Connect with us

Cyber Security

Zero-Factor Authentication: Owning Our Data

Published

on

Are you asking the right questions to determine how well your vendors will protect your data? Probably not.

Let’s say you own a small business, and you want to get a payroll service to help with withholding taxes and automatic deposits into your employees’ accounts. That’s a very useful, powerful service: You’re giving a third party the right to withdraw funds from your bank account and send them to others. 

Being switched on to security, you’d look for a payroll company that supports multifactor authentication (MFA) based on a time-based one-time password (TOTP) application, knowing that SMS-based two-step login is effectively (in the words of Allison Nixon and Mark D. Rasch at Unit 221B Research) zero-factor authentication.

The trouble is, as of about three weeks ago, none of the major online payroll companies offered this feature. If you ask those companies, they’ll say they offer SMS-based two-step login and then assure you they take security seriously. 

I found one firm that does support application-based MFA: I’ll call it Payroll Company B. PCB isn’t a payroll company as much as a professional employer organization, but still, it does payroll — for twice the price of the others I just mentioned. 

Anyway, you sign up. And after you go through the rigamarole to get the TOTP application working, if you’re attentive, you may discover a seedy backdoor: If you were to forget the Web front end,call PCB’s toll-free support number, and tell the company you need to make an account change, the entire authentication regime falls apart with these dreaded words:

“For security purposes, please tell me your full name and the last four digits of your Social Security number.”

Yes, it verifies your identity by asking you for public information. Once provided, no further authentication is required, and you can request a password change, or the removal of TOTP-based MFA, or, presumably, to send Bob’s paycheck to Alice. You’re in.

And you’re root because it has verified your identity. After all, who else could possibly know your full name and last four digits of your Social Security number?  

Who indeed?

Without installing, for example, a proper and secure multifactor, telephone-voice-based authenticator capability, these companies are left to improvise methods to hack together a security story to offer to security-conscious customers. After I discovered its glaring password reset vulnerability, I spoke with a helpful PCB supervisor and asked him to disable phone support. He cheerfully (and genuinely) promised to do so, saying he put a note in my account. I waited two weeks, phoned back, authenticated with a different rep using just my name and last four digits of my SSN, then asked the rep to close my account. In the company’s failure to fix the problem, it made liars out of dedicated and creative support staff.

Forget Password Policy. What’s Your Password Reset Policy? 
This vulnerability is so mind-thwackingly obvious that I cannot believe I need to say this, but it also raises an important issue that is relatively unaddressed by my colleagues in the financial services world: When we do vendor onboarding and qualify the vendor’s security policies, are we asking the right questions? 

Or are we sending them a 120-question spreadsheet containing lots of questions about firewall rules and antivirus? As a friend who is a very high-ranking financial services security leader said to me the other day, “Oh, that doesn’t happen. I’ve never sent a spreadsheet like that in the last week … “

This is not a theoretical issue. Recently, there was an attack that worked like this: The attackers had an in at a national mobile carrier and SIM-swapped the phones of some people in a targeted industry. They then used the pirated mobile numbers to call a firm that specializes in outsourced services to that industry, claimed to be the SIM-swapped employees, and requested — verbally —  password resets. That worked, as it would have worked at PCB.

This was an attack against a third party that for many firms would have bypassed entirely the security monitoring they have in place to defend their assets. The phone was swapped at the carrier, and the password reset was done at a third party, which also set up the fraudulent transactions when the crooks logged in to that service. The firms that didn’t fall victim to this last phase were those that did transaction anomaly detection fast enough to understand the transaction was weird. 

Would your firm have caught it? More importantly, would your vendor procurement process and onboarding have asked the question, “Do you allow password resets via voice call?” 

Many companies don’t ask the question. I spoke with colleagues at household names in the financial services space, and many firms are struggling to catch up.

