Skip to content

Why use a managed services provider for your SASE implementation

As described by Gartner, Secure Access Service Edge (SASE) is a combination of networking and security services. Unifying both provides businesses with a streamlined and future-thinking approach to orchestrate their IT infrastructure. However, as a solution, it has its fair share of challenges in terms of deployment, administration, and management.

There are several routes that a business can take to transition to SASE: doing everything themselves or going to a vendor are just some of the options. For this reason, Managed Service Providers (MSPs) can be incredibly useful when making the leap more streamlined and convenient.

How do MSPs help enterprises migrate to SASE?

MSPs can reach out a helping hand to businesses that don’t want or can’t implement SASE by themselves. Enterprise as a client just picks what they need from MSPs, and everything is done for them. Though, it’s not unheard of to have a MSP provider choose the needed components for the organization. This converged approach is more effective and saves client organizations time.

general outline of SASE components

The external experts help businesses that may not have on-site specialists that could help them navigate various specific challenges associated with SASE. Choosing a SASE vendor is one of the most important IT decisions a business can make, so it’s very helpful to have someone to deal with product analysis, narrowing down the needed technologies, and planning network security schemes. It’s one of the most hassle-free methods to ensure optimal user experience when the transition to SASE is completed.

MSP benefits for SASE implementation

illustration of managed service provider benefits

Here is the list of principal benefits that MSPs bring to businesses moving to the SASE framework.

1. Experience

As MSPs provide their security and networking services in a very niche field, they have amassed considerable expertise in helping clients overcome various challenges associated with SASE. Dealing with various vendor platforms is something that MSPs deal with daily, so they already have all the necessary knowledge for in-depth consultations.

2. Scalability

One of the most important benefits that MSPs can provide is scale. Simultaneously they can support thousands of clients as their multi-tenant architectures are equipped to do just that. Most MSPs also invest resources to have multiple points of presence across the globe to provide service without interruptions for globally distributed workforces. A broad reach is paramount in ensuring stable connectivity when setting up SD-WAN elements of SASE infrastructure.

3. Time-saving

MSPs are often regarded as the quickest route to implement SASE. Going from the drawing board to operating infrastructure takes little time. As MSP has all bases covered, this means very rapid implementation of SASE services. In turn, this also cuts the time and creates a quick route to instant value.

4. Prioritization

As SASE is a complex service with many critical components, it can be difficult to wrap your head around what should be done first. MSPs can guide organizations through this minefield by clearly defining priorities that should be achieved. Not to mention that some SASE service components can be implemented only after completing some prerequisites. MSPs, therefore, streamline the whole rollout procedure by keeping it on track.

5. Execution

A typical business could be stuck at the proof of concept level when planning its SASE service approach, which can be costly and time-consuming. MSPs have an in-depth understanding of their client’s pain points, which makes them more equipped to tackle various practical issues. This saves the trouble of going the trial-and-error route when implementing SASE without external help.

How to choose the right MSP for SASE implementation

While MSPs help you to create SASE that works for you, you still need to pick an MSP provider that would be the right fit for you.

1. Know which MSP type is right for you 

The first decision you’ll have to make is to pick one of the main MSP types.

Build and operate — this type handles full SASE deployment, including software and hardware configurations, monitoring performance, and integrated response to incidents. This involves not only the setup but ongoing maintenance.

Build and transfer — MSP designs, configures, and deploys all needed equipment and transfers it to the client. From the handover, the customer is responsible for its maintenance.  

Takeover — after the organization creates and deploys its SASE solution, MSP makes strategic decisions for operations outsourcing.

Note that there still can be varieties and hybrids of these models. The agreements could be time-based, as the provider will maintain everything for a set duration, after which the organization agrees to take over.

2. Do background research on MSP capabilities

The second part of the equation is that MSP should match the organization’s requirements:

  • Can MSP match the enterprise’s scale?
  • Are necessary network security services provided?
  • Does MSP have the required expertise within the customer’s industry?
  • Are connectivity services provided along with security?
  • Is MSP providing an integrated product or combining different tools from separate providers?

A good match should align across the board with your setup requirements.

3. Check the price/value ratio

It’s essential to calculate whether relying on MSP makes sense financially. The return on investment can vary greatly depending on the used services, company size, and other agreements. This is a helpful exercise to rethink priorities and get the best solution that makes sense not only securely but money-wise.

4. Look into the SLA agreement

Finally, there is a question about legally binding contracts. MSPs heavily rely on Service Level Agreements to establish expectations with their clients. The document outlines the services that will be provided, the objectives, and any other relevant prerequisites. SLA metrics can vary greatly from one MSP to another, and it’s a client’s responsibility to ensure that their needs are addressed.

How can NordLayer help?

SASE and its network security component, Secure Service Edge, is an essential cornerstone of most enterprises’ digital transition. SSE combines cybersecurity technologies and concepts like ZTNA to deliver internet access security and network access management. This allows the development of a future-focused approach to an organization’s cybersecurity for growing modern businesses.

NordLayer helps to reduce risks associated with hybrid work or globally distributed workforces. As a complimentary addition to your IT infrastructure, it enhances network access control by segmenting the user base through Virtual Private Gateways and filtering out malicious websites from the employees’ browsing.

Get in touch with our experts today, and learn how NordLayer could improve your network security with a click of a button.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.


