Skip to content

Happy 13th Birthday, SafeDNS!

SafeDNS officially turns 13 today, marking an incredible journey from its baby steps to becoming a cybersec wizard! 

Over these 13 amazing years, SafeDNS has blocked countless cyber baddies and protected the digital universe, ensuring infinite safer searches for users worldwide.

Here’s to the most amazing team, partners, and clients who’ve been right there with us!

Let’s keep traveling this web road side by side!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

What is the principle of least privilege (PoLP)?

The Principle of Least Privilege, also known as PoLP, is a computer security rule that states that each user or group of users must have only the necessary permissions to perform their corresponding tasks.

In other words, the less power a user has, the lower the chances of them having a harmful impact on the business. 

Why is it important?

PoLP is important because it helps protect company systems and data from cyberattacks.

When a user has too many permissions, they are more likely to make mistakes or fall victim to an attack. For instance, users with access to servers could install malware or steal sensitive information.

How is it applied?

PoLP can be applied to any computer system, either on-premise or in the cloud.

Content:

PoLP in practice

What if a user needs to do something they can’t normally do?

The Principle of Least Privilege states that each user should have only the necessary permissions to perform their tasks. This practice helps protect company systems and data from cyberattacks.

However, there are circumstances where a user may need to circumvent security restrictions to perform some unplanned activity. For example, a certain user may need to create records for a new customer.

In these cases, the system administrator may grant the user temporary access to a role with greater privileges.

How is this done safely?

Ideally, the system administrator should create a job that automatically adds the user to the role and, after a defined time, removes them from the role.

For example, the administrator could grant user privileges for two hours and then automatically remove the privileges after that time.

This helps ensure that the user only has access to the necessary permissions for as long as they need them.

What about user groups?

Overall, it is safer to grant permissions to groups of users than to individual users.

This is because it is more difficult for an attacker to compromise an entire group of users than a single user.

For example, if John is an accountant, instead of granting John template creation privileges, the administrator could grant those privileges to the group of accountants.

What about processes or services?

The Principle of Least Privilege also applies to processes and services.

If a process or service works with an account, that account should have as few privileges as possible.

This helps reduce the damage an attacker could cause if they compromised the account.

Continued Importance in a Changing World

A large number of companies, following the COVID pandemic, significantly increased the number of employees working from home. Before, we only had to worry about computers within the company. Now, the security of every laptop or mobile phone accessing your network can be a security breach.

To prevent disasters, we must create security standards and train staff to prevent them from entering prohibited sites with company computers or computers that access our company. That’s why you should avoid giving administrator privileges and applying PoLP on users as much as possible. That is why a trust 0 policy is applied, giving the least amount of privileges as possible. If the user is not authenticated, they are not given privileges.

IT staff should check the security of laptops carried by the user and see how to prevent attacks from reaching enterprise or cloud servers coming from our staff working remotely.

Implementation Difficulties

However, applying the minimum security privilege is nowadays quite complex. Users with an account access countless different apps.

They may also have to access web applications that rely on Linux servers, so roles and privileges must be created in different applications. It is very common for several basic features not to work with the minimum cybersecurity privileges, so there is the temptation to grant extra privileges.

Giving minimum privileges to a single application is already something complicated. Granting PoLP to several systems that interact with each other becomes much more complex. It is necessary to carry out safety quality controls. IT engineers should do security testing and patch security holes.

Privileged accounts: Definition and Types

Privileged accounts or super accounts are those accounts that have access to everything.

These accounts have administrator privileges. Accounts are usually used by managers or the most senior people in the IT team.

Extreme care must be taken with such accounts. If a hacker or a Malware manages to access these passwords, it is possible to destroy the entire operating system or the entire database.

The number of users with access to these accounts must be minimal. Normally only the IT manager will have super user accounts with all privileges and senior management will have broad privileges, but in no case full privileges.

In Linux and Mac operating systems, for example, the superuser is called root. In the Windows system it is called Administrator.

For example, our default Windows account does not run with all privileges. If you want to run a file with administrator accounts, right-click on the executable file and select the option Run as Administrator.

This privilege to run as an administrator is only used in special installation cases and should not be used at all times.