What is clear is that we are all trusting cloud-based companies more often, if not exclusively, to handle those parts of the business we seek to outsource. Looking at the standard questionnaires, I see a lot of question-types missing. 

For example, rather than asking lots of questions about endpoint antivirus or whether the vendor’s facility is in a location with little to no risk of natural disaster, terrorism, or civil unrest, it might be good to ask whether the vendor has separate production and nonproduction environments, or how their admins and developers access the environments, or how customer password resets are done.

In other words, we need to ask questions designed to understand the ways someone could subvert the vendor’s authentication and access control regime. 

I’ll be speaking about some of these things at the RSA Conference 2020 in San Francisco on February 26. I hope you will leave comments here and chat with me there. 

Related Content:

Nick Selby is the Chief Security Officer for Paxos Trust Company, which creates contemporary infrastructure to support global institutional financial transaction settlement. Prior to Paxos, Nick served as Director of Cyber Intelligence and Investigations … View Full Bio

More Insights

Source: https://www.darkreading.com/attacks-breaches/zero-factor-authentication-owning-our-data/a/d-id/1337068?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cyber Security

How To Choose The Right Sales Training Software For Your Team?

Published

on

Digitization of business processes involves the use of the right software to boost the performance of your tasks. Whether it’s in your human resource department, manufacturing section, or procurement office, the use of technology can help in boosting the productivity of your business. In the same token, you can digitize the training of your sales representatives.

For your new sales personnel, they may have initial challenges about knowing the ins and outs of your products and the target customers. As a result, you may need sales training software to help your sales team gain the knowledge and best practices required for new sales employees. Additionally, you can use this software to test and improve their selling skills.

If you’re planning to purchase sales coaching software for your business, this article presents you with a step-by-step process of choosing one.

Right Sales Training Software
Right Sales Training Software

Table of Contents

Identify Participants

Foremost, you have to single out the sales stakeholders from within your business. Let the selected team know the goals and strategies of your organization since they’ll be working closely with the software provider to develop efficient training solutions and courses.

Search For Leading Sales Training Companies

After putting together a team of leaders and managers to trailblaze the process, research the top-rated agencies dealing with sales training software. Look for the following in identified companies:

  • The scope of the training modules offered
  • Delivery strategies and innovation
  • Authority in the field and thought leadership.
  • Relevance and quality of training topics

SEE ALSO:

Test Bench

Other areas of interest may include:

  • Experience: Time spent in the industry is critical for the success of a sales training provider. Expect that a company with many years of experience has had time to refine its strategies and concepts for maximum results.
  • Customization Abilities: Every business is unique and would require a different software from another. Ensure that the company you hire can customize your selling situations, language, and case studies to reflect your business.
  • Assessments: Short exams are key in determining the strengths of your trainees. Software that gives quizzes helps improve the general effectiveness of the training program.
  • Coaching Reinforcement: Your choice of sales training application ought to have a well-defined program that’s interactive, engaging, and is easy for your sales processes.
  • Continuity Mentoring: The program offered should be able to facilitate the sales management to upskill the employees once the training is over.
  • Visionary: Sales is a dynamically changing field. Thus, get a company with thought-leadership resources and training solutions. Moreover, your sales training provider should be able to evolve and be up-to-date with current sales trends.

Interview Select Providers For The Best Fit

Once you’ve trimmed down the list of potential sales training software providers, you need to now conduct a further check for each of the providers. This should help you know which organization has the best software that’d satisfy your business sales training needs.

SEE ALSO:

Building Code Creatively with CI/CD

Be observant in the course of the conversations to know how each of the software on offer will boost the effectiveness of sales in your organization. You may try yourself in the buyer’s position to have a feel of how the customers might be impacted by the knowledge gained by the sales team.

