9 月 2022 - 頁10，共13

UNDERSTANDING OBSERVABILITY VS. MONITORING. PART 1

The development of clouds, the DevOps movement, and distributed microservice-based architecture have come together to make observability vital for modern architecture. We’re going to dive into what observability is and how to approach the metrics we need to track. Observability is a way of spotting and troubleshooting the root causes of problems involving software systems whose internals we might not understand. It extends the concept of monitoring, applying it to complex systems with unpredictable and/or complex failure scenarios. I’ll start with some of the basic principles of observability that I’ve been helping to implement across a growing number of products and teams at Nord Security.

Monitoring vs. Observability

“Monitoring” and “observability” are often used interchangeably, but these concepts have a few fundamental differences.

Monitoring is the process of using telemetry data to understand the health and performance of your application. Monitoring telemetry data is preconfigured, implying that the user has detailed information on their system’s possible failure scenarios and wants to detect them as soon as they happen.

In the classical approach to monitoring, we define a set of metrics, collect them from our software system, and react to any changes in the values of these metrics that are of interest to us.

For example:

Excessive CPU usage can indicate that we need to scale it up to compensate for increasing system loads;

A drop in successfully served requests after a fresh release can indicate that the newly released version of the API is malfunctioning;

Health checks process binary metrics that represent whether the system is alive at all or not.

Observability extends this approach. Observability is the ability to understand the state of the system by performing continuous real time analysis of the data it outputs.

Instead of just collecting and watching predefined metrics, we continuously collect different output signals. The most common types of signals – the three pillars of observability – are:

Metrics: Numeric data aggregates representing software system performance;
Logs: Time-stamped messages gathered by the software system and its components while working;
Traces: Maps of the paths taken by requests as they move through the software system.

The development of complex distributed microservice architectures has led to complex failure scenarios that can be hard or even impossible to predict. Simple monitoring is not enough to catch them. Observability helps by improving our understanding of the internal state of the system.

Metrics

Choosing the right metrics to collect is key to establishing an observability layer for our software system. Here are a few different popular approaches that define a unified framework of must-have metrics in any software system.

USE

Originally described by Brendan Gregg, this approach focuses more on white-box monitoring – monitoring of the infrastructure itself. Here’s the framework:

Utilization – resource utilization.
- % of CPU / RAM / Network I/O being utilized.
Saturation – how much remaining work hasn’t been processed yet.
- CPU run queue length;
- Storage wait queue length;
Errors – errors per second
- CPU cache miss;
- Storage system fail events;

Note: Defining “saturation” in this approach can be a tricky task and may not be possible in specific cases.

Four Golden signals

Originally described in the Google SRE Handbook, the Four Golden signals framework is defined as follows:

Latency – time to process requests;
Traffic – requests per second;
Errors – errors per second;
Saturation – resource utilization.

RED

Originally described by Tom Wilkie, this approach focuses on black-box monitoring – monitoring the microservices themselves. This simplified subset of the Four Golden Signals uses the following framework:

Rate – requests per second;
Errors – errors per second;
Duration – time to process requests.

Choosing and following one of these approaches allows you to unify your monitoring concept throughout the whole system and make it easier to understand what is happening. They complement one another, and your choice may depend on which part of a system we want to monitor. These approaches also don´t exclude additional business-related metrics that vary from one component of the software system to another.

Logs

System logs are a useful source of additional context when investigating what is going on inside a system. They are immutable, time-stamped text records that provide context to your metrics.

Logs should be kept in a unified structured format like JSON. Use additional log storage/visualization tools to simplify interaction with the massive amount of text data the software system provides. One very well-known and popular solution for log storage is ElasticSearch.

Traces

Traces help us better understand the request flow in our system by representing the full path any given request takes through a distributed software system. This is very helpful in identifying failing nodes and bottlenecks.