To prevent a hacker or a malicious person from accessing these users, it is recommended to comply with these security measures:

  • Use a long, complex password that mixes uppercase, lowercase, numbers, and special characters.
  • It also tries to change the password of these users regularly. For example, changing the password every month or every two months.
  • It does not hurt to use a good anti-virus to detect and prevent an attack and also to set a firewall to prevent attacks by strangers.
  • Always avoid opening emails and attachments from strangers or entering suspicious websites. These attacks can breach accounts. Where possible, never browse with super user accounts or use these accounts unless necessary.

Privileged Cloud Accounts

Today, a lot of information is handled in the cloud. We will cover account management on major platforms such as AWS, Microsoft Azure, and Google Cloud.

AWS uses authentication type Identity and Access Management (IAM) to create and manage users. It also supports multi-factor authentication (MFA) which requires 2 ways to validate the user and thus enter, thus increasing security.

On AWS there is a root user who is a super user with all privileges. With this user create other users and protect it using it as little as possible.

Google Cloud also provides an IAM and also the KMS (Key Management Service) that allows you to manage keys.

Depending on the cloud application, there are super users who manage databases, analytics systems, websites, AI and other resources.

If, for example, I am a user who only needs to see table reports from a database, I do not need access to update or insert new data. All these privileges must be carefully planned by the IT security department.

Common Privileged Threat Vectors

If the PoLP is not applied, if a hacker enters the system, they could access very sensitive information to the company by being able to obtain a user’s password. In many cases these hackers steal the information and ask for ransom money.

In other situations, malicious users within the company could sell valuable company information. If we apply the PoLP, these risks can be considerably reduced.

Challenges to Applying Least Privilege

It is not easy to apply the PoLP in companies. Particularly if you have given them administrator privileges initially and now that you learned the risks you want to take the privileges away from them. You must make users understand that it is for the good of the company, to protect its information and that great power comes with great responsibility. That if an attack happens to the company, the reputation of the employees themselves is at stake as well as that of the company. Explain that safety is up to everyone.

Many times we give excessive privileges due to the laziness of giving only the minimum cybersecurity privilege. But it is urgent to investigate, optimize and reduce privileges to increase security.

Another common problem is that having restricted privileges reduces the productivity of the user who ends up being dependent on their superior for lack of privileges. This can cause frustration in users and inefficiency in the company as a whole. You must seek to achieve balance in terms of efficiency without affecting safety.

Benefits for Safety and Productivity

By applying the principle of granting restricted access, we reduce the attack surface. The chances of receiving a malware attack are also reduced and less time is wasted trying to recover data after an attack.

For example, Equifax, a credit company, fell victim to Ransomware in 2017. This attack affected 143 million customers. Equifax had to pay $700 million in fines and reparations. It also had to pay compensation to users.

  • It reduces the risk of cyberattacks.
  • It protects sensitive data.
  • It reduces the impact of attacks.

Principle of Least Privilege and Best Practices

In order to comply with the standards, it is advisable to carry out an audit and verify the privileges of users and security in general. An internal verification or an external audit can be done.

You may carry out security tests to see if your company meets those standards. Below are some of the best-known standards:

  • CIS is a Center for Information Security. It contains recommendations and best practices for securing systems and data globally.
  • NIST Cybersecurity Framework provides a National Institute of Standards and Technology security framework.
  • SOC 2 provides an assessment report of a company’s or organization’s security controls.

Least Privilege and Zero Trust

Separating privileges is giving users or accounts only the privileges they need to reduce risk. Just-In-Time (JIT) security policies reduce risks by removing excessive privileges, automating security processes, and managing privileged users.

JIT means giving privileges only when you need them. That is, they should be temporary. For example, if a user needs to access a database only for 2 hours, you may create a script that assigns privileges during this time and then remove those privileges.

To implement the JIT:

  • Create a plan with security policies.
  • Implement the plan by applying the PoLP and JIT with controls that may include multi-factor access and role access control.
  • It is important to train employees on safety and explain these concepts so that they understand not only how to apply them but why to apply them.
  • And finally, it is important to apply audits. This topic was already discussed in point 10.

It is also convenient to monitor permissions to see who has more privileges and also see what resources are accessed, to see if adjustments need to be made to them.