You can use the following list of questions to interview your potential software providers concerning the sales training software:

  • Can I see your training software before I commitThis question is geared to you having a look into the training courses before you can commit to buying the software. Regardless of whether you visited the organization physically, or you’re having an online communication, you should be given a tour through the software to see whether or not it meets your organization’s needs.
  • How can you customize your software for my business? A successful software ought to be tailored to cover your specific business challenges, industry culture, and selling scenarios. A customized software program will include relevant case studies that participants can identify with. This means that they’re in a position to employ the new skills in their sales efforts.
  • How is your software different from others? From the response of your interviewees, you may see which software handles your business challenges well. Moreover, you may get software that goes beyond your needs. This means it’ll boost your sales training and effectiveness beyond your expectations.
  • Who are your customers? Reputable sales training software providers deal with leading companies in the industry. You may ask for the names of their clients and contact them to know how the software has helped them. Software that didn’t help a client will receive negative feedback.

SEE ALSO:

Cybersecurity 101: 5 Pitfalls Your Business Should Watch Out For

Wrapping Up

The effectiveness of any software lies in its ability to meet the needs of your business and instill best practices in your sales team. This is also the case with sales training software. When looking for sales training software, establish a team from your sales department and other departments to help you identify the most suitable software for your sales labor development ambitions. Finally, have a list of software providers you should interview to see who meets your training needs.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/how-to-choose-the-right-sales-training-software-for-your-team/

Continue Reading

Cyber Security

Dell announced New EMC PowerScale Features as Well as Other Security Enhancements

Published

on

On Wednesday, Dell announced a number of new features for its EMC PowerScale NAS solution, claiming that the tools “offer more flexible consumption, administration, protection, and security capabilities to eliminate data silos and enable you better use unstructured data.”

The PowerScale hybrid (H700 and H7000) provides 75 percent greater performance than equivalent nodes, according to the business, while archive nodes (A300 and A3000) are two times more effective than comparable goods.

“New PowerScale OneFS and DataIQ software enhancements expand storage management, performance monitoring, auditing and compliance capabilities to simplify file storage at scale. Enhancements to our API-integrated ransomware protection capabilities keep data protected from cyberattacks and now offer cloud deployment options in addition to on-premises,” Dell explained in a release. 

“Dynamic NAS Protection, available with PowerProtect Data Manager, delivers a simple, modern way to protect NAS systems through enhanced backup for file data enabling up to 3X faster backups and up to 2x faster restores.”

“Dynamic NAS Protection, which is included with PowerProtect Data Manager, provides a simple, modern solution to safeguard NAS systems by providing up to 3X quicker backups and up to 2X faster recoveries for file data.”

The H700, H7000, A300, and A3000 are a “refresh” of the Isilon series of products introduced last year, according to Dell. The new nodes, according to Dell, include more processors, memory, and cache, as well as more networking and compatibility options.

SEE ALSO:

What Is Security Operations Center?

The Dell EMC PowerScale, according to Nassos Galiopoulos, CTO of the University of Texas at San Antonio, enables many nodes for transferring unstructured data throughout the school’s HPC environment at fast rates and scaling swiftly to accommodate their exponential data growth.

“We now handle billions of records, along with big data analytics, AI, and machine learning, with tremendous velocity, variety, and volume,” Galiopoulos said.  Later this quarter, Dell will also be releasing updates to OneFS that will allow the OS to “deliver writable snapshots, faster upgrades, secure boot, HDFS ACL support, and improved data reduction and small file efficiency.”

DataIQ was recently updated to make it easier for users to manage big scale clusters, including UI improvements and the ability to generate reports to monitor volumes by time stamps.

Dell has introduced new security capabilities aimed at assisting businesses in dealing with ransomware threats. The “Superna for PowerScale Cyber Protection and Recovery solution” was created to help businesses respond to and recover from ransomware attacks. It now also comes with the Superna Ransomware Defender utility.

“With this solution, customers can recover their data from a cybersecurity event leveraging the public cloud. A new Superna AirGap Enterprise provides more advanced automation to the air gap feature,” Dell explained. 