Traces themselves are hierarchical structures of spans, where each span is a structure representing the request and its context in every node in its path. Most common tracing visualization tools like Jaeger or Grafana display traces as waterfall diagrams showing the parent and child spans caused by the request.

Conclusion

Building an observable software system lets you identify failure scenarios and possible risks during the whole system life cycle. A combination of metrics, extensive log collection, and traces helps us understand what’s happening inside our system at any moment and speeds up investigations of abnormal behavior.

This article was just the first step. We’ve covered the standard approaches to metrics and briefly discussed traces and logs. But to implement an observable software system, we need to set up its components correctly to supply us with the signals we need. In part 2, we’ll discuss instrumentation approaches and modern standards in this field.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

2022 Nord Security

CYBER DEFENSE FOR BUSINESS: MAPPING PAIN AREAS AND SECURING THEM

Sometimes cyberattacks just seem to happen. Even in those instances, when you have: some cybersecurity measures in place and your employees know of good cybersecurity hygiene.

The Defensive Strategist at Nord Security, Adrianus Warmenhowen, points out that having systems in place often is not enough. They may protect your company at an 80% or 90% rate, but good hackers will target your weak points. Therefore, in this interview, he explains how organizations can identify their vulnerabilities and what are the best ways to secure those pain areas.

Tech person by nature

First, could you tell us a bit about your role here at Nord Security?

At Nord Security, I am a Defensive Strategist, meaning I advise on areas that need a strategic focus on the protection of customers.

Could you give us a brief overview of your career path?

I started my journey with the internet and cybersecurity in the middle of the 1980s. And since then, I’ve had many adventures along the way. I’ve helped in the pioneering years of the internet, where cybersecurity kind of crept into my daily responsibilities, and soon after, hacking became another area of interest for me.

Earlier in my career, I worked with the aviation industry, electric companies on high voltage equipment, satellites, and more.

The growing cyber threat to companies

2021 was a record-breaking year with a 50% increase in corporate cyberattacks. What do you think are the major reasons behind it?

The pandemic in the first place. People had less mental ‘back-up’ from colleagues while working from home.

In general, the past years felt for me like a watershed moment for criminals in how to conduct cyberattacks with a return on investment: cybercrime got professional.

What are the most common types of cyberattacks that companies are exposed to, and what disruptions can they cause?

In general, companies are most likely to experience either ransomware or (d)DOS attacks. Ransomware because it pays the criminal well, and denial-of-service attacks because people want to be actionable instead of just doing more talking.

However, those cyberattacks that cause no direct disruptions are actually the ones you should worry about. By this, I mean information stealing. It can range from intellectual property to bid books, from vendor assessments to information on where you buy your hardware. That last one is important for supply-chain poisoning.

How do cybercriminals identify which companies or employees will be their next targets? Where and how are they looking for pain points they could exploit?

Well, when a vulnerability comes out that is remotely exploitable, then search engines like Shodan or BinaryEdge can be used to identify potential victims quickly. A good example of such a case is the Kaseya or Solar Winds debacle.

As for ransomware, an organization’s digital footprint is one of the ways attackers can target their victims and plan their attacks. For instance, monitoring a company’s LinkedIn page can give an insight into the churn and the rate at which people get hired/leave the company. If a company has a high churn rate, there will be many inexperienced and/or disgruntled people. That is the perfect phishing spot or moment to try a CEO fraud.

Sites like Glassdoor are also good for gathering this kind of information. Another valuable source of information can also be announcements of new partnerships or acquisitions.

Identifying pain points and securing them

How can companies best identify their pain points? How should they look for them?

One of the most effective ways is to get someone from the outside looking in. And by that, I mean someone who will be searching not for the solutions to the problems but for vulnerabilities and unprotected areas that your company has.