The Highlights of the IBM Cost of a Data Breach 2022 report

Companies of all sizes and industries should be concerned about the impacts of a data breach, since, according to the IBM Cost of a Data Breach 2022 report, its average cost is $4.35 million, and 83% of companies had more than one breach.

With this in mind, we prepared an article exploring the main information collected by this document. To facilitate your reading, we divided our text into topics. These are:

  • What Is the IBM Cost of a Data Breach Report?
  • IBM Cost of a Data Breach 2022 report: What’s New
  • Main Data Collected in the IBM Cost of a Data Breach 2022 Report
  • Topics with Detailed Results
  • Suggested Security Recommendations in the Report
  • About senhasegura

Enjoy the read!

What Is the IBM Cost of a Data Breach Report?

The IBM Cost of a Data Breach report is an annual survey of data breaches, which provides insights into hundreds of breaches so that the public can understand current cyber threats.
With nearly 20 editions, this document provides IT professionals with tools to deal with security risks, showing which factors can favor or help prevent cyberattacks.

IBM Cost of a Data Breach 2022 report: What’s New

In its latest edition, the IBM Cost of a Data Breach report has conducted more than 3,600 interviews with professionals from 550 companies that suffered violations between March 2021 and March 2022.
The questions made during the interviews aimed to evaluate the costs of organizations to respond to data breaches in the short and long term.

What’s more: the report has assessed the causes and consequences of the violations that occurred in 17 industries located in different countries and regions, and addressed the impact of certain factors and technologies to reduce losses.

Here are some new things from the IBM Cost of a Data Breach report:

  • The 2022 edition has brought analyses related to extended detection and response, the use of risk quantification techniques, and the impacts of individual technologies on zero-trust security structures;
  • It analyzed what contributes to higher data breach costs and the effects of supply chain commitments and the gap in security skills;
  • It examined areas of cloud security vulnerability to critical infrastructure;
  • It assessed, in greater depth than in previous years, the impacts of ransomware and destructive attacks; and
  • It studied the phenomenon of remote work, which many companies adopted due to the covid-19 pandemic.

Main Data Collected in the IBM Cost of a Data Breach 2022 Report

Check the key findings from the IBM Cost of a Data Breach 2022 report:

  • The average cost of a data breach was $4.35 million in 2022, an increase of 2.6% over the previous year, when the average cost was $4.24 million;
    83% of the companies studied suffered more than one data breach and only 17% said this was their first breach;
  • 60% of organizations had to increase the price of their services or products because of a data breach;
    The average cost of a data breach for the critical infrastructure organizations surveyed was $4.82 million – $1 million more than the cost for companies from other segments;
  • 28% of critical infrastructure organizations have suffered a destructive or ransomware attack, and 17% have been violated because of a compromised business partner;
  • Cyberattacks on companies with deployed security and automation AI cost $3.05 million less than violations on organizations that do not invest in these resources;
  • The average cost of a ransomware attack fell from $4.62 million in 2021 to $4.54 million in 2022;
    Stolen or compromised credentials remain a leading cause of data breaches, accounting for 19% of breaches in the 2022 study;
  • Leaks involving credentials are the ones that take the longest to be detected. On average, 327 days are required for identification and remediation;
  • Only 41% of the organizations in the study have deployed zero-trust security architecture;
    Violations related to remote work cost, on average, about $600,000 more if compared to the global average;
  • 45% of violations in the study occurred in the cloud;
  • The average cost of health-related violations has increased by almost $1 million, reaching $10.10 million;
  • The top five countries and regions with the highest average cost of a data breach were the United States, the Middle East, Canada, the United Kingdom, and Germany.

Topics with Detailed Results

The IBM Cost of a Data Breach 2022 report analysis 16 topics. These are:

  • Global Highlights;
  • Data Breach Lifecycle;
  • Initial Attack Vectors;
  • Key Cost Factors;
  • Security and Automation AI;
  • XDR Technologies;
  • Incident Response (IR);
  • Quantification of Risk;
  • Zero Trust;
  • Ransomware and Destructive Attacks;
  • Attacks on the Supply Chain;
  • Critical Infrastructure;
  • Cloud Violations and Cloud Model;
  • Remote Work;
  • Skills Gap; and
  • Mega Violations.

The following are five of these topics in detail:

Data Breach Lifecycle

We call the lifecycle of a data breach the time elapsed between the discovery of the breach and its containment.

According to the IBM Cost of a Data Breach 2022 report, the average time to identify and contain a data breach is currently 277 days. In 2017, the average time was 287 days, that is, 3.5% more.

In 2021, it took an average of 212 days to detect a violation and 75 days to contain it. In 2022, it took 207 days to identify the violation and 70 days to contain it.

The report has also shown that the less time an organization takes to identify and contain a data breach, the less its financial impact is.

However, the cost difference between a lifecycle of more than 200 days and a lifecycle of less than 200 days was lower in 2022 than in 2021: in 2021, the difference was $1.26 million, the largest in seven years and, in 2022, it was $1.12 million.

Incident Response

Relying on an incident response team reduces the average cost of a data breach and, according to the IBM Cost of a Data Breach 2022 report, 73% of the companies that participated in the survey claimed to have an incident response plan.

The report also pointed out that the average cost of a violation in these companies in 2022 was $3.26 million versus $5.92 million spent by companies without incident response resources, a difference of $2.66 million. In the previous year, this difference was $2.46 million, and in 2020, $1.77 million.