“Additional new productivity features to Superna’s Search and Recover and Easy Monitor capabilities also further expand PowerScale’s exceptional management and control capabilities. For organizations looking to easily manage, incremental-forever NAS data protection with rapid recovery at the file level, today we announced Dynamic NAS Protection, a simple, modern way to protect your NAS systems.” 

Drew Hills, an infrastructure analyst at USC Australia, said his company has several rules in place to secure files on their NAS and Windows File Clusters, and that they use a number of backup ways to do so.

“With PowerProtect Data Manager, Dynamic NAS Protection automatically slices shares, filesystems and volumes into multiple streams that run in parallel within the same policy,” Hill added. “It also automatically balances and scales across resources, simplifying management while accelerating backups faster than ever before.”

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/dell-announced-new-emc-powerscale-features-as-well-as-other-security-enhancements/

Continue Reading

Cyber Security

The Network Assessment Benefits for Managed Service Providers

Published

on

The Network Assessment Benefits for Managed Service Providers- A network assessment aids businesses in gaining a complete picture of their network and its current state. It also provides them with information on how to improve the processes’ overall performance and fix security flaws. Before signing a service contract, Managed Service Providers (MSPs) might conduct a network evaluation to get a true view of the existing network of potential customers. The MSP would not know the scope of faults or vulnerabilities in the possible new client’s network without an assessment. They have a blind spot in terms of how to fix network problems and how to grade their service due to their lack of knowledge.

Table of Contents

The Network Assessment Benefits

The following is a list of network assessment benefits for Managed Service Providers:

Identify the Bottlenecks that are Causing Problems

The MSPs may be contacted by the client for a variety of reasons. When the MSP completes a network assessment, they will be able to establish whether the problem is due to old technology, the quantity of users at peak hours, or even the materials utilised for connectivity. A network assessment identifies these bottlenecks, allowing you to determine where to begin fixing the problems.

SEE ALSO:

Antitrust complaint against Apple in Russia by kaspersky

The connections that are used can have an impact on network performance. Other difficulties that affect network performance include inefficiencies, bottlenecks, problems with equipment installation, issues with network devices such as routers, and other performance issues caused by users, apps, hardware, or connectivity. To improve the current status of the network, an MSP can identify bottlenecks and add or reduce specific elements in the network.

Set a Baseline for Normal Performance

Monitoring networks and providing solutions are ineffective unless a strong baseline for normal performance has been established. A network assessment can assist in establishing a baseline as well as establishing thresholds at which a warning can be generated to alert of a potential network problem or a security breach in the infrastructure.

Determine the Capabilities & Shortcomings of the Client’s Network

MSPs can’t start planning a network’s future until a client tells them where they are now. This is when a network analysis comes in handy.

What are their network’s advantages and disadvantages? A professional network assessment reveals the sources of any network interference, as well as areas of high user density, the apps that consume the most bandwidth, the devices that cause the most congestion, and any network design issues they may have. Alternatively, the evaluation can highlight all of the things your network designers and managers are doing correctly.

SEE ALSO:

Advantages Of Using Network Security Assessment Tools

Manage Client’s Inventory

Is the client aware of what equipment they have in their warehouse? Is it still possible for them to use them? Or any other equipment that is nearing the end of its useful life. They require a network evaluation to get a handle on their hardware inventory and IT assets.

What kind of hardware and gadgets do they have connected to their network? To develop a strategy for monitoring IT assets, you must first determine what is in their infrastructure. This also allows them to distinguish between vital devices and software and those that should be discarded because they are putting their network at risk. The insecure hardware and software have unnecessary flaws, are obsolete, or need to be changed.

A Chance to Get the Latest Technology

A network evaluation can detect ageing network hardware that is slowing things down or causing security flaws. It can also assist you in identifying any firmware that needs to be updated, allowing you to budget for new equipment to replace the old. Old gear can cause more than just performance issues; it can also contribute to security flaws, which businesses can no longer afford in the age of data breaches. It’s an opportunity for a fresh start in the development of your network.

