Skip to content

Cloud Security and Compliance Best Practices

 

 

Introduction: Why Secure Remote Access Matters

In healthcare and government, digital modernization must walk hand-in-hand with data protection. The rise of remote work, third-party vendor access, and hybrid IT environments means sensitive systems—like Electronic Health Records (EHRs) or citizen databases—are more exposed than ever.

Yet many agencies still rely on aging infrastructure, traditional VPNs, and siloed access control mechanisms that fail to meet the requirements of today’s compliance and threat landscape.

Thinfinity® Workspace addresses these issues head-on with a platform built for secure, compliant, and highly controlled access to desktops, legacy apps, and critical systems—whether hosted on-premises or in the cloud. For CISOs, this presents an opportunity to enforce Zero Trust principles while maintaining operational agility.

 

Key Challenges in Regulated Environments

Implementing remote access in healthcare and public sector IT brings specific hurdles that cannot be ignored:

1. Sensitive Data Exposure

Healthcare organizations must protect ePHI (electronic Protected Health Information), while government agencies manage confidential personal records and mission-critical data. These are prime targets for cybercriminals—and data breaches in these sectors can cost millions and erode public trust.

2. Compliance Overlap and Complexity

CISOs must navigate and enforce compliance with HIPAA, GDPR, NIST SP 800-53, FedRAMP, and internal IT governance mandates—often simultaneously. This creates a complex web of controls, documentation, and audit requirements.

3. Legacy Access Models

Traditional VPNs and Remote Desktop Gateways lack granular access controls and auditing. They expose too much of the network and are difficult to manage securely in multi-tenant, cloud, or hybrid environments.

4. Insufficient Visibility and Control

Without full session logging, real-time monitoring, and centralized identity governance, it’s nearly impossible to track access, respond to threats, or produce compliance-ready audit trails.

 

 

Security Best Practices with Thinfinity Workspace

Thinfinity Workspace is designed with compliance and security-first principles. Below are key practices for a secure deployment.

End-to-End Encryption

All traffic through Thinfinity Workspace is encrypted using TLS 1.3, which prevents eavesdropping or data tampering in transit. For data at rest—such as cached session data or temporary storage—AES-256 or CAST-128 encryption can be configured. This ensures your encryption stack aligns with HIPAA, NIST, and GDPR standards.

 

Multi-Factor Authentication (MFA)

MFA is a foundational Zero Trust pillar, and Thinfinity offers robust options:

  • TOTP/HOTP support for Google Authenticator and Microsoft Authenticator
  • FIDO2/WebAuthn for biometric, phishing-resistant authentication using Passkeys, Windows Hello, or security keys
  • SAML/OAuth2 federation with Azure AD, Okta, Ping Identity, and others
  • PKI-based client authentication to validate device trust
 

MFA can be enforced per user, group, or session type, with conditional access rules based on geography, job role, or device compliance.

PKI-Based Device Trust

Thinfinity can be configured to only allow access from devices with valid digital certificates. This ensures users can’t connect from rooted, jailbroken, or non-compliant endpoints. It’s ideal for BYOD scenarios where hardware attestation is critical.

Role-Based Access Control (RBAC)

Define and enforce access policies that limit exposure based on:

  • Department or project role (e.g., Radiology, Finance, IT Admins)
  • Session type (persistent vs. non-persistent VDI)
  • Device or network location
  • Clearances (e.g., vendor vs. staff vs. classified user)

Access can be scoped to individual applications, full desktops, or RemoteApps—with fine-grained control over features like clipboard use, file transfer, and printing.

Zero Trust Enforcement

Thinfinity’s architecture eliminates network exposure:

  • Uses reverse tunneling, so no inbound ports are opened
  • Sessions are brokered internally, with no IP visibility or subnet access
  • Only explicitly published resources are exposed via tightly scoped session tokens
  • Supports application-level microsegmentation, allowing access only to approved apps—even within the same desktop

 

Compliance Frameworks and Implementation

Thinfinity supports modern regulatory frameworks through technical enforcement and configuration best practices.

