Portnox honored with a Global InfoSec Award for its Network Access Control solution.

AUSTIN, TX – April 29, 2025 – Portnox, a leading provider of cloud-native, zero trust access control solutions, today announced its Network Access Control (NAC) was named Best Solution for Network Access Control by Cyber Defense Magazine’s Global InfoSec Awards. The award was announced at the 2025 RSA Conference, taking place this week in San Francisco, CA.

In 2024, Portnox was named “Best Next Gen Network Access Control” in the Global InfoSec Awards and the winner of the Cutting Edge Network Access Control category in the InfoSec Innovator Awards.

“We are incredibly proud to receive this top honor for our Network Access Control solution,” said Denny LeCompte, CEO of Portnox. “This award further solidifies our position as the leader in cloud-native NAC, proving that organizations can achieve robust security without the complexities and burdens of traditional hardware-based solutions. The Portnox Cloud is truly revolutionizing how businesses secure their networks.”

Portnox’s cloud-native zero trust Network Access Control (NAC) solution boasts no on-site hardware, no on-going maintenance, and no management hassles. The platform is tailor-made for resource-constrained IT security teams operating across a highly distributed corporate network.

“We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cyber-crime. Portnox is absolutely worthy of this coveted award and consideration for deployment in your environment,” said Yan Ross, Global Editor of Cyber Defense Magazine.

The complete list of 2025 Global InfoSec Awards winners is located here: http://www.cyberdefenseawards.com/.

The company was recognized by SC Awards Europe for the second consecutive year.

AUSTIN, TX – April 22, 2025 – Building on its continued innovation in authentication technology, Portnox today announced its shortlisting in the prestigious 2025 SC Awards Europe. For the second year running, the company has been recognized in the Best Authentication Technology category, further solidifying its position as a leader in providing robust and adaptive security solutions.

In today’s complex cybersecurity landscape, IT teams face the daunting task of securing an ever-expanding network of managed devices, BYOD, and IoT, all while adhering to stringent compliance requirements. Portnox addresses this challenge head-on, transforming the potential vulnerability of numerous enterprise applications into a securely managed access environment. The cloud-native platform offers a streamlined approach to implementing zero trust and transitioning to passwordless authentication. It provides organizations with an affordable and scalable solution to protect their networks, applications, and critical infrastructure.

The SC Awards Europe celebrates the industry’s top innovators, teams, and solutions. Organized by SC Media, a leading resource for cybersecurity professionals, the awards honor excellence across key areas like threat detection, cloud security, and leadership. Being part of the SC Awards Europe means gaining recognition for contributions to the evolving world of cyber defense.

“We are thrilled to announce the official shortlist for the SC Awards Europe 2025! Congratulations to all those who made the shortlist for showcasing outstanding innovation and excellence in cybersecurity,” said Dan Raywood, Senior Editor, SC Media UK.

“Being shortlisted by the SC Awards Europe for Best Authentication is a testament to our focus on delivering real value to our customers in this critical region,” said Denny LeCompte, CEO of Portnox. “We believe our cloud-adaptive approach, coupled with our European data center, provides the robust and flexible security solutions they need.”

Portnox empowers organizations with a fully cloud-native, unified platform that simplifies the journey to zero trust and passwordless security. This comprehensive solution eliminates the complexities and costs associated with traditional on-prem security deployments, allowing businesses to achieve robust protection for their networks, applications, and infrastructure efficiently and at scale.

Find the complete 2025 shortlist on SC Media’s website. Winners will be announced in London at the SC Awards Europe 2025 ceremony on Tuesday, June 3, 2025.

The December 2013 Target hack remains one of the most infamous data breaches in cybersecurity history.  The hackers stole 40 million credit card numbers, got the PII (Personal Identifiable Information) of 70 million people, cost Target upwards of $200 million, and ruined Christmas for probably every single person working in Target’s IT department.  The breach not only tarnished Target’s reputation but also impacted several other sectors, highlighting the ripple effects of large-scale cyberattacks. Financial institutions faced increased costs for reissuing millions of compromised cards, while consumers dealt with heightened anxiety over identity theft and fraud. The breach also served as a wake-up call for retailers and businesses worldwide, prompting many to reevaluate their cybersecurity practices and adopt more robust systems to safeguard sensitive data. Ultimately, it underscored the critical importance of proactive cybersecurity measures in an increasingly interconnected world.