SEE ALSO:

What is Adware? Definition and Methods to Remove?

Receive Documentation of the Findings

MSPs utilise network assessment tools to get a quick overview of the network’s health. Following the evaluation, all of these findings are presented to the clients in a written report. It basically provides answers to all of the questions on their network audit checklist. The report outlines what they need to do to alleviate network congestion, fight for a larger budget from the C-suite, and use the funds for upgrades, updates, training efforts, and more.

Conclusion

We hope that the MSPs and their clients gained a better understanding of how valuable network evaluation software can be to their businesses. In light of the aforementioned advantages, network assessment aids key decision-making in every IT department. If you’re looking for a reliable network evaluation programme, choose ITarian Network Assessment Software.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/the-network-assessment-benefits-for-managed-service-providers/

Continue Reading

Cyber Security

The Network Assessment Benefits for Managed Service Providers

Published

on

The Network Assessment Benefits for Managed Service Providers- A network assessment aids businesses in gaining a complete picture of their network and its current state. It also provides them with information on how to improve the processes’ overall performance and fix security flaws. Before signing a service contract, Managed Service Providers (MSPs) might conduct a network evaluation to get a true view of the existing network of potential customers. The MSP would not know the scope of faults or vulnerabilities in the possible new client’s network without an assessment. They have a blind spot in terms of how to fix network problems and how to grade their service due to their lack of knowledge.

Table of Contents

The Network Assessment Benefits

The following is a list of network assessment benefits for Managed Service Providers:

Identify the Bottlenecks that are Causing Problems

The MSPs may be contacted by the client for a variety of reasons. When the MSP completes a network assessment, they will be able to establish whether the problem is due to old technology, the quantity of users at peak hours, or even the materials utilised for connectivity. A network assessment identifies these bottlenecks, allowing you to determine where to begin fixing the problems.

SEE ALSO:

Task to verify organizational protection against advanced threats free email security penetration testing Tool

The connections that are used can have an impact on network performance. Other difficulties that affect network performance include inefficiencies, bottlenecks, problems with equipment installation, issues with network devices such as routers, and other performance issues caused by users, apps, hardware, or connectivity. To improve the current status of the network, an MSP can identify bottlenecks and add or reduce specific elements in the network.

Set a Baseline for Normal Performance

Monitoring networks and providing solutions are ineffective unless a strong baseline for normal performance has been established. A network assessment can assist in establishing a baseline as well as establishing thresholds at which a warning can be generated to alert of a potential network problem or a security breach in the infrastructure.

Determine the Capabilities & Shortcomings of the Client’s Network

MSPs can’t start planning a network’s future until a client tells them where they are now. This is when a network analysis comes in handy.

What are their network’s advantages and disadvantages? A professional network assessment reveals the sources of any network interference, as well as areas of high user density, the apps that consume the most bandwidth, the devices that cause the most congestion, and any network design issues they may have. Alternatively, the evaluation can highlight all of the things your network designers and managers are doing correctly.

SEE ALSO:

Mobile Devices Need To Be Cleaned Every Day To Avoid Coronavirus

Manage Client’s Inventory

Is the client aware of what equipment they have in their warehouse? Is it still possible for them to use them? Or any other equipment that is nearing the end of its useful life. They require a network evaluation to get a handle on their hardware inventory and IT assets.

What kind of hardware and gadgets do they have connected to their network? To develop a strategy for monitoring IT assets, you must first determine what is in their infrastructure. This also allows them to distinguish between vital devices and software and those that should be discarded because they are putting their network at risk. The insecure hardware and software have unnecessary flaws, are obsolete, or need to be changed.

