RUBLON – CENTRALLY MANAGED MULTI-FACTOR AUTHENTICATION (MFA) FOR YOUR ENTIRE IT INFRASTRUCTURE

Why choose Rublon solutions to centrally manage multi-factor authentication (MFA) for your entire IT infrastructure?

 

Rublon is a Polish company and a global leader in cybersecurity and a manufacturer of advanced multi-factor authentication (MFA) solutions. The company's flagship product is Rublon MFA - an intuitive and advanced platform that enables secure employee access to the organization's IT resources and compliance with data protection regulations. Founded in 2011 in Poland, the company quickly gained international recognition for advanced technologies that protect the digital identity of employees and the resources of companies from various sectors of the economy.

Rublon has customers in over 50 countries and is constantly developing its products, making it an excellent choice both for protecting critical assets in public administration and for achieving compliance with security regulations in the technology industry or the healthcare sector.

 

How to ensure security at every level of IT infrastructure?

 

Rublon MFA is a solution that enables central management of multi-factor authentication for the entire IT infrastructure from a single administration console. Regardless of whether employees log into the corporate network, servers, endpoints or applications, Rublon provides secure access to these resources. This ensures that all logins are properly secured and access to key resources is controlled and monitored from one place.

 

What authentication methods are available with Rublon MFA?

 

Rublon offers a wide range of authentication methods, such as WebAuthn/U2F Security Key, Mobile Notification, Passcode (TOTP & Bypass Code), YubiKey OTP, QR Code, SMS Code, SMS Link, and Email Link. Users can use their mobile devices as authentication tokens by approving authentication requests using the Mobile Notification method or use a phishing-proof FIDO hardware key for the highest level of security.

 

What are the key features of Rublon MFA?

 

  • Versatility and compatibility

Rublon can be integrated with most technologies used in organizations, including VPNs, Microsoft technologies, cloud applications, and custom applications written in Java, .NET, and PHP. Rublon is compatible with Active Directory and other LDAP/RADIUS identity providers. With support for SAML, LDAP, and RADIUS protocols and dedicated plugins and connectors, Rublon MFA is a universal solution for identity and access management.

 

  • Innovation and scalability

Rublon MFA is developed in an Agile approach, which enables rapid implementation of improvements resulting from market needs and new technologies. The solution is always up to date with the latest trends and constantly strives for perfection. Rublon's high scalability and flexibility allows for seamless adaptation of the system to dynamically changing business needs and requirements. Regardless of the size of the organization or the complexity of the processes, Rublon is able to provide effective and secure identity management, while guaranteeing cost optimization and minimizing the risk of data breaches and unauthorized access to the organization's resources.

 

  • The highest safety standards

Rublon is a guarantee of the highest security standards. The company is ISO 27001 certified, and Rublon's infrastructure is monitored 24/7 by a certified AWS partner. Rublon's systems and procedures are regularly audited and pentested, ensuring compliance with rigorous security standards.

  • Compliance with safety regulations

Rublon MFA solution complies with the latest cybersecurity standards such as NIS2 Directive, DORA, GDPR, PCI DSS 4.0, FTC Safeguards Rule, HIPAA, NIST guidelines and many others.

 

  • Cost optimization, reliable support and easy implementation

Rublon is a solution that combines cost-effectiveness, reliable technical support, and ease of implementation. The platform is designed with ease of implementation and maintenance in mind, making Rublon an easy-to-implement and easy-to-use solution that minimizes the burden on IT teams.

 

What components make up Rublon MFA?

 

Rublon offers a set of components that work together to provide the highest level of security.

 

  • Rublon Prompt

The view displayed after entering correct login details. Users can select their preferred authentication method and register new authenticators themselves.

 

  • Rublon Authenticator

Mobile app available for Android and iOS. Can be downloaded from Google Play, App Store or AppGallery.

 

  • Rublon Admin Console

A control center for managing an organization's security. Administrators can configure and manage applications, users, user groups, devices, and security policies.

 

Try it for free today!

 

What technologies does Rublon MFA support?