What the Hack Happened

The breach began when attackers targeted a third-party vendor that had legitimate access to Target’s network. The vendor, Fazio Mechanical Services, was a Pennsylvania-based HVAC (heating, ventilation, and air conditioning) company that provided maintenance services to Target.

Attackers sent a phishing email to Fazio employees, and one unfortunate soul fell for it. That’s a point that deserves some emphasis – it only takes one person, one click, in one unguarded moment, to give the bad actors a way in.  

The laptop was protected with the free version of Malwarebytes – an excellent tool that scans for and eliminates malware when initiated by the user.  The version you pay for – that actually gets appropriately licensed for corporate use – has a real-time scanner that probably would have caught the issue, because the malware installed, called Citadel, was pretty well-known.

Network Infiltration

Using the stolen credentials from Fazio Mechanical Services, the attackers got access to a Target-hosted web service dedicated to outside vendors.  They uploaded a file that allowed them to install a web shell to execute commands on the hosting server.  Some call this a vulnerability, but there are lots of legitimate reasons a web application would let you upload files – invoices, for example – and while it should ideally block executables, it’s easy enough to disguise them. 

 They used a Pass-the-Hash attack to get domain admin credentials, and then the network was their playground.  They went looking for database servers, and they found them – to the tune of 70 million records of PII (Personally Identifiable Information.)

But here’s a fun fact – know what those databases did not contain?  Credit card numbers!  Because Target’s data was PCI-DSS compliant, there was no financial info stored on their database servers.  

Deployment of Malware & Exfiltration of Data

Having been foiled in their scheme by Target’s PCI-DSS compliance, the hackers moved on to plan B (or what might have been plan A all along, we don’t really know) – infiltrate the PoS (Point-of-Sale) servers and capture credit card data in real-time.  They did this using malware called Kaptoxa, which would scrape the machine’s memory and store anything that looked like a credit card number in a file. Then, the malware would periodically transfer that file to another server, which would transfer it back to the hackers via FTP.  

If you’ve been following along so far, one thing that may have stuck out to you was how the attackers were able to wander through the network, accessing pretty much whatever they pleased.  This is why standard security procedures – like role-based access control and network segmentation, are so important.  

Note: There’s a very thorough deep-dive about the hack here, including all of the tools, protocols, and technology used if you want to geek out.

Target’s Security Posture Before the Breach

You might think that Target had pretty poor security before the breach, but that was surprisingly (and alarmingly) not true.  They had a security team of over 300 employees and had just invested in the well-known security tool FireEye.  This tool actually did send out alerts about the malware, which the security team forwarded on to the operations team….but no one did anything about them.  Not only that, FireEye has a setting that can automatically remove Malware….and they turned it off. The thought was they wanted a human to make decisions about what to remove vs. automated software.  

Lessons Learned

So what are the lessons we can take away from Target?  Let’s review:

Lesson 1: Security can be expensive – but not nearly as expensive as a breach.

Lesson 2: Assume every device outside your organization is compromised, because eventually one will be.

Lesson 3: Regulatory compliance might be difficult, but it is often worth it.

Lesson 3: Pay attention to the security basics.  Role-based access control, least-privileged access and network segmentation are not new concepts, but they are invaluable to minimize damage.  

Lesson 4: Your security tools are essential; invest in them and tailor them to work for you.  Automation is there to make your life easier.  

We’re going on 12 years since this hack happened, and it still serves as a powerful reminder of the critical importance of cybersecurity in today’s digital age.  The Target breach underscored how even a single weak link in a company’s supply chain can have catastrophic consequences, impacting not only the business but also millions of customers. It also paved the way for stricter industry regulations and greater emphasis on safeguarding sensitive data. As cyber threats continue to evolve, the lessons from this breach remain especially relevant.