Solutions for the Implementation of Least Privilege

As mentioned above, to increase security, segment the network to reduce damage if your security is breached. Segmenting the network is dividing the network into small subnets.

The privileges granted to users should also be monitored.

Finally, security policies must be integrated with technologies to create an administrative plan according to the software you have.

How to Implement Least Privilege Effectively

To implement the principle of granting access, the proposed system must be implemented on test servers. Personnel should be asked to test actual jobs in the system for a while.

Once the errors are corrected or user complaints are resolved, it is up to you to take the system into production with minimal privileges. A trial period of at least one month is recommended where users test the system and have the old system at hand.

In most cases, the old and new systems coexist for months until the new system is approved with the least privileged security implemented.

Conclusion

The Principle of Least Privilege: A Simple but Effective Measure for Computer Security.

In an increasingly digital world, IT security is critical for businesses of all sizes. Cyberattacks are becoming more frequent and sophisticated, and can cause significant damage to businesses.

One of the most important steps businesses can take to protect their systems and data from cyberattacks is to apply the Principle of Least Privilege. The Principle of Least Privilege states that each user should have only the necessary permissions to perform their tasks.

Applying the Principle of Least Privilege is a simple but effective measure. By giving users only the necessary permissions, companies reduce the risk of an attacker compromising sensitive systems and data.

Tips for applying the principle of least privilege:

  • Identify the permissions needed for each task.
  • Grant permissions to groups of users instead of individual users.
  • Reduce process and service account privileges.
  • Review user permissions on a regular basis.
 

Daniel Cabilmonte is a writer expert in technologies. Lecturer, consultant, blogger. He is passionate about software and technology. He writes about IT topics, security, programming, AI, BI.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

A hybrid approach for MSPs: bridging the gap between on-premises and cloud

Managed Service Providers or MSPs play a pivotal role in delivering secure, flexible, and scalable IT services to their customers.

Serving as the backbone of IT operations, MSPs enable businesses to focus on their core activities while entrusting the complexities of IT management, remote access, and data security to skilled professionals using solutions like Parallels RAS. Get your free trial now!

Through their expertise, MSPs ensure their customers maintain seamless access to critical data and applications, enabling employees to work efficiently from anywhere while also playing crucial role in data backup and recovery services and safeguarding businesses against data loss due to unforeseen circumstances such as hardware failures, cyber-attacks, or natural disasters.

Traditionally, businesses relied solely on on-premises solutions for their IT needs. However, with the advent of cloud technology, MSPs have found innovative ways to blend on-premises with private and public cloud infrastructure, creating what is commonly known as a hybrid approach.

This strategy combines the best of both worlds, offering unparalleled flexibility, scalability, and efficiency.

Our recent survey into industry-leading IT professionals highlighted the various reasons for choosing a hybrid solution vary, with 49% of respondents citing its increased flexibility, 46% the improved security, 45% seeking cost savings, 44% needing increased reliability, and 40% looking for better scalability.

In this blog post, I’ll explore the benefits of MSPs utilizing both on-premises and cloud infrastructure to best serve their clients’ needs.

The flexibility of cloud infrastructure

Cloud infrastructure offers unparalleled flexibility and scalability, making it an attractive option for businesses looking to optimize their operations:

Scalability

Cloud services allow MSPs to easily scale their resources up or down based on customer demand. With the cloud MSPs, can optimize their operations efficiently and allocate resources precisely where and when they are required, whether it’s accommodating a sudden surge in user demand or ensuring the seamless onboarding of new customers.

Cost-efficiency

Public cloud services operate on a pay-as-you-go model, eliminating the need for significant upfront investments.

Unlike traditional setups requiring substantial upfront investments in hardware and infrastructure, cloud services allow MSPs to pay monthly only for the resources their customers utilize.

Reduced infrastructure maintenance

Using public cloud services frees MSPs from the complexities of managing, updating, and maintaining physical servers.

Public cloud providers handle the entire spectrum of server management tasks, ensuring servers are always up-to-date, secure, and well-maintained.

The power of on-premises infrastructure

On-premises infrastructure refers to the traditional IT setup where hardware and networking components are housed within the organization’s premises.

While cloud technology has gained prominence, on-premises infrastructure still holds its ground due to several key advantages:

Tailored solutions and client specificity

One of the primary advantages of on-premises infrastructure is the ability to offer highly customized, client-specific solutions.