Zero Trust

The implementation of a zero-trust security architecture was performed by 41% of the companies that participated in the IBM Cost of a Data Breach 2022 report. In 2021, this number was lower: 35%.

The study also revealed companies that deployed zero trusts saved almost $1 million with data breaches when compared to those that did not invest in this concept.

This is because the average cost of a violation was $4.15 million in organizations with zero trust deployed and $5.10 mi
llion in companies that did not use the same approach.

When we talk about implementing zero trust in a mature stage, the economy is even greater, reaching more than $1.5 million. Companies with early-stage zero trust practices spent an average of $4.96 million on data breaches, while for those that had these practices consolidated, the average cost was $3.45 million.

Cloud Violations and Cloud Model

The Covid-19 pandemic has accelerated the mass adoption of remote work by organizations and, consequently, the use of technologies such as cloud computing, impacting cybersecurity.

However, the IBM Cost of a Data Breach 2022 report brings interesting data on the subject, which was analyzed for the second year: according to the document, 45% of violations occurred in the cloud. Moreover, the costs of breaches in private clouds are significantly higher than in hybrid clouds.

Another revealing fact is that 43% of companies claimed they were still in the early stages of their practices protecting cloud environments, showing that, in general, organizations still need to evolve a lot.

Nevertheless, the most worrying fact is that 17% of companies have yet to take any action to protect their cloud environments.

Remote Work

Since the beginning of the pandemic, the IBM Cost of a Data Breach report analyzes the impacts of remote work on data breaches. In its 2022 edition, the survey has shown data breach costs were higher for companies that have more employees working remotely.

In practice, companies that have between 81% and 100% of employees working outside the corporate environment had an average cost of $5.10 million. Companies with less than 20% of their team working remotely had to bear an average cost of $3.99 million, a difference of $1.11 million (24.4%).

In addition, the average cost of a data breach was $4.99 million for companies that had remote work as the cause of the breach, while this loss was $4.02 million when remote work was not the cause.

Suggested Security Recommendations in the Report

The IBM Cost of a Data Breach 2022 report also contains important security recommendations on its pages, which can help prevent problems with data breaches. Check them out:

Adopting a Zero Trust Security Model

According to the results of the study, organizations that implemented a zero-trust approach in their security at a mature stage have saved $1.5 million. Therefore, it is convenient to adopt this security model in your company to reduce the financial impacts of a data breach.

Protecting Cloud Environments with Policies and Encryption

Companies that have adopted mature cloud security practices have saved $720,000 compared to those that did not care about the subject. Thus, it is recommended to invest in security policies, data encryption, and homomorphic encryption to prevent data breaches.

Using Incident Response Manuals

Another highly recommended practice is to create and test incident response manuals, as companies that regularly test their plan have saved $2.66 million in violations over those that do not rely on an IR plan team or test.

Improving Incident Detection and Response Times

Added to security and automation AI, Extended Detection and Response (XDR) capabilities contribute to reducing the average costs of a data breach as well as its lifecycle. The study pointed out that companies with XDR deployed have reduced the lifecycle of a violation by 29 days, on average, when compared to organizations that did not implement XDR, saving $400,000.

Monitoring Endpoints and Remote Employees

Finally, the IBM Cost of a Data Breach 2022 report reinforces the need to monitor endpoints and remote workers, showing that violations caused by this modality cost almost $1 million more than violations in which remote work was not a factor.

About senhasegura

We, from senhasegura, are a company specializing in cybersecurity. Our mission is to provide our clients with sovereignty over their actions and privileged information.
To do this, we offer our PAM solution, which helps companies protect themselves from all the threats presented in the IBM Cost of a Data Breach 2022 report.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.


About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Why runZero is the best way to fulfill CISA BOD 23-01 requirements for asset visibility – Part 1

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently published the Binding Operational Directive 23-01 for Improving Asset Visibility and Vulnerability Detection on Federal Networks. CISA’s asset visibility requirements are doing a big part in moving the industry forward and evolving our approach to asset inventory while also highlighting the importance of asset inventory in relation to national or organizational security.

The directive covers both vulnerability management and asset inventory. This blog post only focuses on the relevant parts for asset inventory. However, there are some important areas where the two disciplines interact and asset inventory is better suited to fulfill the requirements.

CISA recommends unauthenticated scanning for asset discovery

Many organizations are using data sourced from authenticated vulnerability scans and installed EDR agents to derive asset inventory. CISA’s directive demonstrates that while this is a viable way to augment the data set, it is no longer sufficient:

“Asset discovery is non-intrusive and usually does not require special logical access privileges.”

“No special logical access privileges” translates to either unauthenticated active discovery or passive collection, which is confirmed in the following statement:

“Discovery of assets and vulnerabilities can be achieved through a variety of means, including active scanning, passive flow monitoring, querying logs, or in the case of software defined infrastructure, API query.”

API queries are only recommended for software defined infrastructure, such as cloud-hosting other virtualized environments, but not for your physical network.

Log files can be a helpful way to augment breadth of asset inventory but they do not yield depth. DHCP and DNS logs don’t yield much more information than IP addresses, hostname, and MAC addresses. This misses the essence of what a device is: you know it’s there but you don’t know what hardware and operating system it’s running or what ports and services are active.

CISA directive solves for unmanaged devices

When talking to security teams about challenges with their asset inventory, they frequently cite unmanaged devices as the biggest headache. The CISA directive seems to optimize for unmanaged devices since these are the hardest to cover.