The truth is that we all rather run through our “happy paths” to do our work and are just glad we can avoid the day-to-day pitfalls of what we are doing. But for the sake of security, we really should take the pain and enumerate as much as possible what could go wrong and why. For that, an outsider can usually help. Just don’t get me wrong. I don’t mean “hire a pentester and be done with it.” The pentester will probably find something, but not all the things that make “you being at risk.”

A really good starting point could be to leverage your audits if you have certifications. An auditor is quite meticulous (if you have a good one), and an audit process is pretty transparent to all involved because all shortcomings are discussed during this procedure.

After an audit and the subsequent resolution of any issues found, various specialists can be used to target specific areas. That could be a pentester, pickpocket, or lockpicker (depending on your business type). Finally, if your company discusses a lot of sensitive information, then you might want to set up a spying operation on yourself.

Also, set up a permanent bug bounty program so that well-willing people can report to you if they find anything out of the ordinary.

But above all, start with a “cleaning out the crud” session.

What measures or actions should businesses take to protect themselves from potential cyber threats?

Organize and systemize everything you have.

For your tech, have a form of CMDB (Configuration management database) with ownership (for risk acceptance). For your personnel, have proper onboarding/offboarding procedures. And make transfers like offboarding->onboarding so you can avoid accrual rights. Make sure you spot unhappy employees and unhappy customers – document this (but keep their privacy decent). Even if you are a small business, know your battlefield.
Do regular updates and patches.

For instance, have every odd-week Tuesday be your patch day. Always reserve that time. If nothing is to be patched, use that time to review vendors and check if anything approaches end-of-life and such.
Use encryption everywhere.

A VPN will help make your infrastructure less visible to attackers and protect you during client meetings, lunch discussions, or work-from-anywhere.
Use an antivirus.

Even if it is unused 99.9%, you will be happy for that one single time it blocks ransomware.
Use offline rotating backups for your most important data.

A couple of SSDs should be able to hold a backup of most of your documents and probably even export your database. At the very least, keep a copy of all the contact information of your customers and employees with an offline backup.
Use a password manager.

Secure that password manager with a passphrase (a sentence, maybe from a book you liked, a song, or a poem). The reason for using a password manager is simple, SSO is not available everywhere, and using OAuth gives away a lot of information to your identity provider. And some websites simply need a separate account/log-in.
Have regular security meetups with employees to check what is new, what is wrong, and what to do about it.
Keep in mind that there is always something to protect. Make a policy that explicitly states: that if there is no budget for securing something, it is automatically a risk accepted by the board.

On what things should organizations focus on when mapping their cyber battlefield and building up their cyber defenses?

Knowledge.

Know what you have, what connects to what and why (do you really need plugins in Slack or Jira, or are they “just” quality of life improvements), who has access to what and why (and, very important – from when to when). What software runs on what, and does it really need to be accessible from the outside world.

Really, take the pain and map out what you have now and then adjust your processes so that this knowledge is updated all the time. Do a two-yearly check if everything is as it is documented.

Don’t fall into the “productivity fallacy” trap – all arguments there are comparable to removing the safety measures of your car so that you can drive faster. It might seem the right thing when you blast across the highway doing 200, but the crash when you did not turn out to be Max Verstappen will be much more devastating. This goes for cybersecurity all the same: you might feel like the proper business king when you outdo your competition in time-to-market, but when it goes wrong, it is not just you. It is your clients’ lives as well that get mangled in the “incident.”
On processes and audit trails.

The audit trails are an essential part of the knowledge because they document what is changing in our current state of knowledge.

Processes make things predictable and reliable. A process does not have to be an oppressive set of micromanagement instructions but can be as simple as “for each system in our CMDB, do a security check and document it.” In fact, the most crucial part of a process is not the steps within it but the interfaces with other processes, input, and output. Whenever there is a handover, it pays to check the CIA triad (Confidentiality, Integrity, Availability) and what the handover means to each of these.