US HIPAA Compliance

Thinfinity addresses HIPAA Security Rule technical safeguards:

  • Encrypted transport and storage (TLS 1.3 + AES-256)
  • Strong authentication via MFA and PKI
  • Audit logging and session recording for access traceability
  • RBAC for minimum necessary access

Best Practices for HIPAA:

  • Enable session recording for all users handling ePHI
  • Retain access logs for at least six years
  • Limit file transfers and clipboard for clinical workflows
  • Use AD or SAML to define access control policies centrally
 

EU GDPR Compliance

Thinfinity ensures data privacy by design:

  • Session timeout and auto-logoff prevent unattended exposure
  • Admins can purge logs or anonymize session data on request
  • Deployable on EU-based cloud or on-prem for data residency
  • Integrates with identity platforms for least-privilege access

Best Practices for GDPR:

  • Scope access based on geography and data residency rules
  • Configure session log retention per legal requirements
  • Enable per-role session policies for user rights enforcement
 

 

Risk Mitigation & Incident Response

Auditing & Session Recording

All user activity—logins, file transfers, accessed applications—is logged with timestamps, IP addresses, and user identity. Admins can also enable full screen recording for high-privilege sessions or vendor access. These recordings are encrypted and stored securely for compliance audits or incident investigations.

 

Credential Management

By default, Thinfinity avoids storing user credentials, instead leveraging SAML or OAuth tokens and broker-injected sessions. If persistent credentials are required, they are AES-encrypted and stored under ACL protections. Integration with CyberArk, HashiCorp Vault, or Azure Key Vault allows organizations to enforce just-in-time credential workflows.

High Availability & Disaster Recovery

Thinfinity supports full HA deployment:

  • Multiple Gateways behind load balancers
  • Broker clustering for session orchestration resilience
  • Elastic VDI pools across data centers or regions
  • Failover between on-prem and cloud resources

CISO Leadership Strategies

CISOs are uniquely positioned to ensure that Thinfinity deployments align with both technical requirements and organizational policies.

Strategic Actions:

  • Build a Zero Trust roadmap around Thinfinity access points
  • Collaborate with compliance teams to enforce HIPAA/GDPR-aligned configurations
  • Integrate IdP with multi-domain SSO and MFA enforcement
  • Define retention, expiration, and archival policies for logs and recordings
  • Champion secure onboarding/offboarding of third-party users and vendors

 

Advanced Deployment Scenarios

Air-Gapped and Secure Networks

Thinfinity’s reverse tunnel model works well in isolated environments, allowing administrators to avoid inbound firewall rules entirely. Internal brokers initiate outbound connections, enabling secure access without breaking air-gap principles.

BYOD and Remote Work

For environments supporting personal device access:

  • Enable clientless HTML5 access
  • Enforce MFA + certificate trust
  • Limit session features (no clipboard, file transfer)
  • Use RBAC to define what apps or desktops are accessible

Hybrid Cloud and Sovereignty

Thinfinity supports full flexibility in deployment—on-premises, in your private cloud, or hybrid models. You can control exactly where data resides, aligning with GDPR, CCPA, or national sovereignty laws.

 

Ecosystem Integration

SIEM Integration

While Thinfinity doesn’t yet support native SIEM forwarding, logs are exportable in standard formats. Future support is planned for:

  • Splunk
  • Azure Sentinel
  • Elastic Stack (ELK)
  • IBM QRadar
  • Securonix and LogRhythm

IAM and Vault Compatibility

Thinfinity integrates with all major identity providers via SAML and OAuth 2.0, supporting MFA, conditional access, and pass-through authentication.

Credential vaults like CyberArk and HashiCorp Vault allow secure storage and automatic credential injection into sessions—especially useful for privileged workflows or developer environments.

