Skip to content

Keepit 榮獲 2025 年「網絡安全突破獎」之「年度業務連續性網絡解決方案」大獎

專注於 SaaS 資料保護的唯一獨立雲端平台 Keepit 今日宣布,其在第九屆年度「網絡安全突破獎」(CyberSecurity Breakthrough Awards) 評選中,榮獲「年度業務連續性網絡解決方案」大獎。此一享譽盛名的獎項由獨立市場情報機構 CyberSecurity Breakthrough 舉辦,旨在表彰全球最具創新性的資訊安全公司及產品。
Keepit 屢獲殊榮的平台為十二種關鍵 SaaS 應用程式提供強大的保護,涵蓋 Microsoft 365、Salesforce、Google Workspace 和 Okta 等。該平台專為雲端而設,將直觀的設計與企業級的安全性及擴展性融為一體,確保關鍵資料安全、合規且可快速恢復。其資料保護與異常偵測儀表板等功能,更能協助企業維持備份的完整性,並在資料風險升級前主動識別、調查及修復。

Keepit 銷售總監 Michele Hayes 表示:「資料韌性是業務連續性的基石,榮獲『網絡安全突破獎』的肯定是我們莫大的榮幸。我們提供『智慧韌性』(intelligent resilience),讓客戶能做出明智的選擇以保護其資料,確保無論發生任何情況,業務都能持續運作。我們的目標不僅是幫助企業從資料遺失中恢復,更是從一開始就領先風險一步。」
一年一度的「網絡安全突破獎」吸引了來自全球 20 多個國家的數千項提名,旨在表彰全球網絡安全產業中最具突破性的創新。

CyberSecurity Breakthrough 總經理 Steve Johansson 指出:「隨著越來越多的關鍵業務資料轉移至 SaaS 應用程式,雲端資料外洩的風險和成本也前所未有地高漲。Keepit 的廠商獨立性、廣泛的應用程式覆蓋範圍以及快速的恢復能力,正是企業確保業務連續性所需。他們對安全的專注,使其成為我們『年度業務連續性網絡解決方案』獎項的明確之選。」

關於 Keepit

Keepit 立足於為雲端時代提供新世代的 SaaS 資料保護。其核心理念是透過獨立於應用程式供應商的雲端儲存,為企業關鍵應用加上一道安全鎖,不僅強化網路韌性,更實現前瞻性的資料保護策略。其獨特、分隔且不可變的資料儲存設計,不涉及任何次級處理器,確保符合各地法規,有效抵禦勒索軟體等威脅,並保證關鍵資料隨時可存取、業務不中斷,以及快速高效的災難復原能力。總部位於丹麥哥本哈根的 Keepit,其辦公室與資料中心遍及全球,已贏得超過 15,000 家企業的深度信賴,客戶普遍讚譽其平台的直覺易用性,以及輕鬆、可靠的雲端資料備份與復原體驗。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

將網路框架轉化為您的 MSP 的競爭優勢

《MSP的信任藍圖:將網絡安全框架轉化為您的競爭優勢》

在一個擁擠的市場中,您該如何具體證明您的MSP(託管服務供應商)真正致力於安全?對於英國和澳洲的MSP來說,答案就在於政府支持的安全框架,它們能將最佳安全實踐轉化為您最強大的業務差異化優勢。

像是英國的「網絡基礎安全認證 (Cyber Essentials)」和澳洲的「八大關鍵策略 (Essential Eight)」等框架,可能看起來只是又一道合規的障礙。但如果您不把它們看作是一張檢查清單,而是視為一個能將您的安全技術堆疊標準化、建立客戶堅定信任並解鎖新收入的策略藍圖呢?

本指南將為您剖析這些框架的意義、比較其異同,並說明您如何利用它們來建立一個更安全、更成功的MSP。

英國的標準 playbook:解密Cyber Essentials (CE) 與 CE Plus

對於英國的MSP而言,由英國國家網絡安全中心 (NCSC) 推出的Cyber Essentials是網絡防禦的基礎標準。它旨在防禦最常見的網絡威脅,並建立在五項關鍵技術控制之上:防火牆、安全組態設定、使用者存取控制、惡意軟件防護及修補程式管理。

  • Cyber Essentials (CE)

    一份自我評估,用以證明您已具備必要的防護措施。

  • Cyber Essentials Plus (CE+)

    更進一步,由獨立的稽核員進行實地的技術稽核,以證明您的控制措施確實有效,從而提供更高層級的保證。

這對您的MSP為何重要?這不僅關乎您自己…您的客戶同樣在意。

對您的客戶而言,CE是您在安全方面盡職調查的清晰標誌。對您的MSP而言,它是一個策略工具。CE提供了一個信譽卓著的基準,讓您可以將安全服務標準化、簡化營運流程並建立不容置疑的信任。至關重要的是,它通常是英國政府及國防部供應鏈中企業的強制性要求,為您打開通往高價值新合約的大門。