Also, to dispel a myth: you can have an open culture and still be very good at keeping things a secret. It should be normalized that you can tell your co-workers, “I can not tell because of confidentiality,” because it simply means those co-workers are not instrumental in that specific case. If they were, access would be granted when needed.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

2022 Nord Security

Choosing the Right Web Application Firewall – Part One

In my previous articles, I mentioned firewalls, so I decided to dedicate this entire article to that topic. First, I want to give a basic explanation of firewalls and more information about web application firewall so you can make a more informed decision. I have mainly mentioned the usage of web application firewalls to prevent attacks such as SQL Injection, XSS (cross-site scripting), cookie poisoning, etc.

What is a firewall?

A firewall is software or hardware used to monitor network data (traffic) and compare it against a set of rules. Depending on the rules, traffic will be passed or blocked. On the Internet, you might hear this analogy: a firewall is a guard or gatekeeper at the entrance of an event. This gatekeeper can check the ID of individuals against a set of rules before letting them enter (or leave). But before I explain more, I need to cover some basics – OSI layers and TCP/IP.

Layers of the OSI model and TCP/IP

The OSI Model (Open Systems Interconnection Model) is used to describe how a network system functions. This model is split into seven abstraction layers:

Physical – lowest level responsible for a physical connection between devices, transmitting bits from one node to the next. This layer converts data to 0s and 1s to the next Data Link layer.
Data Link – this layer is responsible for checking if data transfer is error-free (error checking/formatting) between one node to another in the physical layer. The primary purpose of the data link layer is to help the sender send a set of meaningful bits to the receiver.
Network – this layer is responsible for defining which physical path the data will take. It is taking care of the transmission of data from one host to another that are on different networks.
Transport – transmits data using transmission protocols (TCP and UDP). It contains information if the data transmission is successful, and then, if yes, it transmits the data. If an error is found, the data is re-transmitted.
Session – this layer maintains connections and is responsible for controlling ports and sessions.
Presentation – this layer ensures that data is in a usable format. It is also where encryption occurs.
Application – this layer interacts with the user and displays the received information to them.

*OSI model was published in 1984 by the International Organization for Standardization (ISO). For more information of the layers (and their functions), you can check out this site. Keep in mind that today’s Internet is based on the TCP/IP stack. OSI model is an abstraction, and something we use to learn about the internet protocols. The implementation is based on the TCP/IP stack, not the OSI model. TCP/IP layers are the four layers of the TCP/IP model: link layer, network, transport, and application. Data is passed in a particular order. (From the bottom layer to the top layer and back) If you want to read about TCP/IP layers, check out this site.

Classifications of firewalls

There are a few classifications for firewalls. The first one is a hardware or software firewall. Hardware is when the firewall is separate hardware through which the network traffic is going (such as Cisco ASA). A software firewall is software that comes with the OS, such as Windows Defender Firewall – which is also called a host firewall. On Linux, you usually get a built-in host firewall called ufw (uncomplicated firewall). You can also install a third-party solution (Comodo, Norton, etc.) The second one is the classification by personal or commercial use. Personal is mainly for use at home and it is designed for small networks. The commercial firewall is designed to protect medium to large networks. However, the most important classification is by the layers on which the firewall operates. Firewalls mainly focus on layers 3 and 4 (sometimes even 2). Next-generation firewalls cover layers 5, 6, and 7. The third classification is based on firewall abilities:

Packet-Filtering FirewallCircuit-Level Gateway
Stateful Inspection Firewall
Proxy Firewall – all traffic goes through WAF on its way to the server
Next-Generation Firewall (NGFW)
Cloud Firewall or Firewall as a Service (FWaaS)

I will focus on the Web Application Firewall, an example of Proxy Firewall and Firewall as a Service (FWaaS).

Web Application Firewall

Definition of WAF by OWASP on their site: A “‘ web application firewall (WAF)'” is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. The proxy firewall inspects the content of the payload (packets). As a difference between the third classification from the paragraph above, this one is not limited to packet headers. FWaaS is a hardware firewall in a cloud environment. Its features depend on the service provider, and it benefits from the scalability of cloud architecture.

