approximately 5MB smaller.
  • The All Organizations view now more accurately handles limited user permissions.

Performance improvements

  • The performance of the task overview page load time has been improved.
  • The import time for third-party data sources was improved.
  • The scheduler will now delay recurring tasks if the previously completed task has not yet started processing.
  • The backend now processes concurrent tasks for separate sites within the same organization when possible.
  • Searching and sorting is faster when using the asset first seen and last seen columns.

Fingerprinting changes

  • Improved fingerprinting coverage of Apple HomeKit and HomeKit-connected devices.
  • Improved fingerprinting coverage of Google Workspace assets.
  • Improved fingerprinting coverage of Microsoft Intune and Azure Active Directory assets.
  • Additional support added-or-improved for products by by Advidia, APC, Apple, Ascom, Avaya, Cisco, Citrix, D-Link, Dahua, ecobee, Eve, Fortinet, First Peer, Google, Green Electronics, ICP DAS, ifm electronic, iXsystems, LG, Microsoft, Motorola, Nintendo, OnePlus, OpenWRT, Poly, QNAP, Raspberry Pi, Red Hat, Riverbed, Roku, Sagemcom, Samsung, Shelly, Schneider Electric, SolidCP, Sony, SUSE, SwitchBot, TCL, Technicolor, Twinkly, UPS Manufacturing, Vizio, and VMware.

Integration improvements

  • The CrowdStrike integration now imports vulnerabilities when CrowdStrike Spotlight is enabled for the API key.
  • An option to disable the creation of new assets from third-party integrations has been added.
  • Third-party integrations merge assets more consistently.
  • Third-party integrations now merge more accurately when using IP addresses as the match key.
  • Microsoft Intune and Azure Active Directory assets are now fingerprinted more accurately.
  • New LDAP credentials now auto-populate the discovered port.
  • The Microsoft Defender integration now merges assets more comprehensively.
  • The AWS EC2 integration now provides an option to include Stopped instances.

Bug fixes

  • A bug that could prevent an Explorer from running scans with specific network configurations has been resolved.
  • A bug that could cause recurring tasks to backup has been resolved.
  • A bug in the Organization asset export API has been resolved.
  • A bug that caused the License information page to display an incorrect project asset count was resolved.
  • A bug that could delay concurrent task processing has been resolved.
  • An issue that could cause the command-line scanner to skip LDAP enumeration has been resolved with the --ldap-thumbprints flag.
  • A bug that could prevent tag searches from completing when thousands of tags are in use has been resolved.
  • A bug that could result in partial import of GCP CloudSQL assets was resolved.
  • A bug that could lead to duplicate vulnerabilities when an import was restarted has been resolved.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×