Many asset inventory vendors, particularly those in the CAASM (Cyber Asset Attack Surface Management) space, claim that you can magically solve for unmanaged devices via integrations with existing tooling. That is a great pitch, but it ignores the fact that security teams have tried to use the data from vulnerability scanners and EDR agents for asset inventory for a long time and failed. They do not provide the right data–we’ll get to why in part two of this series.

CISA is well aware of this fact and recently published a binding directive that requires more than just integrations for solving asset inventory.

We’ll take a deeper look into why that is throughout this blog series. Stay tuned for more details and subscribe to our blog so you don’t miss out.

Follow the story

Part two of this story was published on Tuesday, January 18, so be sure to follow the story. Also, don’t forget to subscribe for regular blog notifications.

Try runZero for free

See how you can comply with CISA BOD 23-01 using runZero.

Get started
Learn more about runZero

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Fostering a culture of kindness at runZero

On October 3, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks. The directive requires that federal civilian executive branch (FCEB) departments and agencies perform automated discovery every 7 days and identify and report potential vulnerabilities every 14 days. Additionally, it requires the ability to initiate on-demand asset discovery to identify specific assets or subsets of vulnerabilities within 72 hours of receiving a request from CISA.

To meet these requirements, agencies will need to start with an accurate asset inventory. Most agencies will attempt to leverage existing solutions, like their vulnerability scanners, to build their asset inventories. It seems reasonable to do so, since most vulnerability scanners have built-in discovery capabilities and can build asset inventories. However, they will quickly learn that vulnerability scanners are not up for the task and cannot help them sufficiently and effectively meet the requirements laid out by CISA.

Let’s take a look at why agencies need a solution solely focused on asset inventory, in addition to their vulnerability scanner, if they want to tackle CISA BOD 23-01.

Asset inventory is a foundational building block

Every effective security and IT program starts with a solid asset inventory. CISA BOD 23-01 reinforces that imperative. Specifically, it states, “Asset discovery is a building block of operational visibility, and it is defined as an activity through which an organization identifies what network addressable IP-assets reside on their networks and identifies the associated IP addresses (hosts). Asset discovery is non-intrusive and usually does not require special logical access privileges.”

What does this mean? FCEB agencies looking to meet the requirements outlined by CISA BOD 23-01 must be able to discover managed and unmanaged devices connected to their networks. Internal and external internet-facing assets must be cataloged with full details and context. All within the timeframe outlined by CISA.

So now, the question is why vulnerability scanners can’t be used to meet the requirements laid out in the directive.

The challenges of asset inventory with vulnerability scanners

As the number of devices connecting to networks continues to grow exponentially, agencies need to stay on top of these devices; otherwise, they could provide potential footholds for attackers to exploit. However, common issues like shadow IT, rogue access, and oversight continue to make it difficult to keep up with unmanaged devices. BOD 23-01 highlights the importance of identifying unmanaged assets on the network. That’s why the need for a fully comprehensive asset inventory is the key to adequately addressing the directive.

So, why can’t vulnerability scanners deliver on asset inventory? Most vulnerability scanners combine discovery and assessment together, resulting in slower discovery times, delayed response to vulnerabilities, and limited asset details. As a result, most agencies are left wondering how they can do a better job building their asset inventories.

Combining discovery and assessment slows everything down

Vulnerability scanners typically combine asset discovery and assessment into one step. While on the surface, this appears to be efficient, it is actually quite the opposite. In regards to asset discovery, CISA BOD 23-01 specifically requires that FCEB agencies perform automated discovery every 7 days and identify and initiate on-demand discovery to identify specific assets or subsets of vulnerabilities within 72 hours of receiving a request from CISA.

Because vulnerability scanners leverage a lot of time-consuming checks, they’re not able to scan networks quickly enough. Add in the complexity of highly-segmented networks and maintenance windows, and it is nearly impossible to effectively utilize vulnerability scanners for discovery and meet the timing requirements outlined by CISA.

Under the new directive, assessing the potential impact of vulnerabilities becomes even more urgent. Agencies will need to perform on-demand discovery of assets that could be potentially impacted within 72 hours, if requested by CISA. When security news breaks, agencies need to respond as quickly as possible, but vulnerability scanners slow down the process. In a scenario like this, it would be more efficient to have a current asset inventory that agencies can search–without rescanning the network. This is particularly useful if agencies know there are specific assets they need to track down, they can query their existing asset inventory to identify them immediately.

For example, let’s say a new vulnerability is disclosed. Vendors will need some time to develop the vuln checks, and agencies will need to wait for the vuln checks to become available. Once they’ve been published, agencies can finally start rescanning their networks. Imagine waiting for the vuln check to be released, and then delaying the rescan due to scan windows. Without immediate insight into the potential impact of a vulnerability, agencies are playing the waiting game, instead of proactively being able to assess the risk.

How agencies can speed up discovery

So, what can agencies do? Let vulnerability scanners do what they do best: identify and report on vulnerabilities. Complement them with a dedicated solution that can automate and perform the discovery of assets within the timeframe set by the directive. In order to accomplish this, the asset inventory solution must be able to quickly and safely scan networks without a ton of overhead, be easy to deploy, and help security teams get ahead of new vulnerabilities.

Agencies need to have access to their full asset inventory, on-demand, so they can quickly zero in on any asset based on specific attributes. This information is invaluable for tracking down assets and investigating them, particularly when new zero-day vulnerabilities are uncovered. When the new zero-day is announced, agencies can find affected systems by searching across an existing asset inventory–without rescanning the network.