 

Each of the plugins, connectors and applications has been designed to provide a secure and easy-to-use solution for identity and access management. The most important of them are:

 

  • Rublon MFA for Windows Logon: Enables multi-factor authentication when logging in to Windows and connecting remotely via RDP.
  • Rublon MFA for RD Gateway: Allows you to enable MFA authentication for Remote Desktop Gateway.
  • Rublon MFA for RD Web Access: Adds MFA authentication for Remote Desktop Web Access and RD Web Feed.
  • Rublon MFA for RD Web Client: Provides secure login to RD web client using multi-factor authentication.
  • Rublon Authentication Proxy: It enables multi-factor authentication when logging in to services and technologies supporting the RADIUS protocol, for example VPNs, but also to e.g. VMware Horizon View (VDI).
  • Rublon MFA for Office 365: Allows you to enable MFA for Office portal logins and Office desktop app logins.
  • Rublon MFA for OWA: It enables you to secure Outlook Web App (OWA) and Exchange Control Panel (ECP) logins with modern multi-factor authentication.
  • Rublon MFA for AD FS: Enables secure authentication with Active Directory Federation Services (AD FS).
  • Rublon MFA for WordPress: Adds an extra layer of security to your WordPress site by using multi-factor authentication.
  • Rublon MFA for Linux SSH: Provides secure login to Linux systems with multi-factor authentication.
  • Rublon MFA for Veritas NetBackup: Adds a second factor of authentication for Veritas NetBackup logins.
  • Rublon MFA for Jira & Confluence: Adds a second factor of authentication to Jira and Confluence app logins.
  • Rublon SDKs for custom apps: A set of libraries that allow you to add multi-factor authentication to your own applications written in Java, PHP, and .NET.
  • Rublon MFA for Roundcube: Allows you to enable multi-factor authentication for Roundcube.

 

More information about supported technologies can be found here.

HOW IS YOUR IT SYSTEM FEELING? TEST IT REGULARLY – JUST LIKE YOURSELF TO BE HEALTHY (OR YOUR CAR TO KEEP YOUR WARRANTY RIGHT)

 

Why is it worth commissioning an IT system audit? Why should you know if you have it?

 

IT systems are permanently embedded in companies. If they do not work, you cannot work at all, well-implemented they allow for effective work, excellent customer service and competitive advantage. The benefits include customer satisfaction, better employee productivity that was unthinkable 10 years ago, improved profitability and better business decisions thanks to information about the company that managers can access from anywhere in the world. 

These obvious advantages of a modern work environment may, however, cease to be available as a result of failures or attacks by cybercriminals. Identifying and assessing risks, and preventing these risks, is an important part of a manager's job. 

To achieve maximum benefits and minimize threats, reliable information about what the company's IT system really is is essential. This knowledge allows you to make the right decisions now and plan for future development. 

Many managers ask themselves the following questions: 

  • Could a company work more efficiently thanks to IT solutions? 
  • Is what I have being optimally used? 
  • Was the money on IT purchases well spent? 
  • Am I safe? Is the operation of the company at risk? 
  • How much should you spend to remove threats and when should it be done? 
  • What investments need to be made to better utilize resources? Will existing IT systems support the planned growth? 

 

So check what you have, check your IT department or the external company that serves your company. If you contact us, we will jointly define the scope of the audit appropriate to your needs.

 

What are some examples of the positive impact of IT systems on business?? 

 

IT systems (technological solutions and IT infrastructure) have a huge impact on the functioning and development of business. Below are some examples of the benefits that a company can gain from a good implementation of applications working on an efficient IT system. 

1. Process automation 

Example: Implementing an invoice scanning and handling system enables automatic entry of invoice data into the accounting system, eliminating manual rewriting and reducing the number of errors. 

Business benefit: Saving time and staff costs, fewer errors, faster payment approval. 

2. Improving the quality of customer service (CRM) 

Example: The use of a CRM (Customer Relationship Management) system, which collects a full history of customer contacts, allows sales and customer service departments to respond faster and propose personalized offers. 

Business benefit: Increased customer satisfaction, higher cross- and upselling sales, better market relations.

3. Better decisions with data analytics (BI) 

Example: Business Intelligence (BI) tools are used by companies to analyze sales, market trends, and website user behavior. Reports and dashboards allow managers to respond immediately to interest in specific products, fluctuations in demand, or changes in customer behavior. 

Business benefit: Better strategic and operational decisions, better matching of the offer to market needs, maximization of profits. 

4. Collaboration and communication (cloud tools) 

Example: Collaboration platforms (such as Microsoft 365, Google Workspace, and Slack) enable quick access to cloud documents, real-time collaboration, and efficient communication regardless of employees' location. 

Business benefit: Acceleration of information flow, greater flexibility of teams (e.g. remote work), lower office infrastructure costs. 