 

Conclusion & Strategic Action Plan

Thinfinity Workspace empowers CISOs to achieve secure, compliant, and scalable remote access in even the most regulated sectors. From Zero Trust enforcement to detailed audit trails, the platform delivers everything needed to modernize secure access.

CISO Playbook:

  • Review compliance mapping to HIPAA, GDPR, and NIST
  • Implement MFA + PKI for sensitive roles and devices
  • Define and test RBAC policies per application and team
  • Set up audit logging and session capture
  • Architect for HA and DR using hybrid cloud designs
 

 

About Cybele Software Inc.
We help organizations extend the life and value of their software. Whether they are looking to improve and empower remote work or turn their business-critical legacy apps into modern SaaS, our software enables customers to focus on what’s most important: expanding and evolving their business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

How to change your Google password?

With over 2.5 billion users and the world’s second-largest email client market share, thanks to Gmail’s popularity, Google is undoubtedly a dominant force on the internet. It’s unsurprising that Google Accounts are a usual target for hackers—with so many users around, they can gather plenty of valuable data.

If you’re concerned that your account might be compromised, have detected suspicious activity, or simply forgot your login details, this guide will cover how to change your Google password on desktop and mobile devices. Google keeps it pretty simple, as all password settings follow the same layout across different devices. So, let’s get started.

How to change your Google password on the desktop

To access your account settings, you can use one of Google’s services. For the purposes of this guide, let’s use Gmail. However, Google’s home page, Drive, YouTube, and other adjacent pages can also be used.

  1. Visit the Google Account page.

  2. Select “Personal info,” and under “Other info and preferences for Google services,” select “Password.” You can also find password settings in the “Security” tab under “How you sign in to Google.”

  3. To verify you’re trying to access these security settings, you will need to enter your current Google password.

  4. Once you’ve verified your access attempt, you can enter your new Google Account password. Google requires a password to be at least 8 characters long. You can use a password generator to create a strong and unique new password. Once you’ve entered it, select “Change password.”

  5. That’s it! You’ve just changed your Google password.

Keep in mind that Google will automatically log you out of your devices except for the device you use for verification or some third-party apps and home devices with authorized access. You will need to confirm your login attempts using your selected verification method.

How to change your Google password on iPhone or iPad

  1. Open the Gmail app and tap your profile picture at the top right corner. If you don’t use the app, go to https://myaccount.google.com/ to access your account and proceed to step 3.

  2. Tap the “Manage your Google Account” button.

  3. Select the “Personal info” tab and navigate down to “Other info and preferences for Google services.” Here, select “Password.” You can also find the same password settings in the “Security” tab under “How you sign in to Google.”

  4. For security reasons, you will be prompted to enter your current Google password.

  5. Now, enter your new Google password—make sure it’s at least 8 characters long—and select “Change Password.”

  6. That’s it! You can now use your new password to log in to your Google Account.

After being automatically logged out, you will need to enter your new credentials to access your Google Account.

How to change your Google password on Android

Since Android devices are owned by Google, you can update your credentials in the settings or via one of the Google apps on your device. Here’s how to change your Google password via Android settings:

  1. Go to your phone settings. The access may vary depending on your device model.

  2. Find the “Google” section, and under “Google services,” tap your Google Account name. Then, tap “Google Account.”

  3. You can find the password settings in the “Personal info” section under “Other info and preferences for Google services,” or in the “Security” settings under “How you sign in to Google.” In either section, select “Password.”

  4. You will be prompted to enter your current Google password.

  5. Now, enter your new Google Account password. To ensure it matches password strength criteria, make it at least 8 characters long and include a random combination of letters, numbers, and special characters. Then, select “Change password.”

  6. That’s it! You’ve now successfully reset your Google password on Android.

Keep in mind you may be prompted to log in to your device’s Google Account again using the new credentials.

 

How to reset your Google password if you forgot it

It’s all fun and games until you’re setting up a new device, get to the Google Account login screen, and realize your password has vanished. It’s not in your head, it’s nowhere to be found in your notes. To avert disaster, it’s time for a quick Google password reset.