Meet CISA BOD 23-01 requirements with a dedicated asset inventory solution

It is increasingly evident that decoupling discovery and assessment is the most effective way to ensure that agencies have the data needed to accelerate vulnerability response and meet the requirements outlined in the directive. Because let’s face it: vulnerability scanners are really good at vulnerability enumeration–that’s what they’re designed to do. However, they really miss the mark when it comes to discovering assets and building comprehensive asset inventories. Because vulnerability scanners combine discovery and assessment, they aren’t able to scan entire networks quickly, and at times, they don’t fingerprint devices accurately.

As a result, many agencies are wondering how to meet the requirements outlined in CISA BOD 23-01 if they can’t depend on their vulnerability scanner for discovery. Agencies will need to start looking for a standalone asset inventory solution that is capable of performing unauthenticated, active discovery, while also enriching data from existing vulnerability management solutions.

How runZero can help a
gencies focus on asset discovery

runZero separates the discovery process from the vulnerability assessment stage, allowing agencies to perform discovery on-demand. Because runZero only performs discovery, it can deliver the data about assets and networks much faster than a vulnerability scanner. Customers have found that runZero performs scans about 10x faster than their vulnerability scanner, allowing them to:

  • Get a more immediate day one response to new vulnerabilities.
  • Gather as much information as possible about assets while waiting for vulnerability scan results.

That means, while waiting for vulnerability assessments to complete, agencies can already start digging into their asset inventory and identifying assets that may be impacted by a vulnerability. runZero regularly adds canned queries for assets impacted by newly disclosed vulnerabilities and highlights them via Rapid Response. Users can take advantage of these canned queries to instantly identify existing assets in the inventory that match specific identifiable attributes. For example, querying by hardware and device type can narrow down assets to a specific subset that may be affected by a vulnerability. All of the canned queries can be found in the Queries Library.

All in all, runZero is the only asset inventory solution that can truly help FCEB agencies stay on top of their ever-changing networks. By decoupling asset discovery from vulnerability assessment, agencies will gain visibility and efficiencies, while meeting the requirements set by CISA BOD 23-01.

  

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.


About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

4 Keys to Consider When Evaluating Cloud Data Protection Tools

External Article by Keepit Staff

Keepit’s Chief Customer Officer (and frequent contributing author to the Keepit blog) Niels van Ingen has been featured in Solutions Review as part of their “Premium Content Series” written by industry experts. 

As a true veteran in the data protection and management space — not only from a product point of view but also from a customer and business development one — Niels covers what he finds are the most important elements to consider when evaluating cloud data protection offerings.

Those who work in IT disaster recovery understand that data is perhaps a business’ most valuable asset that needs protection all day, every day. Implementing a SaaS backup and recovery plan is essential for nearly every aspect of business operations, and those who have not made it a top priority are literally flirting with disaster.

To read the full article entitled ‘4 Keys to Consider When Evaluating Cloud Data Protection Tools’ on Solutions Review, click here.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Top 10 cybersecurity predictions for 2023 you need to know

The cybersecurity landscape is ever-shifting. With new and advanced technologies developing at lightning speed, we can expect major digital security changes — and challenges — this year. So, what cybersecurity predictions can we make for 2023? Read on to find out.

#1 Possible spike in state-sponsored attacks

With Russia continuing to wage war in Ukraine and China’s president securing an unprecedented third term, we may see a spike in state-sponsored attacks.

In China, another five years in power may give the president the opportunity to launch more large-scale cyberattacks on Taiwan and other countries seen as a threat to the regime.

We can also expect Russia to launch cyber attacks on Ukraine or lash out against the states supporting Ukraine. These malicious activities may also come in response to the economic sanctions imposed on Russia.

#2 5G may present new security challenges

With the growing adoption of the 5G network, we’re likely to see new 5G security challenges in 2023.

Every new technology comes with security concerns — and 5G is no exception.

While 5G technology offers much greater speeds than 4G and potentially unlimited connectivity, it has several system vulnerabilities. The technology needs new cloud-based infrastructure to work, which creates more access points for hackers to exploit.

With the rapid 5G adoption and the significant global shortage of cybersecurity professionals, this technology could bring new cybersecurity challenges that are easy to overlook.

#3 Government surveillance may increase in some regions

Democratization has suffered a lot over the last few years, with global democracy reaching an all-time low.

Countries with strict authoritarian regimes, like China, Russia, and Iran, may increase government surveillance and censorship to maintain control. One example of surveillance could be China’s plans to review social media comments before they’re published.

The leaders of these countries may take even more steps to cut off users from the global internet, potentially resulting in more isolation, restrictions, and prosecution.

#4 This year could be big for data privacy

With corporations and criminals continuing to compete for your information, data privacy is more important than ever.

2023 may be the year data privacy gains much-needed legal protection from governments worldwide.

India, one of the world’s fastest-growing online markets, is expected to pass the Personal Data Protection Bill — its version of the GDPR — this year. The legislation will include requirements for companies to get individual consent, correct inaccurate personal data, and protect data rights.

We may also see data privacy laws tightening in the U.S., depending on Congress’ actions.

2023 could be the year that the American Data Privacy and Protection Act gains traction and finally establishes a data privacy framework on the federal level.