澳洲的基準:理解Essential Eight

在澳洲,澳洲網絡安全中心 (ACSC) 則提供了Essential Eight。這並非一次性的證書,而是一個成熟度模型,旨在指導組織在三個不同的成熟度級別上實施其八項關鍵控制措施。

Essential Eight因其務實、貼近真實世界的焦點而備受推崇,它專注於緩解當今最普遍的威脅,從機會主義的勒索軟件到複雜的針對性攻擊。

全球洞察:打造一個「集兩者之大成」的安全標準

雖然這些框架在世界的兩端各自發展,但它們有著相同的DNA,都優先考慮如修補漏洞、保護組態設定和限制管理員權限等關鍵控制措施。

然而,真正的洞見來自於它們的差異。Essential Eight在三個領域上特別強調,英國的MSP可以採納這些領域來打造更具韌性及更高價值的服務:

  1. 應用程式控管

    主動防止未經批准或惡意的程式執行。

  2. Microsoft Office巨集強化設定

    封鎖或審查來自網絡的巨集,這是勒索軟件常見的攻擊途徑。

  3. 強制性每日備份

    確保透過每日備份重要資料、軟件和組態設定,您能從任何事件中迅速恢復。

透過整合這些原則,兩國的MSP都能建立一種超越單純合規的安全態勢,並提供卓越的保護。

MSP的執行引擎:您達成可規模化合規的工具組

理解框架是一回事;在您所有客戶群中一致地實施它們則是另一回事。這正是統一平台對於效率和執行力變得至關重要的原因。

  • 在每個端點上強制執行合規

    真正的合規要求在每台裝置上都有一致的政策執行力,無論其位置或作業系統為何。使用集中的裝置管理解決方案,您可以強制執行磁碟加密、作業系統更新和螢幕鎖定等安全設定,確保每個端點都符合框架要求。

  • 保護每個身分

    兩個框架都極力強調控制存取權限。現代化的方法是結合身分與存取管理(IAM) 來執行「最低權限原則」。正如我們的合作夥伴The Light的Chris Pearson所言,這正是MSP看到最直接效益的地方:

從合規負擔到競爭優勢

Cyber Essentials和Essential Eight不僅僅是證書。它們是策略性框架,賦予您能力去將服務標準化、教育客戶您所提供的價值,並以具體的方式證明您的安全資質。

了解標準與大規模執行標準之間的差距,正是MSP贏得新業務或被市場淘汰的關鍵所在。而這正是JumpCloud for MSPs旨在彌合的差距。

JumpCloud的平台將身分與存取管理 (IAM) 和裝置管理整合到單一的統一解決方案中。這消除了使用由零散工具拼湊而成的系統的需求,讓您可以透過單一管理平台,有效率地執行兩個框架中最關鍵的控制措施:

  • Cyber Essentials

    無縫管理使用者存取控制、修補程式管理和安全組態設定。

  • Essential Eight

    強制執行應用程式控管、管理特權存取並保護端點。

透過將這些框架與統一平台嵌入到您的服務交付中,您不僅僅是打勾了事——您正在建立一個更安全、更具韌性且利潤更高的MSP。正如另一位合作夥伴FIFUM的Chris Notley所說。

關於 JumpCloud

JumpCloud® 提供一個統一的開放式目錄平台,使 IT 團隊和 MSP 能夠輕鬆、安全地管理公司企業中的身份、裝置和存取權限。通過 JumpCloud,用戶能夠從任何地方安全工作,並在單一平台上管理其 Windows、Apple、Linux 和 Android 裝置。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

合規性與安全性:協調一致的商業價值

About Graylog  
At Graylog, our vision is a secure digital world where organizations of all sizes can effectively guard against cyber threats. We’re committed to turning this vision into reality by providing Threat Detection & Response that sets the standard for excellence. Our cloud-native architecture delivers SIEM, API Security, and Enterprise Log Management solutions that are not just efficient and effective—whether hosted by us, on-premises, or in your cloud—but also deliver a fantastic Analyst Experience at the lowest total cost of ownership. We aim to equip security analysts with the best tools for the job, empowering every organization to stand resilient in the ever-evolving cybersecurity landscape.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Combating DNS Amplification Attacks: Strategies for Resilient Infrastructure

Protecting the critical backbone of the internet against DDoS threats.

 

DNS Amplification is one of the most effective and widely-used forms of Distributed Denial-of-Service (DDoS) attacks. It exploits vulnerabilities in the Domain Name System (DNS) infrastructure to flood a target with massive volumes of traffic, often overwhelming network bandwidth and causing catastrophic service outages. Understanding the mechanics of this attack is the first step toward building truly resilient infrastructure.

What is a DNS Amplification Attack?

This is a type of reflection attack where the attacker leverages legitimate, misconfigured DNS servers—known as **open DNS resolvers**—to magnify the volume of malicious traffic. The goal is to generate a disproportionately large response for a small initial query, effectively turning hundreds or thousands of DNS servers into unwilling attack agents.