Thankfully, Google has put the work in to make account reset as smooth and painless as can be during the sign up process. You have the option to add a phone number or additional email address to your account for account reset and authentication purposes.

Here’s how you can reset your Google password:

  1. Go to https://accounts.google.com/signin/recovery to begin the recovery process.

  2. Enter your email address or, if you have it linked to your account, your phone number, and select “Next.”

  3. You can enter the last password you remember using for your Google Account and select “Next.” If you can’t remember any of your previous passwords, select “Try another way.”

  4. You will then be prompted to enter the phone number provided in your security settings. If you know the phone number, enter it and select “Next.” If you can’t use the related phone number, skip to step 6.

  5. You will be sent a recovery code to your phone number. Enter the code and select “Next.”

  6. If you can’t access your phone number in step 4, select “I don’t have my phone.” You’ll be able to enter your recovery email address to get a verification code. Enter the code and select “Next.”

  7. You’ll then be able to set up a new password for your account. Select “Save password.”

  8. Congratulations! You’ve reset your Google Account password.

How to secure your Google Account after changing the password

Now that your account is secure, let’s take some steps to ensure it stays that way. There are a few different security measures you can switch on, both internally and externally, to keep your Google Account protected from unauthorized access.

Two-factor authentication (2FA)

Two-factor authentication, or “2-Step Verification” as it’s called in your Google settings, is an easy way to protect your account by adding an additional authentication step. You can find the 2FA setup in your Google Account’s security settings:

  1. In the “How you sign in to Google” section, select “2-Step Verification.”

  2. If you haven’t already, link a phone number to your Google Account. You’ll receive an SMS with a verification code.

  3. Enter the code and select “Done.”

  4. That’s it! Now Google will send a verification code to your phone whenever you log in to your account. You can turn off 2FA at any time.

Passkeys

Setting up a passkey is perhaps a lesser-known yet certainly reliable way to protect your Google Account. A passkey is an authentication method that combines your biometric information with your personal device to create a more secure login experience. Google started supporting passkeys back in 2023, creating an easier way for users to authenticate their accounts without worrying about forgetting passwords.

To set up a passkey for your Google Account, go to “Security” settings and select “Passkeys and security keys” under “How you sign in to Google.” Then, simply select “Create a passkey.”

Check for unauthorized sessions and devices

If you’re receiving suspicious emails or requests to verify login attempts, it’s possible someone has added their device to your Google Account without your authorization. Likewise, if you’ve transferred your device ownership to another person, you may want to disconnect your Google Account access from that device.

To check what devices are connected to your Google Account, go to your “Security” settings and find the “Your devices” section. Then, select “Manage all devices” and carefully look at the list. If you spot any suspicious device connected to your account, tap it and select “Sign out” to cut off access. For security reasons, you may want to change your Google password if you haven’t done so already.

Store your new password securely

Even with additional security measures switched on, it’s essential to keep your Google Account password secure. To do this easily, you can use a password manager like NordPass. It provides encrypted storage for all your credentials, Google included, and comes equipped with a Password Generator that you can use to create your new account password.

NordPass is available as a Google Chrome extension, meaning you can easily access it on your browser. Simply save your Google login details in NordPass and, whenever you need to log in, they’ll be autofilled for you.

In addition to its password management features, NordPass also provides additional security for your accounts. With the Data Breach Scanner, you can check whether any of your email addresses or credit card details have been compromised, while Password Health informs you about old, weak, reused, and breached passwords.

Try NordPass for free today and discover a higher level of security, whether it’s for your Google Accounts, or any other sensitive data on the web.

 

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Keepit’s intelligent platform named “Data Security Solution of the Year” in 2025 Data Breakthrough Awards Program

The Data Breakthrough Awards recognizes outstanding data technology products and companies

COPENHAGEN, Denmark – April 3 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today announced that it has been selected as winner of the “Data Security Solution of the Year” award in the 6th annual Data Breakthrough Awards program conducted by Data Breakthrough, an independent market intelligence organization that recognizes the top companies, technologies and products in the global data technology market today.