5. Data security and business continuity 

Example: IT systems with backup, encryption and threat monitoring mechanisms help protect sensitive data (e.g. customer data, sensitive data, financial information) and quickly restore system operation after a failure or hacker attack. 

Business benefit: Avoiding financial losses related to downtime, reducing the risk of penalties for improper data protection, maintaining customer trust. 

6. Supply Chain Optimization (ERP) 

Example: ERP (Enterprise Resource Planning) systems integrate production, warehouse and logistics processes, enabling, among other things, more efficient inventory planning and real-time shipment tracking. 

Business benefit: Reduction of storage and transportation costs, reduction of delays, better utilization of resources (e.g. machines). 

7. Increase your reach with e-commerce 

Example: Launching an online store (e.g. on the Shopify platform or your own system) opens up access to new markets and enables 24-hour sales. 

Business benefit: Higher revenues, the ability to acquire new customers from outside the local market, scaling the business without the need for large investments in physical infrastructure. 

8. Personalization of the offer and marketing (marketing automation) 

Example: A marketing automation system (e.g. HubSpot, Marketo) helps you create automated email campaigns, segment your audience, and track campaign results in real time. 

Business benefit: Higher effectiveness of marketing communications, better conversion rates, automatic sending of personalized offers. 

9. Increasing competitiveness 

Example: A company that builds a market advantage by offering customers modern solutions (e.g. mobile applications for ordering services or fast online payments) can gain customer loyalty more quickly. 

Business benefit: Greater market share, higher brand value, outpacing the competition in innovation. 

Each of the above-mentioned IT solutions can bring measurable financial effects to the company (including cost reduction or increased revenues), as well as significantly strengthen its position on the market through better efficiency and increased security. 

 

How do we collect data during an audit? 

 

To prepare a report, we need knowledge about the company, its processes and resources. We obtain it in 3 ways. 

1. Surveys – during conversations with company representatives we collect the following information: 

  • Management's expectations regarding the role of the IT system in the enterprise. 
  • General information about the IT system and its components. 
  • Compliance with our “Good IT System” standard. 
  • IT security solutions. 

2. Resource inventory – using appropriate tools and upon loan of internal company documents, we will examine: 

  • Procedures related to information processed in IT systems. 
  • Installed software and compliance of the actual state with the licenses held. 
  • Network equipment and its configuration. 
  • Central resources (servers, storage, backups). 
  • Processed data and access rights thereto. 
  • User computers and peripherals. 

3. Testing the resistance of IT systems to cyber threats – using specialized tools, we will perform: 

  • Detection of devices in the IT system (including unwanted ones). 
  • Vulnerability scanning. 
  • Phishing tests (on request). 

 

What is included in the report? 

 

1. General overview of the system status (Executive Summary) 

  • A short, understandable for non-technical readers synthesis of the most important information: whether the system is stable, what are the main challenges, key achievements and risks. 
  • The most important conclusions and recommendations for action. 

2. Current IT infrastructure 

  • Description of the main infrastructure elements (servers, network, end devices, cloud systems, key business applications). 
  • Information about any changes in the infrastructure since the last report (new implementations, hardware replacements, updates) – if the previous report is available. 
  • Outline of the systems architecture from a business perspective (which systems are critical, which support individual business processes). 

3. Availability and performance 

  • Availability (uptime) indicators of key systems and services over a given period (e.g. during the last quarter). 
  • Response time, application speed and possible exceedances of SLA (Service Level Agreement) standards. 
  • Information about outages (planned vs. unplanned downtime) – how many outages there were and how they were resolved. 

4. Security and compliance 

  • Major security events such as detected incidents, attempted attacks, or data breaches – with a description of how they were resolved. 
  • Status of updates for operating systems, software, and security patches. 
  • Information about security tests (e.g. penetration tests) and planned corrective actions. 
  • Compliance with legal and regulatory requirements (e.g. GDPR, industry security standards). 

5. Costs and budget 

  • Summary of IT costs incurred in the analyzed period (hardware, licenses, services, support costs). 
  • Budget utilization in relation to plan (planned vs. actual expenditure). 
  • Forecasted costs for the coming periods and proposed investments. 

6. Incidents and Reports (Help Desk / Service Desk) 

If the following data is shared, we will also describe: 

  • Number of tickets handled and response/resolution time. 
  • Recurring problems – whether modernization, additional training, hardware or software replacement is required. 
  • User satisfaction level (if the company conducts internal opinion research). 