The Amplification Mechanism

  1. Spoofing: The attacker sends a small DNS query to numerous open DNS resolvers. Crucially, they forge the source IP address, replacing it with the victim’s IP address.
  2. Amplification: The query typically requests a large amount of DNS data (e.g., a query for all records using the ANY parameter).
  3. Reflection: The unaware open resolvers send the large response packets back to the *spoofed* source—the victim—magnifying the traffic volume by a factor of up to 70 times the initial query size.
  4. Impact: The victim’s network is saturated with unwanted DNS response traffic, leading to service disruption.

Essential Strategies for Mitigation and Defense

Preventing and mitigating these attacks requires a layered approach, combining network policy best practices with secure server configurations.

1. Disable Open Recursion on DNS Servers

Your authoritative DNS servers should only respond to queries for domains they host. Disabling recursion ensures your server cannot be used by external, unauthorized IPs to perform recursive lookups, drastically reducing its potential for abuse as an amplification reflector.

2. Implement Source IP Verification (BCP 38)

The simplest way to break the attack chain is to prevent spoofing. **Ingress and Egress Filtering**, as outlined in Best Current Practice 38 (BCP 38), should be implemented at the network perimeter (routers). This ensures that IP packets entering or leaving your network must have a source address reachable via that interface, effectively blocking forged source IPs.

3. Apply Response Rate Limiting (RRL)

RRL caps the number of identical DNS responses your server sends to a single source IP per second. This prevents attackers from receiving the massive volume of amplified traffic they need to cripple a target, protecting both your infrastructure and external victims from abuse.

4. Leverage Anycast DNS and DDoS Mitigation Services

For high-volume services, partnering with a reputable DNS provider that uses an **Anycast network** is vital. This distributes the authoritative servers across multiple geographic locations, diffusing attack traffic and preventing any single server from being overwhelmed. These services also provide specialized filtering at the edge of the network.

5. Conduct Regular DNS Infrastructure Audits

Proactive auditing using tools like dig, nslookup, and Nmap scripts is essential to detect misconfigurations, such as accidentally leaving recursion enabled on authoritative servers, before they can be exploited by attackers.

Building Long-Term Resilience

Early detection and swift mitigation are key to minimizing the impact of these attacks. By adopting these multi-layered strategies—focusing on configuration hardening, rate limiting, and network filtering—organizations can significantly reduce the risk of denial-of-service incidents and ensure the continued availability of their critical internet services.

 

Source insights adapted from industry leading DNS security experts.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The 10 Most Popular Usernames of All Time: Security Implications

Choosing a username for a new account can often feel overwhelming. Should you go for something humorous, highly memorable, or simply your real name? The data shows that many users default to their actual name. But how does this choice impact your online security? It turns out, your username matters more than you might think.

How to Choose a Good Username

Finding a unique and available username often feels like a challenge. Your username is your digital first impression, so it’s natural to want something unique, easy to recall, and representative of your identity.

  • Be Creative: The best usernames combine interests to create unique combinations (e.g., “GalacticBaker”).
  • Keep it Simple: Ensure the name is easy to spell and pronounce to avoid confusion.
  • Tailor to the Platform: The handle you use for gaming might not be suitable for a professional networking site.

Security Tip:

Always avoid using personal details like your full name, date of birth, or location in your username. This simple step significantly protects your privacy online.

The Top 10 Most Popular Usernames

A report compiled in partnership with a white-hat hacker revealed the most commonly used usernames globally. While many choose their real name, the number one spot was claimed by a non-name entry. Interestingly, common defaults like “admin” or “user” did not make the list.

Rank Count Username
1 875,562 ยศกร (Thai for ‘title’)
2 470,646 David
3 451,546 Alex
4 438,485 Maria
5 387,660 Anna
6 352,629 Marco
7 325,085 Antonio
8 310,096 Daniel
9 305,442 Andrea
10 298,963 집을뒤집자 (Korean for ‘flip the house’)

Why Usernames Matter for Security

While a robust password is the highest priority, a weak username can compromise your security by effectively giving away half of your credentials. Usernames that include personal information are particularly risky as they help cybercriminals build a detailed profile for social engineering attacks.

For example, a username like “Lisa1990” or “SeattleJeremy” provides a hacker with enough personal data to initiate targeted attacks or craft highly believable phishing attempts.

How to Create a Secure Username

Follow these guidelines to select the most secure usernames for your accounts:

  • Avoid Reuse: Do not use the same username across different accounts. Ideally, use a random username for every service.
  • Don’t Use Your Real Name: Avoid using your legal name or common nicknames.
  • Separate from Email: Your username should not be identical to your email address.
  • Exclude Personal Data: Never use information like your birth date, city of origin, or any sensitive ID numbers.
  • Avoid Password Hints: Do not use a username that is the same as your password or provides a clue about it.

Creating secure usernames is only half of the solution; the other half is maintaining a strong, unique password for every account. Tools like NordPass make managing strong passwords simple by offering an encrypted vault, autofill capabilities, and features like the Data Breach Scanner for next-level protection.

 

© 2025 Nord Security. All Rights Reserved.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×