“Alone we can do so little; together we can do so much.”

In light of the words of Helen Keller, we are pleased to announce the beginning of a strategic partnership with our new distributor – Intelligent IT Distribution, a company specializing in delivering advanced technologies that guarantee the highest level of security. We firmly believe that the synergy of our strengths and our shared vision of innovation will contribute to dynamic growth and the creation of even more sophisticated solutions, setting a new standard in the field of cybersecurity.

Our primary goal is to provide partners and end customers with the most comprehensive and reliable tools to effectively protect their IT infrastructure. Through this collaboration, Intelligent IT Distribution will be responsible for distributing NACVIEW in key markets such as Ukraine, Georgia, Azerbaijan, Kazakhstan, and Uzbekistan, thus opening new opportunities for growth and digital security in these regions.

The DORA Regulation (Digital Operational Resilience Act) introduces new standards for operational resilience in the financial and ICT sectors. Its goal is to ensure that organizations using information technology are prepared to manage risks associated with cyberattacks and disruptions in the supply chain.

The protection and prevention measures highlighted in Article 9 of the regulation require entities to implement appropriate security tools, such as:

• Deploying automated mechanisms to isolate informational resources in the event of cyberattacks;
• Using solutions to minimize the risk of unauthorized access;
• Implementing policies to restrict physical or logical access to informational and ICT resources.

In the context of meeting these requirements, Network Access Control (NAC) systems play a crucial role, enabling precise control over access to infrastructure.
The ICT sector’s supply chain is a complex ecosystem involving diverse service and technology providers. Each of these providers has the potential to become a weak link in the security chain. A lack of control over who and how access to infrastructure is granted creates risks of unauthorized access, data leaks, or the introduction of malicious software. The DORA Regulation emphasizes risk management related to suppliers, requiring solutions that effectively monitor and control network access. Implementing a NAC solution allows organizations to meet these demands.

How Does NACVIEW Work?

NACVIEW is an advanced NAC that provides:

• Precise access control: The system identifies all devices and users in the network, including external suppliers, and assigns them appropriate permission levels.
• Integration with IPS/IDS systems: Through integration with network traffic analysis systems, NACVIEW enables immediate response to potential threats.
• Network segmentation: Suppliers can access only selected resources, minimizing the risk of security breaches in other parts of the infrastructure.
• Full regulatory compliance: NACVIEW helps organizations document activities related to access control, a crucial aspect of DORA’s reporting requirements.

Key Benefits of Implementing NACVIEW:

1. Enhanced network security: Eliminates the risk of unauthorized access through strict supplier control.
2. Regulatory compliance: NACVIEW helps organizations meet the stringent requirements of the DORA Regulation while ensuring operational continuity.
3. Transparency and control: Provides detailed insights into the activity of suppliers and users, simplifying risk management in the supply chain.
4. Reduced impact of potential incidents: The ability to quickly isolate at-risk devices or users prevents the spread of problems within the network.

In the era of digitalization, where ICT infrastructure security is the foundation of operational activities, systems like NACVIEW play a critical role. By enabling precise management of network access, organizations can not only meet the requirements of the DORA Regulation but also effectively protect their resources and data from threats. Implementing such solutions is not just about regulatory compliance; it is an investment in security and operational stability.

Recently, cybersecurity specialists discovered a critical vulnerability in the RADIUS protocol (CVE-2024-3596), which enables Man-in-the-Middle attacks. This vulnerability allows an attacker to modify RADIUS packets, potentially leading to unauthorized access to network devices and services. The issue affects all RADIUS implementations using unencrypted authentication methods (e.g., PAP, CHAP, MS-CHAPv2) over UDP communication.

Network device manufacturers are responding to this vulnerability by introducing a series of updates in their products. New software versions enforce validation of the message-authenticator attribute and reject RADIUS responses with unrecognized proxy-state attributes.

To secure your network, it is recommended to implement TLS or IPSec protocols, which prevent such threats. It is also worth noting that the 802.1X (EAP) standard is not susceptible to this vulnerability, making it a safe and recommended method.

Network administrators are advised to deploy available updates and switch to encrypted authentication methods wherever possible. Additionally, monitoring RADIUS traffic for unusual activities can help quickly detect any attack attempts. This issue particularly affects networks that send RADIUS traffic over the Internet.

NACVIEW system already has an appropriate patch implemented to fully cooperate with various network devices, ensuring compliance with the latest security requirements and protection against the BlastRADIUS vulnerability.