Keepit’s breakthrough platform protects all key SaaS applications, including Microsoft 365, Microsoft Entra ID, Salesforce, Google Workspace, and more. By having a true third-party backup in a resilient, independent cloud safeguards against threats, ensuring that every backup is accessible when needed.

“Unlike other solutions, we keep your data out of the SaaS vendor’s cloud, ensuring uninterrupted access and protection, even during SaaS vendor downtime. We purpose built our intelligent platform to ensure business continuity,” said Michele Hayes, CMO at Keepit. “We’re grateful to Data Breakthrough for this recognition that underscores our commitment to helping our clients focus on what matters most while also ensuring your data remains secure, compliant, and easily recoverable — all with minimal effort.”

The annual Data Breakthrough Awards is the premier awards program founded to recognize the

data technology innovators, leaders and visionaries from around the world in a range of categories, including DataOps, Data Analytics, AI, Business Intelligence, Data Privacy, Data Storage and many more. The 6th annual Data Breakthrough Award program attracted thousands of nominations from across the globe.

“Keepit offers intelligent SaaS data protection with unmatched security, seamless integration, and flexible data retention built for modern enterprise needs. The continued move to store and secure data in the cloud has resulted in huge amounts of business-critical cloud data that is vulnerable to human error, ransomware attacks, or service provider downtime,” said Steve Johansson, Managing Director, Data Breakthrough. “Keepit offers comprehensive and easy, guaranteed access to backups, and by isolating backups, ensures full data integrity. Keepit keeps your business resilient, no matter what. We’re proud to award them with ‘Data Security Solution of the Year!’”

Keepit ensures the highest operational security standards with ISO/IEC 27001 and SAE 3402-II certification along with helping to meet demanding regulatory requirements. Keepit’s platform is scalable with API-driven backup solutions and a per seat pricing structure. Keepit runs its own data centers in seven regions, guaranteeing data sovereignty and compliance.

 

About Data Breakthrough
Part of the Tech Breakthrough organization, a leading global provider of market intelligence and recognition platforms for technology innovation and leadership, the Data Breakthrough Awards program is devoted to honoring innovation and market disruption in data technologies, services, companies and products. The global Data Breakthrough Awards program provides a forum for public recognition around the achievements of data companies and solutions in categories including data analytics, DataOps, data management, infrastructure and hardware, storage, Business Intelligence and more. For more information visit DataBreakthroughAwards.com.

Tech Breakthrough LLC does not endorse any vendor, product or service depicted in our recognition programs, and does not advise technology users to select only those vendors with award designations. Tech Breakthrough LLC recognition consists of the opinions of the Tech Breakthrough LLC organization and should not be construed as statements of fact. Tech Breakthrough LLC disclaims all warranties, expressed or implied, with respect to this recognition program, including any warranties of merchantability or fitness for a particular purpose.

Download the report

 

Defining data governance and data classification

So, what is data governance and how does it relate to cyber resilience?

Existing under the broad umbrella of data management, data governance is a program — implemented via policies and standards — intended to ensure the availability, quality, and security of an organization’s data in accordance with applicable regulations and obligations (e.g., adhering to industry standards, fulfilling requirements for certifications, etc.).

Within data governance, data classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as the level of sensitivity, risks they present, and the compliance regulations that protect them.

Data governance underpins cyber resilience plans

An intelligent data governance program delivers several beneficial outcomes for organizations:

  • It helps to ensure the availability, quality, and security of an organization’s data, making it a foundational pillar of business continuity.
  • Data governance helps improve overall data accuracy and impacts outcomes based on that data — which can range from comparatively simple day-to-day business decisions and operations to more complex, forward-looking initiatives including AI-focused programs.
  • It helps to support organizational efforts to comply with regulations and other obligations, making it a cornerstone of compliance.
  • An effective data governance program also permeates the entire organization, increasing data literacy, data accessibility, and data scalability.