#5 We may see more blockchain-based cybersecurity solutions

Blockchain technology is beneficial for secure, decentralized information storage and exchange. Blockchain delivers unrivaled data integrity, transparency, and decentralization.

In 2023, blockchain will likely be applied to cybersecurity in new ways, helping to create advanced and virtually unbreakable digital security solutions.

Until now, using blockchain in cybersecurity has been very expensive because of how new the technology is.

However, blockchain is maturing and attracting substantial investment. Therefore, this year we may see blockchain technology increasingly being used in cybersecurity solutions.

#6 This year could be the end for third-party cookies

Google is working on phasing out third-party cookies in Chrome — another huge win for data privacy.

Third-party cookies are trackers that advertisers and website owners use to collect data and track user behavior. While first-party cookies mainly collect data about your user experience, third-party cookies track you around the web and pose privacy and security risks.

Firefox and Safari browsers already protect users from third-party trackers, and you can even disable cookies yourself. However, removing third-party cookies from Google Chrome is a major win for privacy because two-thirds of all internet browsing happens on Chrome.

#7 Hackers may carry out more supply chain attacks

Hackers are predicted to continue targeting organizations by launching attacks on weaker supply chain links. We’re already seeing this trend in 2022, and it is expected to grow in 2023.

The supply chain consists of a network of organizations, resources, individuals, and activities involved in the creation of one single product.

By targeting a weaker point in the attack chain, cybercriminals can take advantage of the trust organizations place in third-party vendors.

These attacks are likely to increase in 2023 — with businesses continuing to lose large sums due to production disruptions.

#8 Fileless malware may become a more serious threat

Fileless malware is malicious software that uses built-in applications to infect a device, making it extremely difficult to detect and eliminate.

This malware exploits software vulnerabilities in well-known and trusted applications you’ve already downloaded, leaving no trace of the attack on the device’s memory.

Fileless malware has been a cybersecurity threat since its emergence in 2017 — but it is likely to become even more damaging in 2023. Cybersecurity technologies are constantly evolving — but so are cyber threats.

Fileless malware has always been difficult to detect, but the sophisticated methods and tools attackers use make it even harder. While fileless malware isn’t easy to develop and execute, it can cause immense damage if done successfully.

#9 Cloud security may become more important

Most companies use cloud computing for storing files. Cloud technologies provide a centralized location for applications and data and are more secure than storing files on-premises.

However, several cloud security issues still exist. For example, misconfiguration of security settings or hijacking accounts could lead to data breaches or unauthorized access.

With more and more companies moving their data into the cloud instead of storing files locally, we are likely to see a growing number of attacks on cloud vulnerabilities. Therefore, improving cloud security is expected to be a crucial element of organizations’ security strategies.

#10 Consumer data breaches may decline

The following prediction may be good news for customers — but not for businesses: we’re likely to see a decline in consumer data breaches in 2023.

Cybercriminals are finding new and more profitable ways to make money. An increasing number of hackers turn to ransomware — demanding that the breached company pay a large sum of money to retrieve the stolen data.

Bot sales are becoming more common, too. Hackers can purchase bots with customer information without initiating a data breach.

These sophisticated techniques mean that hackers are less likely to leak your personal information and opt for the “big wins” instead.

How to increase your online security in 2023

We can expect many cybersecurity challenges this year, so taking the necessary steps to protect yourself online is paramount. Here are the main ways to stay safe and secure in the digital world:

  • Use strong, unique passwords. Weak passwords can cause serious damage. If your passwords are short, common, or something that could be easily guessed by a hacker, it’s like you’re leaving your door unlocked at night. Create strong, long, and unique passwords — or secure your passwords with a reliable password manager.
  • Stay in the know. Hackers are more successful with people who don’t know much about the dangers of the digital world. Make sure you know about the most common cybersecurity threats and what new, sophisticated hacking techniques are on the rise. Staying in the loop will help you spot anything suspicious — and protect yourself before anything happens.
  • Use a VPN. A VPN secures your internet connection and hides your IP address, protecting you from hackers and keeping your data private. If you choose NordVPN, you’ll also get free Threat Protection — an advanced cybersecurity feature that blocks annoying ads and intrusive trackers and scans downloads for malware. On top of that, a VPN protects you on public Wi-Fi, keeping your data safe and secure.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.


About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Multi-factor authentication best practices & strategy

Multi-factor authentication (MFA) requests more than one identification factor when users log into network services. These factors could be one-time codes delivered by secure third-party providers. Or they could be biometric identifiers.

The aim of MFA is to verify user identities and strengthen network protection beyond the level provided by traditional passwords. But how should you achieve this goal?

This blog will explain some core MFA best practices. It will also lead you through a step-by-step guide to implementing multi-factor authentication. The result should be an MFA system that ensures rock-solid network protection where it matters most.

MFA best practices

Multi-factor authentication is an essential addition to cybersecurity setups. Properly configured, MFA allows workers to relocate to their homes, connect remotely as they travel, and use cloud resources anywhere.

These MFA best practices will help you create an authentication system that meets your needs.

1. Plan the right MFA solution for your business

Multi-factor authentication is not a one-size-fits-all technology. Choose the right authentication system for your business needs. For instance, types of MFA to think about include:

  • Biometric scanning, such as retinal scans and fingerprints.
  • One-time passwords (OTP) delivered by tokens, email, or SMS.
  • Hardware devices such as security badges, cards and tokens.
  • Contextual factors such as keyboard behavior, location data, and the network are used to make a connection.