Businesses, especially those with unique operational requirements, often demand tailored IT environments that seamlessly align with their business needs. On-premises solutions allow MSPs to craft bespoke configurations, ensuring that these needs are met with precision.

Enhanced data control and security

Data security is paramount, on-premises infrastructure can provide a heightened level of control and security. Certain industries, such as finance and healthcare, operate under stringent regulatory frameworks, mandating the storage and processing of sensitive data on-premises.

By providing on-premises solutions, MSPs can empower their clients with a sense of ownership and direct control over their data. This level of security is invaluable, especially in sectors where data breaches can have severe consequences.

Cost-efficiency and long-term investments

Contrary to the perception that on-premises solutions are cost-prohibitive, they can be highly cost-effective in the long run. For businesses with stable, predictable workloads, investing in on-premises infrastructure can be financially prudent.

Access to legacy applications

The continued importance of legacy Windows and Linux applications poses a significant hurdle.

These applications can be integral to day-to-day operations, and they are often designed to run on on-premises infrastructure. Migrating them to a fully cloud environment can be complex, time-consuming, and costly. Rewriting or refactoring them for cloud compatibility requires a considerable investment of resources, time, and expertise.

In our survey of IT professionals, 49% claimed that they currently need legacy Windows and Linux applications and will continue to need them in the next five years, so solutions (including the hybrid cloud) that enable access to legacy apps will continue to be necessary for the near future.

The hybrid approach: the best of both worlds

MSPs recognize the unique advantages offered by both on-premises and cloud infrastructure. By blending these two environments, MSPs can offer tailored solutions that meet the needs of their customers to navigate the complexities of modern IT landscapes, delivering flexibility, resilience, cost optimization, compliance, and security.

During this year’s Canalys Forum it was quoted that “46% of EMEA partners see some public cloud workloads moving to on-premises/edge.”

Here are just some of the reasons why a hybrid approach is gaining traction:

Cost optimization

Cost considerations play a pivotal role in any technology adoption strategy. By combining on-premises and multi-cloud solutions, businesses and MSPs can optimize expenses. They can utilize on-premises infrastructure for workloads with consistent demand and predictable usage, while using the cost-effective scalability of the cloud to handle peak periods or temporary resource needs.

Flexibility

MSPs can design hybrid solutions that allow businesses to scale seamlessly.

Whether accommodating growth or adjusting to fluctuations. MSPs can scale solutions up or down, optimizing costs for themselves and their customers alike.

Critical workloads can remain on-premises, ensuring data control, while non-sensitive tasks can leverage the cloud’s scalability.

Compliance and security

For businesses operating in regulated industries, a hybrid approach allows them to maintain compliance by keeping sensitive data on-premises, while benefiting from the cloud’s enhanced security features for non-sensitive operations.

Optimized performance

MSPs can optimize performance by strategically allocating workloads. Latency-sensitive applications can run on-premises, while applications requiring vast computational power can leverage cloud resources.

Disaster recovery and redundancy

A hybrid infrastructure provides robust disaster recovery and redundancy capabilities. Data can be backed up both on-premises and in the cloud, reducing the risk of data loss due to hardware failures or natural disasters.

The advantages of Parallels RAS in hybrid environments

Parallels Remote Application Server (RAS) offers a multitude of features to bridge the gap between on-premises and cloud infrastructure. This seamless integration not only optimizes resource utilization but also ensures a consistent user experience, regardless of whether applications are hosted locally or in the cloud, without the need for complex, or extra licensing requirements.

Parallels RAS empowers MSPs to meet the unique needs of their customers, offering a unified solution that effortlessly spans the divide between traditional on-premises setups and the dynamic capabilities of the cloud, enabling businesses to embrace the benefits of both worlds seamlessly.

Moreover, Parallels RAS stands out as a game-changer, simplifying the complexities associated with Microsoft Remote Desktop Services (RDS). With Parallels RAS, MSPs can effortlessly set up environments with just a few clicks, through a centralized single pane of glass management console. It optimizes productivity by automating common, complex, and repetitive tasks using its REST-API, saving valuable time and costs.

