Skip to content

【台灣二版資安產品認證課程】因應疫情持續,今年繼續以線上方式舉辦並於課程中加入新代理商品,2022年度圓滿成功落幕~

台灣二版多年來深耕資訊科技領域,致力於提供與時俱進的產品及解決方案,結合亞洲區的代理優勢與在地化專業的服務經驗,協助企業及經銷夥伴於面臨日趨嚴峻的資安挑戰及不斷增加的資安需求時,能夠提供更完整更專業的佈局與建制。

台灣二版身為台灣知名總代理商,為了讓各經銷商夥伴提供企業(用戶)更優質及專業的在地服務,也藉此提倡用戶選用通過原廠專業認證核可的經銷商通路來購買資安產品,方能獲得最佳的服務與保障;故於每年5月舉辦資安產品認證課程,此課程在業界已行之有年並擁有良好口碑,通過【黃金級認證】而成為官方認可的認證廠商,除將享有所有VIP黃金認證夥伴的專屬活動、客戶轉介優先推薦等…服務外,藉由經銷商認證機制,同時對有意願長期合作的夥伴們分享最新資安趨勢、技術與產品資訊,並且分享推廣銷售技巧等,另外也倡導用戶選擇正版資安產品、與通過原廠代理商專業認證之廠商選購,來共同營造三贏局面。

【台灣二版2022年度資安產品認證課程】因應疫情持續緣故,今年繼續以線上形式舉辦,也感謝舊雨新知之經銷商踴躍報名;課程內容除了延續往年台灣二版重點代理的ESET企業資安解決方案及GREYCORTEX MENDEL人工智慧監控軟體 (NDR解決方案)之技術深入說明外,還加入了全新代理的【Awingu企業行動辦公環境解決方案】及【TOPIA漏洞管理解決方案】,來因應後疫情時代,如混合辦公模式及日益嚴重的漏洞問題等,所造成的網路威脅或網路攻擊,相信讓此次參加的經銷商對於未來提供客戶資安服務及銷售建議時,也都能更專業更全面更多元的符合現今的資安需求。

最後感謝所有合作夥伴的熱情參與,活動得以圓滿成功落幕;另外此活動每年吸引很多新舊經銷商參加,也再再顯示台灣已對資安防護日趨成熟與重視,未來非常歡迎企業客戶與我們異業合作,透過不同形式來促進品牌曝光或商品宣傳推廣;而今年未能參與的新舊廠商們,每年二版都將於五月舉辦,期望來年再度給予支持並與台灣二版攜手共創佳績~

欲了解台灣二版所有代理產品之相關資訊,歡迎洽詢台灣二版專業資安團隊(02)7722-6899或上台灣二版官網查詢https://version-2.com.tw/

查詢2022年度通過認證黃金級廠商資訊:
https://version-2.com.tw/resellers/

關於台灣二版Version 2
台灣二版(V2)是亞洲其中一間最有活力的IT公司,發展及代理各種互聯網、資訊科技、資訊安全、多媒體產品,包括通訊系統等,透過龐大銷售點、經銷商及合作伙伴,提供廣被市場讚賞的產品及客製化、在地化的專業服務。台灣二版(V2)的銷售範圍包括香港、中國、台灣、新加坡、澳門等地區,客戶涵蓋各產業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企業及來自亞洲各城市的消費市場客戶。 

對數據安全構成威脅的 “大辭職 “現象

The Great Resignation is trend in which large numbers of employees have voluntarily been resigning from their jobs. As of August 2021, 65% of people in the United States were looking for a new job and 25% had quit. According to a Tessian survey of IT leaders, 71% said that the Great Resignation has increased security risks.

People and data are the most valuable resources that companies have. Make sure that your company does not lose either during the Great Resignation. It is very common that employees take data with them when they leave their jobs.

Curious to know why people take a company’s data with them?

  • They think the information will help them in their new job.
  • They worked on the document, so they believe it belongs to them.
  • They share the data with their new employer.

Insider threats are on the rise and are amplified by digital workspaces, flexible and remote work, the agile behavior of companies without strict policies and now also by the Great Resignation. The overall number of incidents has increased by 44 percent in the last two years. 29% of employees admitted that they took data with them when they quit (Tessian).

Which departmental employees are most likely to take data with them?

  • Marketing (63% of respondents admitted taking data)
  • HR (37% of respondents admitted taking data)
  • IT (37% of respondents admitted taking data)

Data security is now more important than ever before. We are in a time when employees are leaving their jobs or employers are terminating employees’ contracts due to the anticipated recession. To ensure that your business is not harmed, you should protect your data. 

How to prepare for the Great Resignation and not lose any data

    • Establish an offboarding process
    • Set security policies
    • Identify your sensitive data and monitor who has access to it
    • Educate your employees about proprietary data
    • Use a DLP solution

With Safetica you have all your security policies in your hands. Decide whether you want to simply log all operations, notify users about risk and allow them to proceed, or restrict an operation entirely. Perform a security audit and locate your sensitive data across your environment and see who accesses it and how.