Workers could benefit from biometric scanning if your business relies on mobile devices. Quick, user-friendly biometrics can provide secure access away from the office. Smartphones are well-suited to techniques like fingerprint scans.

Workforces where remote working is routine, might prefer hardware tokens or tags. These small devices are easy to carry between work and home. The tokens will still be required to access network resources if devices are lost or stolen. So they are a good extra defense measure.

Whatever solution you choose, it must comply with network infrastructure. Find an MFA system that is compatible with critical apps and employee devices.

2. Create an enterprise-wide MFA solution

Multi-factor authentication solutions must cover all access points to network resources.

Carry out a device audit before sourcing any technologies. This will help you understand which types of MFA tech to choose and how to train employees to use authentication systems.

Cloud assets and on-premises resources should all be included. Protect all cloud endpoints with more than one authentication factor, with additional protections for high-value assets.

3. Manage change to bring users on board

The biggest problem with multi-factor authentication is ensuring employees use authentication tools consistently and safely. Workers may lapse into unsafe behavior if MFA is too time-consuming or complex. That’s why change management is all-important.

Plan a staged introduction that makes every user feel part of the process. Extra authentication methods will disrupt working practices, at least for a while. But if you approach employees as participants in the process, they will respond positively.

Inform users about upcoming changes at the start of the project. Explain how MFA will benefit workers and how user identification works. Answer any questions as the project unfolds. Workers need to know exactly what is required and how to comply with security policies.

Change managers can isolate areas of potential resistance. Focus on chokepoints like using third-party devices, managing biometrics, and password management. Provide training and refresh user knowledge after MFA comes online.

4. Create user-friendly MFA systems

When mainstreaming MFA, companies need to craft user-friendly solutions. Systems should minimize friction and maximize speed while remaining secure.

Explore ways to reduce the work of users. Adaptive authentication can remove the need for passwords and use device or location information alongside biometrics. Single sign-on portals can bring services together and make logging on easier.

Where possible, provide multiple options for users. Some workers will embrace retina or fingerprint scanning. For others, it could be impractical or intrusive. They might prefer hardware tokens.

When people choose their own solutions, they are more likely to feel in control. When they “own” their authentication choices, workers will be less likely to back-slide and abandon MFA.

5. Combine MFA with single sign-on (SSO)

As hinted above, one common solution for MFA is single sign-on (SSO). SSO creates a single identity security portal. This gateway allows users to access core resources according to their individual privileges.

SSO fits neatly with MFA. You can combine standard password portals with biometrics and one-time passwords. Using a single portal and extra identity verification factors balances user experience and network security.

  • SSO reduces employee workloads, providing instant system access to all relevant resources. That’s particularly useful when connecting remote workers to cloud assets.
  • MFA supplements password security. This solves some problems associated with SSO, including the repeated use of passwords or the reliance on weak passwords that are easy to hack.

6. Make use of contextual factors

Multi-factor authentication systems use more than biometric scanners and hardware tokens. MFA can also leverage contextual information about individual users and their devices.

Contextual information is passive. Users do not need to provide information consciously. Instead, agents detect data about the user’s device or location. Agents on user laptops can tell whether the computer is in the owner’s home or connected to insecure public wifi. Blacklisting screens out unknown devices or those accessing from unsafe locations.

Users move. They won’t always be located at home. And if employees request access from elsewhere, MFA systems ask them for additional information. That complicates matters for laptop or smartphone thieves with access to worker devices.

More advanced authentication factors are also available for extremely high-security situations. Techniques like liveness testing and biometric keyboard verification provide maximum information about user identities. These contextual factors represent an extremely strong barrier against data thieves when used with physical tokens.

7. Think about passwordless solutions

In some cases, MFA allows companies to remove traditional password access from their network perimeter. Passwords are clumsy to use. Few employees use strong passwords or store them safely. Going passwordless can make a lot of sense from a security perspective.

MFA can use contextual information about mobile devices, user locations, or even user behavior. These factors may be sufficient to allow access when combined with biometric data. This saves time while providing a degree of security. However, strong passwords should be retained to access sensitive data and critical workloads.

8. Implement the least privilege to secure network assets

MFA can apply uniformly to all users, but it’s also better to implement role-based MFA to enforce the principle of least privilege. Part of Zero Trust Network Access (ZTNA), this principle states that users should only have access to essential data and applications. All non-essential resources should be off-limits.

Identity and Access Management and network segmentation are core ZTNA technologies, but MFA also plays a role.

MFA systems can ask for additional information when users try to exercise administrative functions. MFA can also apply conditional access to high-security databases and request additional user credentials at regular intervals.

9. Use provisioning protocols for cloud compatibility

Companies can combine MFA systems and critical cloud assets by using provisioning protocols. For instance, Microsoft Azure Active Directory supports protocols like RADIUS and Oauth 2.0.

Standard protocols like RADIUS make it easier to combine legacy network tools and cloud applications. MFA systems must operate across all network devices and resources. Adopting an approach based on standard protocols makes this possible.

10. See MFA as an ongoing process

Deploying MFA doesn’t end when users start to apply biometrics or hardware tokens. Companies must see authentication as an ongoing challenge requiring constant attention and regular audits.

The threat landscape does not stand still. New phishing techniques emerge monthly. Novel malware threats can compromise previously secure endpoints. Network managers must be aware of these developments. Security teams must update MFA systems to reflect real-world cybersecurity risks.