Centralized management and administration

Parallels RAS offers flexibility by enabling the integration of resources, whether on-premises or in the cloud. Administration and management are centralized within a single console, ensuring a consistent user experience and ease of management across platforms no matter where resources reside.

Seamless load balancing

Parallels RAS load balancing capabilities distribute workloads evenly across servers, enhancing performance and reliability.

This is especially critical in hybrid setups where seamless transitions between on-premises and cloud resources are paramount. The load balancing feature in Parallels RAS becomes especially critical in these scenarios, facilitating smooth shifts between on-premises and cloud servers.

Enhanced security features

Parallels RAS provides robust security protocols, safeguarding data during transit and ensuring compliance with industry regulations, whether stored on-premises or in the cloud.

The solution integrates with the latest SSL encryption protocols and is FIPS 140-2 compliant, in addition to MFA and demilitarized zone (DMZ) deployment for highly secured connections. By employing these robust encryption protocols and advanced authentication mechanisms, Parallels RAS ensures that data integrity and confidentiality are maintained at all times.

Azure Virtual Desktop management and cost savings

Creating a hybrid deployment with Azure Virtual Desktop native requires specific, costly hardware, additional license fees, heightened management overhead and lacks features such as monitoring and auto-scaling.

In contrast, Parallels RAS offers unmatched flexibility, allowing hybrid setups on any on-premises environment without added fees, seamlessly integrating with existing Azure Stack to ensure a unified admin experience.

By seamlessly integrating with Azure Virtual Desktop, Parallels RAS provides comprehensive management capabilities, simplifying complex tasks and ensuring streamlined operations.

It optimizes costs by reducing Azure compute and storage costs, allowing MSPs to maximize their existing resources and ensuring businesses only pay for the resources they need, leading to significant cost savings maximizing their ROI.

Freedom from vendor lock-in

Embracing a complete hybrid approach and all the associated capabilities not only opens new avenues to unparalleled flexibility, but also liberates MSPs from the constraints of vendor lock-ins.

It guarantees the freedom of choice, enabling MSPs and their customers to make decisions without being tied to a single cloud vendor, allowing seamless transitions between different cloud providers as necessary.

Therefore, organizations are not confined to a single cloud provider; they can leverage resources from various leading cloud services like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), alongside on-premises infrastructure.

Ready to get started? Get your full-featured free trial of Parallels RAS now!

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Parallels 
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

Leveraging automation and UX to reduce admin decision fatigue on detection and response platforms

Multiple factors complicate admin decisions involving threat mitigation and remediation. Alert fatigue, from sifting through myriad detections and dashboard clutter all have costs: human, time, security, and financial. In response, ESET has engineered more clarity into our detection and response module, paying big dividends for budget holders and security admins alike.

New functions in ESET Inspect, the XDR-enabling component within our unified cybersecurity platform ESET PROTECT, assist security admins in correlating detections to related entities.

Image 1: Incident Creator displays multiple prioritized entities to reduce alerts and simplify admin decision points concerning mitigation and remediation options including: Timeline, Relation Graph, Detections, Computers, Executables, Processes, Incident.

Investigating incidents through the lens of these related entities supersedes the need to filter through large numbers of detections. And, only, when necessary, would the admin need to drill down deeper to the level of detections -related to the incidents- as well as the events that triggered those detections. 

Improved efficiencies around these tasks have been delivered in ESET Inspect via the new Incident Creator feature, which performs a correlation of detections and entities. This correlation enables IT security admins to visualize the relationships between multiple prioritized network entities by recognizing patterns across detections and entities, and intelligently grouping these critical clues into incidents.

Quick takeaway – ESET Inspect Incident Creator

The representation (image below) shows the correlation of entities (interactions between tools, files, and even systems) generated by the Incident Creator. In it, an admin can quickly determine the relationship between the detection of Filecoder malware, aka Ransomware, and other incidents detected by ESET PROTECT (our unified cybersecurity platform).

In this case, the admin viewing the dashboard can immediately gain an overview of what’s happening or what has already happened. They are provided with prioritized context concerning severity and other crucial information via a system of tags and alerts. Depending on the admin’s maturity, they might (for example) skip the MITRE ATT&CK linked tactics techniques and procedures, with their eyes drawn instead to the number of machines affected or detected executables.