Types of Web application firewalls

There are three types of web application firewall: hardware, software, and cloud-based. All of them have advantages and disadvantages, and it is very important to know them before choosing the right one for your web application. 1- Hardware – This hardware solution is installed locally in LAN close to application and web servers. This solution is good because it can be modified, and it supports configurations and updates. It is very fast, and it has high performance. This type is perfect for big organizations when the application has many visits on daily basis. For small organizations, it is not cost-efficient because it can be costly. List of WAFs: WAPPLES, Imperva SecureSphere, Barracuda Web Application Firewall, Citrix Netscaler Application Firewall, Fortinet FortiWeb, F5 BIG-IP Application Security Manager (ASM). 2- Software – this one is different than a hardware firewall because you would need a virtual machine instead of dedicated hardware. Of course, as you can guess that this solution is usually cheaper than hardware. The advantage is that it can be used in your on-prem systems, while you can also deploy it in the cloud. A disadvantage is that it is slower because it runs on a VM. This solution is suitable for small and medium organizations. 3- Cloud – this firewall is provided and managed in the form of software as a service – SaaS. This solution is entirely in the cloud. This solution is good because the service provider provides optimizations and updates, so you would not need to manage anything. On the other hand, it is also a disadvantage because if you require some customizations, you can simply not do it, or if there exists such an option, it will probably be more complex in some way. This solution is good for small and medium organizations which don’t have enough resources that would focus on the management of WAF. *List of software and cloud-based WAFs will be covered in the next part of the article.

How is WAF configured?

WAF can be configured in three different ways:

Whitelisting
Blacklisting
Hybrid

If you choose to use the whitelisting model, you would usually start by blocking everything (no Internet at all!), and then you would go on gradually from there, allowing only what’s necessary for your application. On the other hand, the blacklisting model is the opposite of whitelisting. You would need to create a list of criteria by which the traffic will be blocked. The third model is hybrid. If you decide to use this model, you will probably have an application with some specific criteria required where you will combine whitelisting and blacklisting. Ideally, you will use the best of both worlds, so to speak. To choose a model, you would first need to define the needs for your application. (You might also want to consider your infrastructure.)

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

vRx 2022

如何確認您的電腦可能被黑客入侵

全球網絡犯罪分子每年因人們的誤點網絡釣魚連結、重要軟件忘記更新以及沒有使用雙重身份驗證（MFA）等行為而賺取數萬億美元，他們藉由不同的攻擊媒介，竊取帳號資料，或透過各種工具、網絡犯罪行為及不法網站等，來取得交易訊息；且潛伏的時間越長，造成的損失就越大，後果可能也就越昂貴，因此，如能越早發現越好，所以主動進行一些確認或檢查也是有其道理的。據 FBI 指出，去年（2021 年）有 847,000 家企業和消費者遭遇網絡犯罪事件，損失金額近 70 億美元，ESET 資安專家提醒千萬不要為時已晚才採取行動。

如果不想成為網絡犯罪的受害者，請留意以下十個跡象，代表您的電腦設備可能已被黑客入侵：

1. 您收到勒索軟件訊息
最顯而易見的是，當您開機時不是出現一般的啟動畫面，而是看到勒索訊息，那麼您很有可能已成為勒索軟件的受害者了，它通常會給一個很短的支付時限及說明如何支付贖金，但不幸的是，即便您確實遵守了指示，也有三分之一的機會無法重新獲得這些加密文件的存取權限。

2. 電腦跑很慢
當惡意軟件（包括特洛伊木馬、蠕蟲和加密貨幣挖礦）植入於電腦設備時，它們通常會使運行變慢，尤其是加密劫持攻擊，它會佔用大量的效能，當然電腦跑很慢不全然是惡意因素所造成，也有可能是電腦設定不佳等問題。