Regularly assess MFA systems to ensure they are delivering effective security. Are workers using them properly? Do you need to use more or different authentication factors? Are any gaps not covered by authentication processes?

Companies also need to be persistent and determined when deploying MFA. Most MFA solutions experience problems. Users regularly report difficulties, which can cause IT teams to roll back authentication projects. Resist this urge.

Provide support to any departments or individuals experiencing issues. Drill down into the concerns reported by users. They may detect technical issues that were not apparent to security professionals.

Above all, don’t expect overnight success. MFA eventually becomes embedded in everyday work, but this won’t happen immediately.

Step-by-step MFA implementation strategy

When implementing MFA, here are the steps to follow:

1. Train users in how MFA works

Employee education is critical when implementing MFA. Every process must be centered around upskilling and reassuring users.

Poorly informed workers may resist authentication techniques or back-slide to unsafe practices. Here are some things to bear in mind when training staff:

  • Regularly communicate via email from the start of the project. Timely emails will ensure staff are aware of timescales and security policies. They can include contact details for project leaders.
  • Create ways for staff to engage with project managers. Messaging apps like Slack are a good option here. Make staff available to field any queries and provide updates if requested.
  • Stress the positive aspect of MFA. Always focus on why you are introducing MFA and how it will help individuals.

2. Design an MFA system to suit your needs

Choosing the right form of multi-factor authentication is critically important. Some companies find that biometric scanners like facial recognition are appropriate. This works well when end users have access to smartphones with reliable cameras and fingerprint scanners.

Other companies prefer to distribute hardware tokens to remote workers. Tokens provide one-time passwords and can be tracked remotely by security managers.

Questions to ask when choosing an MFA solution:

  • What kind of devices will use your MFA system?
  • Is there a mixture of work-from-home and on-premises end users?
  • Is ease of use more important than pure identity security?
  • Do you need sophisticated solutions with fine-grained MFA controls?
  • Is cost an overriding factor, or can you afford to spend more?
  • What apps and services will your MFA solution interact with? Compatibility is essential to avoid friction and improve the user experience.

3. Apply privileges to roles and individuals

Create privilege levels for different access requests. This allows individuals to access core resources while keeping sensitive data off-limits to those who do not need it.

You might want to request extra identity data when accessing customer records or executing admin commands on cloud platforms. MFA requests every few hours may also be needed when accessing financial records.

Some resources may not need MFA at all. Contextual controls and passwords could be sufficient to protect low-sensitivity resources. However, risk assesses each asset to avoid leaving confidential data exposed.

4. Make sure your MFA implementation is compliant

Authentication is a core aspect of major data security regulations, including HIPAA, GDPR, and PCI-DSS. Sectors like health care or financial processing have specific requirements absent from other business areas. Knowing which regulations affect your business is absolutely vital.

For example, PCI-DSS requires:

  • Strong encryption of all customer data
  • Three-factor MFA for any servers handling customer data
  • Identity management to ensure customer records can only be accessed by authorized individuals

Third-party authentication providers should possess the accreditation. Look for an Attestation of Compliance (AOC) with PCI-DSS or HIPAA. This means the provider has been independently assessed as meeting compliance standards.

5. Create a streamlined way to request backup factors

Sometimes employees lose authentication hardware or business laptops. In these cases, they will probably also lose MFA data. Security best practice involves resetting the user’s account with a backup factor and creating a new set of authentication information.

One option is to enable multiple devices on a single account. If users have more than one authorized device, they can use it to request backup factors and reset their accounts.

Security teams should also be prepared to remove authentication factors from user accounts when thefts occur. There should be a clear process for quarantining compromised factors, making it tough for thieves to use stolen identity credentials.

6. Plan to on-board new remote workers

All work-from-home equipment must be audited and authorized with MFA software installed. But setting up MFA with remote workers can be time-consuming. It may leave security vulnerabilities if staff is left to their own devices.

Many companies provide work laptops for new hires. If you take this route, take time to lead staff through the MFA onboarding process. If necessary, schedule video meetings to explain the process. That way, you can verify that staff properly follow every step.

7. Configure adaptive MFA controls

Before MFA goes live, explore additional security controls your provider offers. This should include adaptive systems to detect anomalies and meet threats proactively.

At this stage, you can blacklist certain access locations. For instance, you may blacklist all public wifi hotspots. But you could even limit access from entire continents.

8. Plan to audit your MFA solution

Plan to reassess your authentication setup regularly. Every MFA implementation experiences some problems. They are generally not deal-breakers and tend to involve easing users into the authentication process.

Check that users are following MFA practices. And make sure privileges match up with risk assessments. Do multiple factors protect confidential data, or can general users access databases?

As new threats emerge, authentication systems can become outdated. Be prepared to update software or add new factors if the situation changes.

How can NordLayer help with MFA implementation?

NordLayer offers a suite of security tools allowing companies to create secure SSE architecture at the network edge. Guard cloud assets, on-premises data centers, and remote work laptops. And make life easy for workers to carry out their tasks.

Our products include 2FA or MFA for authentication to increase security levels while connecting to company networks. NordLayer caters to apps like Google Authenticator or Authy and USB devices to deliver security keys.

Adding MFA is quick and easy, especially when you combine authentication and SSO. The result is all-around security for critical business assets. To find out more, get in touch with the NordLayer team today.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.