    The solution runs in the background and keeps data secured.

    Here are some specific use-cases for how Safetica protects your data:

    • Blocks sending emails to private email addresses or restricts specific email domains
    • Blocks data capture (like screenshots)
    • Restricts usage of private/unencrypted personal devices
    • Restricts data upload to the cloud
    • Notifies employees about potential risky operations


    On top of all this, Safetica is super simple to implement and use. With our cloud-native SaaS DLP Safetica NXT, you can protect your data from day one. Get a free trial and check it out yourself.

    As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities and attack techniques.

    Ripple20 are 19 vulnerabilities revealed by Israeli firm JSOF that affect millions of OT and IOT devices. The vulnerabilities reside in a TCP/IP stack developed by Treck, Inc. The TCP/IP stack is widely used by manufacturers in the OT and IoT industries and thus affects a tremendous amount of devices.

    Among the affected devices are Cisco Routers, HP Printers, Digi IoT devices, PLCs by Rockwell Automation and many more. Official advisories by companies who confirmed having affected devices can be found here, in the “More Information” section.

    The most critical vulnerabilities are three that can cause a stable Remote Code Execution (CVE-2020-11896, CVE-2020-11897, CVE-2020-11901) and another that can cause the target device’s memory heap to be leaked (CVE-2020-11898).

    On behalf of our customers, we set out to explore the real impact of these vulnerabilities, which we’re now sharing with the public.

    The research has been conducted by researchers Maayan Fishelov and Dan Haim, and has been managed by SCADAfence’s Co-Founder and CTO, Ofer Shaked.

    Exploitability Research
    We set out to check the exploitability of these vulnerabilities, starting with CVE-2020-11898 (the heap memory leak vulnerability), one of the 19 published vulnerabilities.

    We created a Python POC script that is based on JSOF official whitepaper for this vulnerability. According to JSOF, the implementation is very similar to CVE-2020-11896, which is an RCE vulnerability that is described in the whitepaper. Also mentioned about the RCE vulnerability: “Variants of this Issue can be triggered to cause a Denial of Service or a persistent Denial of Service, requiring a hard reset.”

    Trial Results:
    Test 1 target: Samsung ProXpress printer model SL-M4070FR firmware version V4.00.02.18 MAY-08-2017. This device is vulnerable according to the HP Advisory.

    Test 1 result: The printer’s network crashed and required a hard reset to recover. We were unable to reproduce the heap memory leak as described, and this vulnerability would have been tagged as unauthenticated remote DoS instead, on this specific printer.

    Test 2 target: HP printer model M130fw. This device is vulnerable according to the HP Advisory.

    Test 2 result: Although reported as vulnerable by the manufacturer, we were unable to reproduce the vulnerability, and we believe that this device isn’t affected by this vulnerability. We believe that’s because the IPinIP feature isn’t enabled on this printer, which we’ve verified with a specially crafted packet.

    Test 3 target: Undisclosed at this stage due to disclosure guidelines. We will reveal this finding in the near future.

    Test 3 result: We found an unreported vendor and device, on which we can use CVE-2020-11898 to remotely leak 368 bytes from the device’s heap, disclosing sensitive information. No patch is available for this device. Due to our strict policy of using Google’s Responsible Disclosure, we’ve reported this to the manufacturer, to allow them to make a patch available prior to the publication date.

    Key Takeaways
    We’ve confirmed the exploitability vulnerabilities on our IoT lab devices.

    On the negative side: The vulnerabilities exist on additional products that are unknown to the public. Attackers are likely to use this information gap to attack networks.
    On the positive side: Some devices that are reported as affected by the manufacturers are actually not affected, or are affected by other vulnerabilities. It might require attackers to tailor their exploits to specific products, increasing the cost of exploitation, and prevent them from using the vulnerability on products that are reported as vulnerable.

    SCADAfence Research Recommendations
    Check your asset inventory and vulnerability assessment solutions for unpatched products affected by Ripple20.
    The SCADAfence Platform creates an asset inventory with product and software versions passively and actively, and allows you to manage your CVEs across all embedded and Windows devices.
    Prioritize patching or other mitigation measures based on: Exposure to the internet, exposure to insecure networks (business LAN and others), criticality of the asset.
    This prioritization can automatically be obtained from tools such as the SCADAfence Platform.
    Detect exploitation based on network traffic analysis.
    The SCADAfence Platform detects usage of these exploits in network activity by searching for patterns that indicate usage of this vulnerability in the TCP/IP communications.
    If you have any questions or concerns about Ripple20, please contact us and we’ll be happy to assist you and share our knowledge with you or with your security experts.

    About Version 2 Limited
    Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

    About SCADAfence
    SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

    無所不能的眼睛不能戴補丁

    The expert technologists around you, that digital magazine, your mother and your horoscope have already warned you more than once: 

    IT monitoring is a prerequisite for your company’s health!