3. 視訊鏡頭自行開啟
黑客使用的一些間諜軟件除了可以取得您在電腦設備的資料外，還能偷偷打開視訊鏡頭和麥克風，藉由這樣記錄和竊取您和您家人的視頻，進而用於勒索，所以請密切留意視訊鏡頭，檢查它是否會自行開啟，ESET 資安專家建議最好利用貼布貼住，來確保不會使用到它。

4. 您的朋友收到來自您電子信箱的不明郵件
還有一個證明您的電腦設備已被入侵的指標是，如果您的朋友和客戶開始收到來自您的不明電子郵件或社交媒體帳戶的垃圾郵件；典型的網絡釣魚就是劫持受害者的帳戶，然後向他們的所有朋友發送垃圾郵件或網絡釣魚。若所有帳戶都有使用雙重身份驗證（MFA）的機制，則可以輕鬆緩解這種威脅。

5. 頻繁地彈出視窗
廣告軟件通常透過受害者接觸過多的廣告量來讓攻擊者賺錢，因此，如果您的電腦頻繁地彈出式廣告，這代表某處可能安裝了一些惡意代碼或可能不需要的軟件。

6. 工具列突然出現新的圖標
惡意軟件還可能在您的瀏覽器上安裝其他工具列，如果您發現任何您不認識或不記得下載的內容，則可能意味著您的電腦設備已被黑客入侵；如果您遇到 APT 團體的惡意軟件攻擊，則可能需要將您的電腦設備恢復至出廠設定才能將其刪除，若是 PUA（Potentially Unwanted Application，潛在有害應用程式）的話，只要刪除應用程式和工具列就可以了。

7. 出現隨機圖標
當惡意軟件安裝在受感染的電腦設備時，通常會出現新的桌面圖標，只要桌面整齊地排列成少量的文件、文件夾和程式，就可以輕易發現。ESET 資安專家建議整理一下電腦桌面，以便更好地追踪電腦設備上的圖標。

8. 密碼無法使用/無法登錄
如果黑客入侵了您的電腦設備，他們很有可能已經劫持了各種在線帳戶，例如您的電子郵件，並更改了密碼，將您拒之門外，這也是所有網絡攻擊中最嚴重的情況之一。

9. 個資和登錄資訊在暗網流通
如果您收到與您有業務往來公司之資料外洩通知，請務必嚴肅看待並在可以提供第三方確認任何違規行為，如 HaveIBeenPwned 之類的網站進行驗證。另外利用暗網監控工具還可以在網絡犯罪的相關論壇搜索您的資料，以更主動的方式來了解您的個資和登錄資訊之暗網流通狀況。還有若您能迅速進行更改密碼、凍結信用卡等行為，也可以降低被黑客利用或攻擊的風險。

10. 您收到來自防毒軟件的警告
來自反惡意軟件工具的警告也應慎重看待，儘管耳聞有假冒的電腦防毒軟件彈跳視窗，但仍請確認訊息是否來自於您購買的電腦防毒軟件供應商，並按照說明嘗試查找並刪除您電腦設備上的惡意文件。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴，Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區，客戶來自各行各業，包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於ESET
ESET成立於1992年，是一家面向企業與個人用戶的全球性的電腦安全軟件提供商，其獲獎產品 — NOD32防病毒軟件系統，能夠針對各種已知或未知病毒、間諜軟件（spyware）、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用系統資源最少，偵測速度最快，可以提供最有效的保護，並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”（Deloitte’s Technology Fast 500）公司，擁有廣泛的合作夥伴網絡，包括佳能、戴爾、微軟等國際知名公司，在布拉迪斯拉發（斯洛伐克）、布裏斯托爾（英國）、布宜諾斯艾利斯（阿根廷）、布拉格（捷克）、聖地亞哥（美國）等地均設有辦事處，代理機構覆蓋全球超過100個國家。

edm