7. Development projects and activities 

  • Status of ongoing IT projects (e.g. implementation of a new ERP or CRM system, migration to the cloud, automation). 
  • Information about planned completion dates and resources (human, financial, equipment) necessary to complete the projects. 
  • Preliminary assessment of business benefits from ongoing or recently completed projects (e.g. process improvements, cost reduction, work acceleration). 

8. Risks and recommendations 

  • Identified risks (e.g. aging infrastructure, lack of sufficient security, connection congestion, dependence on a single vendor). 
  • Estimated scale and likelihood of impact on business operations. 
  • Recommendations for risk minimization (e.g. backups in another location, additional security testing, modernization of specific elements). 
  • IT system development path (e.g. hybrid cloud implementation, new cybersecurity tools). 

9. Strategic Summary 

How the current state of the IT system supports or limits business goals. 

What are the next steps to increase efficiency and safety? 

Overall development forecast and the role of the IT department in implementing the company's plans. 

10. Attachments and detailed data (optional).

 

Dictionary important for managers IT related concepts 

 

This dictionary presents key concepts from the area of management and security in companies, including IT (Information Technology) and OT (Operational Technology) solutions. It includes definitions of systems supporting business activities (e.g. ERP, CRM, BI), mechanisms ensuring continuity of work (e.g. BIA, BCP, RPO, RTO) and threats (e.g. ransomware, hacker attack). The entries included here show how IT and OT technologies intertwine, improving not only the flow of information, but also the control of physical processes in the company. Thanks to this, you can protect resources more effectively, increase productivity and react faster to market changes. 

Process automation (process automation) is the use of technology and software to streamline repetitive tasks and procedures in a company. Thanks to this, the company can operate faster, cheaper and with less risk of human error. At the same time, employees gain more time for tasks that require creativity and decision-making. 

E-commerce (e-commerce) is a way of buying and selling products or services on the Internet. It allows customers to make purchases from anywhere and at any time, and allows companies to reach a larger audience. This allows for increasing sales reach, speeding up transactions and improving convenience for both sellers and buyers. 

Marketing Automation (andautomation of processes in marketing) is the use of tools and software that independently perform repetitive tasks, such as sending mailings, publishing content or customer segmentation. This makes it easier to reach recipients with the right message at the right time, which increases the effectiveness of the campaign. Marketing employees gain time to plan strategies and create more creative activities. 

EOD (Electronic Document Circulation) is a system that allows you to process company documents in digital form instead of paper. This allows for faster distribution of information, better version control and automation of acceptance processes. Such a system not only makes it easier to search for archived documents, but also supports cost savings and an ecological work model. 

UC&C (Unified Communications & Collaboration) that is, sGroupware systems are tools that facilitate collaboration between team members regardless of where they are located. They enable document sharing, real-time communication, and task coordination in one place. As a result, the company operates more efficiently, and decisions can be made faster and more effectively. An example of a collaboration environment is Microsoft 365, i.e. email, document libraries, and Teams. 

ERP (Enterprise Resource Planning) is an integrated software that helps manage key areas of the company, such as finance, sales, warehouse or human resources. Thanks to it, all data and processes are in one place, which facilitates cost control and better resource planning. As a result, the company can make faster decisions and respond more efficiently to market changes. Examples of ERP systems include Comarch XL, Comarch Optima, Microsoft Dynamics, Exact 

CRM (Customer Relationship Management) is a system that helps a company manage customer relationships in terms of marketing, sales, customer service and board of directors. It makes it easy to track contact history, save purchase information and preferences, so the company can better understand customer needs. As a result, you can more effectively tailor offers and provide higher quality service. Examples of CRM systems include ZOHO, Salesforce, Dymamics 365. 

BI (Business Intelligence) is a way to transform company data from various systems into useful information that helps in making business decisions. By using analytical tools and clear visualizations, managers can quickly spot trends or emerging problems. This allows them to act based on hard data, instead of just relying on intuition. 

Ransomware is malware that locks or encrypts company data and then demands a ransom to restore access. Criminals often infect systems through infected email attachments or malicious links. As a result, a company can become inoperable if it does not have an effective security plan and backups. More information on this topic in the article RANSOMWARE – HOW TO BEHAVE WHEN WE ARE ATTACKED AND HOW TO PROTECT OURSELVES TO MAINTAIN THE CONTINUITY OF BUSINESS PROCESSES on our blog.