    Visibility. Not a blind spot in your monitoring

    But, of course, as much as you strive to be inclusive when it comes to keeping a close eye on the parts that make up your network, some systems end up escaping your attention.

    The so-called blind spots

    But instead of accepting this as an inevitable heavy cross (which, in addition, entails a great cost for your business), consider getting down to work and:

    At the very least, avoid what you don’t see from damaging your IT infrastructure and the business processes that depend on it.

    Remove the patch! Trace and perfect high visibility

    Of course, you might be wondering:

    What should a monitoring strategy include?

    It is a very frequent question, which requires some zeal and work.

    The determination of your monitoring strategy, in favor of greater IT visibility, must begin with creating an outline or index with the relevant information of the systems from all your platforms.

    This will make it easier for the individual aspects of each system to be delivered and broken down. You will have before you the parts that interest you, the most appropriate ones, for a deeper evaluation level.

    Take this outline, collaborate with the cool IT team of your organization, now actually help to define and implement monitoring with full visibility of all your IT assets.

    You can take it as a high school group project!

    These renewed aspects to be monitored will include:

    • Observation of specialized hardware devices.
    • The cloud-based networks you are using.
    • Traffic paths across all systems, including hybrid cloud configurations.
    • That long et cetera that remains to be defined.

    And yet, there will still be that possibility that some systems will remain hidden. 

    It will then be necessary to resort to the use of more comprehensive monitoring tools to help their discovery.

    Is perfect monitoring possible?

    I’m afraid perfect monitoring coverage is just an illusion.

    Even if you have all the award-winning or top-notch monitoring tools at your disposal, it will never be enough to guarantee a coverage of perfect monitoring.

    We tell you from experience:

    Many monitoring tools create the false illusion of seeing absolutely everything within your infrastructure. 

    It is so that you have a certain sense of security.

    Sometimes it is noticeable when some data packets, which contain sensitive information, disappear from view for a while, appearing, as if by magic, within another system from your network.

    Here’s solid proof of a blind spot in your monitoring.

    And this test only sheds light on the current capacity of monitoring tools.

    So it may sound tempting to get hold of all the monitoring tools on the market so you don’t miss anything, but, come on, this will only lead to a system hypertrophy that will provide you with a false sense of security.

    Now what? Is there a technological miracle that escapes us? A definitive monitoring tool that works over good and evil and provides true security and visibility at the height of Sauron’s own igneous eye?

    Go further: Machine learning

    Clarity is the essence of a successful IT department

    That’s right, security protocols and configurations must be very clear, such as for example, the knowledge of which servers host each application.

    It is also more than advisable to find out the status of all the organization’s assets.

    Clarity is the root with which to reach, by pulling, the hows and whys of the system’s blind spots.

    To achieve this clarity/enlightening you must, of course, have the right tools. Tools with which to perform advanced analysis, with which to cross the different levels and layers of your network.

    Your monitoring tool should, at the most fundamental level, bring together the complex layers of monitoring data from the multiple platforms you monitor, as well as employ intuitive levels of machine learning to help uncover hidden computing assets.

    If you use monitoring tools based on machine learning you reduce the time you spend on executing the root cause analyses, while obtaining a full picture of the IT assets.

    Machine learning will also help you eliminate monitoring silos, which, as many of you know, tend to become an burdensome manual task that takes too much time from our precious IT administrators.

    Pure and high visibility on a single screen

    I’ve scared you very much. But actually, identifying the isolated pieces of technology in your stack and centralizing them for effective monitoring and management is an achievable goal.

    Monitoring configurations in a single screen give you an advantage.

    Mainly thanks to their capacity to represent data from multiple infrastructure sources and to display them in a single view.

    These configurations provide a unique vision of the internal operation of a network and help to identify the misled IT assets that must return to the fold.

    With this type of solution, you obtain peace of mind and the capacity to operate effectively in the most complex and accelerated IT environments, while you automate the most concise tasks, for true full monitoring.

    Conclusions

    Obtaining full visibility of your environment by means of monitoring seems like an impossible task, buuut things can be different!

    If you try it at least, you will see in a moment how you obtain higher security levels and higher response capacity in the face of incidents.

    But you know, before running the 100 meters you have to learn to walk.

    And to end the visibility gap you must do some soul-searching of your systems, identify each point to be monitored, and release the silos, so that comprehensive management and monitoring of your systems is possible.

    From here, where else, we advise that if you are truly looking for a solution to get rid of blind spots from your monitoring, take a look at what Pandora FMS can offer you!

    Resources

    Pandora FMS plugin library

    Pandora FMS official forum

    I want to learn more!

    Nuestro Trial

    About Version 2 Limited
    Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

    About PandoraFMS
    Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
    Of course, one of the things that Pandora FMS can control is the hard disks of your computers.