Do you know where your data is?

Of course, disaster recovery planning cannot start without a clear understanding and mapping of your data and its significance to your business. What data is crucial for us to continue running our operations? Who needs access to which data to do their job? Where do we store all of this critical data?

Knowing the answers to these questions will start your journey towards ensuring continuity in cases of data loss or cyberattacks. This is achieved through an efficient and effective data governance framework.

I hope that, with our new report in hand, CISOs and CIOs will be able to future-proof their modern, data-driven enterprises through effective data governance.

About Keepit’s new report, “Intelligent data governance: Why taking control of your data is key for operational continuity and innovation.”

Our report takes a practical approach to data governance by offering a resource to organizations for creating or adopting a framework that works best for them.

Key takeaways from the report:

-Major trends shaping enterprise IT

-The importance of “always-on” data

-Resilience against data loss and corruption

-Data governance as an investment

-A practical approach to data governance

-10 questions for board discussions

Get the full report

Data governanceCyber resilienceData protectionIT leadership

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Even searching for protection can be dangerous. Stay informed about new risks with ESET Threat Intelligence

Threat Intelligence can save money, and it doesn’t need to be hard to understand.

Even people living thousands of years ago understood that “knowledge is power”, and amidst the digital era’s rapid developments in technology, including both cyber threats and cyber defense, this ancient wisdom applies more than ever.

A poignant  example, recent ESET research about the newly discovered China-aligned APT group PlushDaemon presented by ESET Malware Researcher Facundo Muñoz at JSAC 2025 conference. This research demonstrates how various users who were seeking protection in the form of a legitimate South-Korean VPN service but, alas, what they attempted to install was in fact trojanized VPN software that delivered spyware.

ESET endpoint protection stopped the malware, but for those who additionally field ESET Threat intelligence and its diversity of feeds, an even more powerful tool lays at their disposal – knowledge. Knowledge about the new threat, the compromised but legitimate URL, and Indicators of compromise (IoC). Using this knowledge, they could readily avoid the threat and check their defenses against the documented PlushDaemon tools.

PlushDaemon

In May 2024, ESET researchers noticed detections of malicious code in an NSIS installer for Windows that users from South Korea had downloaded from the website of a legitimate South Korean VPN company. This installer deployed both the legitimate software and the malicious implant that ESET researchers named SlowStepper.

Another attack vector for PlushDaemon is to intercept network traffic, hijack update protocols, redirect traffic to attacker-controlled servers, and deliver its SlowStepper implant.

However, SlowStepper is a backdoor that attempts to establish communication with a C&C server to receive further instructions. Once communication is established, SlowStepper can process multiple commands such as:

  • Collecting information from the compromised machine such as computer name, list of running processes, list of installed applications, whether cameras or microphones are connected, and more.
  • Executing a Python module from its toolkit; the output and any files created by the module are sent to the server.
  • Deleting the specified file.
  • Process various commands such as creating a complete report about the specified file or deleting the specified file, directory, or all files in a directory.
  • Uninstalls SlowStepper by removing its persistence mechanism and removing its files.

Dangers of data breaches

Going through the list of SlowStepper’s capabilities, it becomes clear that supply-chain attacks pose significant risks to businesses including financial losses due to system downtime, lost revenue, remediation costs, and reputational damage.

These attacks can also lead to data breaches and consequences can be ruinous. The average cost of a data breach jumped to USD 4.88 million from USD 4.45 million in 2023, according to IBM’s Cost of a Data Breach Report 2024. In fact, third-party breaches including supply chain breaches are among the top 3 factors that amplified breach costs.

On top of that, supply-chain attacks are not rare. Verizon’s 2024 Data Breach Investigations Report (DBIR) saw a 68% year-over-year growth in supply-chain attacks.