At the center, we see a specific machine (wk-beach-head01.dem.lan) surrounded by a red circle denoting the severity (Red = Threat, Yellow= Warning, Blue= Info) of the detection. The admin can quickly identify a number of executables and related prioritized processes at work. Two executables stand out here: (c.) and (powershell.exe). These are highlighted in red in the image below.

The clear layout of the incident “Pane” (at right) allows a quick appraisal of the situation. With their eyes moving back to the Incident Creator graph, a pattern of lateral movement quickly emerges. The admin can see incidents that not only affect Windows machines, but also Linux (Ubuntu Server) and macOS machines with dedicated scripts.

The dashboard also clearly highlights both the abused legitimate tools (in blue) as well as dedicated malware scripts and executables* in (red). This literally helps connect the dots, a big plus with quick remediation and incident response phases but is also helpful with later forensic analysis.

*Another machine, osx1201, circled in Yellow (warning), is also located in relation to a critical executable.

The never-ending search for experience

Since neither detection and response tools nor the staff that operate them come cheap, companies logically demand concrete return on investment once detection and response is deployed. The Incident Creator capability thus supplies a notable boost to the analytic logic needed by admins, threat hunters, and SOC teams to raise security via improved configuration options, for example. These can be applied either to increase the detection sensitivity if they are more risk-averse, or to create exceptions suited to their specific environments to reduce noise. This ultimately requires staff to employ their knowledge and confirm the organization’s trust in solid events analysis and correctly prioritizing protection decisions.

An admin consulting a dashboard where the correlation between these factors is visualized becomes a faster learner, more confident, and a more competent defender. A defender that can look beyond the automated categories of monitoring and detection found in an endpoint protection product and track cyber threats where some imprint of misused human intelligence may lay.

Hiring vs. building a top-flight admin . . . at the right cost

Laying hands-on mature IT security staff/Security Operations Center (SOC) staff has become the number one job for many CISOs and their HR recruiters. Once candidates are located, there is the inevitable moment when the elephant in the room comes into view, and the question is asked if the candidate has enough practical experience with detection and response products and processes to make an impact.

The reasons for caution are widespread, but as much as detection and response tools are proven to provide a powerful set of insights into a network and its endpoints, their use is demanding. Experienced admins are even harder to secure than cost-effective products.

Identifying a product that pairs great visibility and usability, with proportionately low total cost of ownership (TCO) ratings and features supporting on-the-job maturation, becomes a critical part of the equation. Many of these critical attributes are explored at a high level by tests like AV-Comparatives recent Endpoint Prevention & Response (EPR) Test 2023. However, the features supplied by tools like ESET Inspect are what make or break the user experience for Security admins tasked with delivering and improving security on your network.

Closing the gap between the EDR skills and experience possessed by a top-flight admin, versus supporting and maturing a journeyman admin in evolving into a top-flight pro may be best addressed by providing them with the insight necessary to classify threats and prioritize mitigation. Best enabling your team in this regard means providing tools that reduce the burden of analysis and interpretation of data from the detection and response dashboard concerning network incidents and enabling less-experienced IT security admins to understand the relationships between multiple entities.

Human value-add

With more complex threats and attacks, only another human intelligence – that of a security defender – may be able to spot an attack before too much damage is done.
At the minimum, a defender armed with an XDR-enabling module like ESET Inspect with Incident Creator (graphing) is empowered to rapidly contextualize the severity of incidents within their increasing familiarity of the environment. That, and being provided with the right filtering of entities to reconstruct the sequence of steps that an attack followed from start to finish both raises their game and builds further experience and network context while supporting an ever-improving security trend.

Simply put, if the move to detection and response begins with an optimized dashboard that includes incident creation, then the resultant experience gains of your IT admins and steady progress made by your business toward better security will likely be worth the effort.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

23.12.1 ‘Voyager’ released

Changes compared to 23.12.0

Enhancements

  • Updated the appearance of badges for cross-organization users when logged in as the top level admin. Instead of displaying “Other Tenant” the badge now displays the tenant name on the Users, User detail, Client news and Storage buckets page

Bug Fixes

  • Fixed an issue with remote registration failing to authenticate users when being used by a tenant admin

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×