A Chance to Get the Latest Technology

A network evaluation can detect ageing network hardware that is slowing things down or causing security flaws. It can also assist you in identifying any firmware that needs to be updated, allowing you to budget for new equipment to replace the old. Old gear can cause more than just performance issues; it can also contribute to security flaws, which businesses can no longer afford in the age of data breaches. It’s an opportunity for a fresh start in the development of your network.

SEE ALSO:

“Free” Covid-19 Testing Is the Next Phishing Scheme

Receive Documentation of the Findings

MSPs utilise network assessment tools to get a quick overview of the network’s health. Following the evaluation, all of these findings are presented to the clients in a written report. It basically provides answers to all of the questions on their network audit checklist. The report outlines what they need to do to alleviate network congestion, fight for a larger budget from the C-suite, and use the funds for upgrades, updates, training efforts, and more.

Conclusion

We hope that the MSPs and their clients gained a better understanding of how valuable network evaluation software can be to their businesses. In light of the aforementioned advantages, network assessment aids key decision-making in every IT department. If you’re looking for a reliable network evaluation programme, choose ITarian Network Assessment Software.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/the-network-assessment-benefits-for-managed-service-providers/

Continue Reading
Esports9 mins ago

Quartet of teams complete IEM Fall 2021 Europe team list

Energy20 mins ago

Spire to Present at Sidoti Virtual Investor Conference on September 22

Energy30 mins ago

Proman begrüßt den Vorstoß Großbritanniens, die Schifffahrt bis 2050 völlig emissionsfrei zu machen

Energy32 mins ago

Proman se réjouit de la volonté du Royaume-Uni de parvenir à zéro émission dans le transport maritime d’ici 2050

Esports32 mins ago

MethodZSicK and DagaT1 win World Series of Warzone EU No. 2, ChowH1 secures $100,000 from Solo Yolo game

Esports32 mins ago

League fan celebrates wedding with massive Baron-themed cake

Esports39 mins ago

The International 10 will welcome in-person fans, to require masks and proof of vaccination for all attendees

Esports46 mins ago

Improving on a winning formula: Pwnage Ultra Custom Wireless Symm 2

Esports55 mins ago

Will Deltarune Chapter 2 be free?

Energy1 hour ago

Ballard Announces Launch of FCmove™-HD+

Esports1 hour ago

How to fix dev error 6634 in Call of Duty: Warzone?

Esports1 hour ago

How to fix dev error 6634 in Call of Duty: Warzone?

Esports1 hour ago

NBA 2K22 Next Gen Takeover Tier List

Esports1 hour ago

Deathloop Gas Room: How to Complete the Puzzle

Esports1 hour ago

Deathloop Aleksis: How to Find and Defeat Him

Esports1 hour ago

How to unfollow someone on Twitch

Esports1 hour ago

How to unfollow someone on Twitch

Esports1 hour ago

How to do Jelly Layups in NBA 2K22

Esports1 hour ago

Vanguard Beta Filled with Technical Issues on Xbox

Esports1 hour ago

Best bow build in New World

Esports1 hour ago

Best bow build in New World

Esports2 hours ago

NBA 2K22 The Game Quest Explained

Energy2 hours ago

New Pacific Reports Financial Results for the Year Ended June 30, 2021

Energy2 hours ago

Cameron LNG CEO To Retire

France
Esports2 hours ago

Vitality overcome Liquid at BLAST

Energy2 hours ago

AMP Appoints Prominent Strategy and Engineering Executives, Expands Leadership in Battery, Charging and Cloud Solutions Across E-Mobility

Esports2 hours ago

Gambit Esports eliminate Crazy Raccoon, secure spot in VCT Masters Berlin playoffs

Fintech2 hours ago

What You Saw and What You Missed at FinovateFall 2021

Esports2 hours ago

How to fix Apex Legends error code leaf

Esports2 hours ago

Atlanta Reign’s Pelican will play in Overwatch League playoff games

Trending

Copyright © 2020 Plato Technologies Inc.