Yet, these attacks are only a fraction of cyber threats out there. See this list of most frequent attack vectors, according to IBM’s report:

  • Stolen or compromised credentials – 16 %
  • Phishing – 15 %
  • Cloud misconfiguration – 12%
  • Unknown zero-day vulnerability – 11 %
  • Business Email Compromise – 10 %
  • Malicious insider – 7 %

Threat intelligence – knowledge that saves money

Seeing these increasingly sophisticated attacks and how businesses are growing concerned about their cybersecurity, there is no surprise that the global threat intelligence market is projected to grow from USD 5.80 billion in 2024 to USD 24.05 billion by 2032.

IBM’s report calculated that a threat intelligence solution decreases average data breach cost by more than USD 240,000.

At the ESET WORLD 2024 conference, Tope Olufon, senior analyst at Forrester, a leading global market research company, stressed the importance of threat intelligence claiming that organizations need to understand the threat landscape and be prepared for upcoming threats.

However, organizations should also be smart about how they use the provided information – threat intelligence is not about counting detected samples but putting them into context and identifying the right stakeholders, according to Mr. Olufon.

What is ESET Threat intelligence?

Thanks to ESET LiveGrid technology, there are more than 110 million endpoints acting as sensors detecting malware. Combine this data with knowledge of ESET award-wining researchers, and you get a powerful tool that keeps users informed about the current threat landscape, adversaries, malicious programs and their properties, the servers used to propagate them, and even the URLs and domains which spread them.

A threat intelligence feed is an ongoing stream of data related to potential or current threats to an organization’s security that can be easily integrated to SIEM and TIP platforms. Instead of receiving a large amount of non-curated data, ESET shares a curated feed that features top-notch categorization and is pre-filtered for customers to use according to their preferences. Filtering is done by ESET researchers, who understand the internal data intimately.

Such filtering has multiple advantages for users. ESET feeds may be smaller in quantity, but all of the data are relevant and come with a very low rate of false positives. They also come with a significant amount of additional contextual data.

APT Reports provide contextual information about various adversaries, the latest APTs, technical analysis of threats, and activity summaries of the threat landscape. If a new threat is spreading quickly, ESET sends activity alert reports. Users can secure access to both human-readable reports and machine-readable Indicators of Compromise (IoCs).

If you are interested in ESET research blogs like PlushDaemon, or publicly available ESET APT Activity Reports and Threat Reports, bear in mind that these are just the tip of the iceberg of what you can see in documents received from ESET Threat Intelligence.

Now ESET has updated its Threat Intelligence service which consists of 15 feeds and has restructured the ESET APT reports into 3 tiers. Thus, businesses can choose what’s right for them. For example, while a large enterprise can get all the feeds and the highest tier APT report, some other businesses may opt just for a few feeds that are essential to secure their operations.

Users of the ESET Threat Intelligence APT Reports’ Advanced and Ultimate tiers can reduce complexity further with ESET AI Advisor, a specialized AI chatbot designed to provide information about APTs.

Here is the list of feeds:

  1. Malicious files feed
  2. Domain feed
  3. URL feed
  4. IP feed
  5. Botnet feed with two subfeeds:
    a) Botnet – C&C feed
    b) Botnet – Targets feed
  6. APT IoC feed
  7. Android infostealer feed
  8. Android threats feed
  9. Cryptoscam feed
  10. Malicious email attachments feed
  11. Phishing URL feed
  12. Ransomware feed
  13. Scam URL feed
  14. Smishing feed
  15. SMS scam feed

Feed your knowledge

As the world of cybercrime evolves rapidly, new threats are more sophisticated and agile, having access to intelligence about the threat landscape becomes a necessity. ESET Threat Intelligence and its data feeds can set businesses’ minds at ease knowing that they regularly receive the latest information about specific dangers.

What’s more, ESET works tirelessly to make this service as simple-to-use as possible. With APT reports enhanced by AI, curated intelligence feeds, filtering, and seamless integration, businesses can have the current threat landscape for breakfast.

 

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×