Hacker attack is an unauthorized action that aims to breach the security of a system or network in order to steal data, disrupt operations, or perform other harmful activities. Hackers often exploit software vulnerabilities, lack of employee awareness, or social engineering methods. This can lead to the loss of confidential information, financial losses, and damage to the company's image. 

BIA (Business Impact Analysis) is the process of identifying and assessing which areas of a company are most vulnerable to the effects of downtime or failure. This allows you to set priorities in protecting key assets and business processes to minimize financial and reputational losses. In this way, the company gains the knowledge necessary to prepare effective contingency plans and maintain business continuity. 

BCP (Business Continuity Plan) is a plan that describes how a company should proceed in a crisis situation so as not to interrupt key activities. It contains procedures and resources needed to restore the most important processes in the shortest possible time, e.g. after a system failure or other unexpected event. Thanks to it, the company minimizes losses and returns to normal functioning faster. 

RPO (Recovery Point Objective) is the maximum amount of time back that a company can afford to lose data in the event of a failure or other event. Determining the RPO helps determine the appropriate frequency of backups and how to restore them. This allows the company to know to what point in the past it must go back with data to return to normal operations as quickly as possible. 

RTO (Recovery Time Objective) is the maximum time a company can afford to have key systems or processes down after a failure. Determining RTO helps determine how quickly a company should restore operations to avoid significant losses or downtime. This allows you to plan appropriate actions, resources, and emergency procedures that will ensure rapid recovery of business continuity. You can say that this is the time needed to restore a company's systems to the RPO point. 

IT (Information Technology) is a field that covers the use of computers, software, and networks to process and transmit information. It includes both hardware and systems, as well as services that enable the automation of business processes, communication, and data storage. Thanks to IT, companies can operate more efficiently, develop faster, and better respond to customer needs. 

OT (Operational Technology) are technologies and systems used to monitor and control processes in industry and other areas where the continuity of operation of machines and infrastructure is key. Unlike IT systems, they focus mainly on the physical world, supervising production, energy or transport. Thanks to OT, companies can work safely and efficiently, minimizing the risk of equipment failure. 

 

If you are interested in our services, please contact us by phone:

or using the form -> Contact | Upgreat

RANSOMWARE – HOW TO BEHAVE WHEN WE ARE ATTACKED AND HOW TO PROTECT OURSELVES TO MAINTAIN THE CONTINUITY OF BUSINESS PROCESSES

 

What is a ransomware attack?

 

At first it seemed to be something with the network. But then it turned out that it was not only with the network, but with everything. And not just on one computer, but on all nothing works! 

More or less like that they look symptoms of a ransomware attack. Later, a ransom demand will likely appear. These can be large amounts in hacker-safe cryptocurrencies. 

A probable attack scenario is as follows: 

  1. Infection,
  2. Reconnaissance and data theft,
  3. Encryption and ransom demand.

 

A ransomware attack is a shock to people and organizations. Panic sets in and we slowly realize what happened and what the consequences are. The question also arises, what to do next?! 

The first and most severe effect of the attack is that the company cannot operate. It is impossible to do anything (in most cases, literally nothing these days) similar to the lack of electricity in the office or on the production floor, with the difference that the power returns at some point, but the data unfortunately does not reappear, and the software does not start working as before. 

The attack also has a negative impact on employee morale and motivation, and on reputation with collaborators. In this case, managers must show that they have a plan to resolve the crisis, and that contacts with the company do not pose a threat to the business environment. 

Another consequence of a ransomware attack is the likelihood of data leakage. This is a significant threat to the company, its employees and partners. If the attacker believes that there will be buyers for the stolen information (this may be personal data, salary tables, PESEL numbers, passwords, data constituting trade secrets, company secrets and many others). 

The above description is just one scenario. An attack could also involve shutting down production processes in a steel mill, preventing rail communication from functioning, stopping the functioning of an e-commerce platform or preventing treatment in a large hospital. The goal of a ransomware attack is, as the name suggests, to obtain a ransom to restore access to data or restart processes in a company or organization. So the greater the financial or social costs, the larger the ransom attackers can demand.

 

Who can fall victim to ransomware attacks?

 

Everyone, including you, but the more severe the downtime, the greater the likelihood of an attack. Most often, however, cYbercriminals do not choose victims because they want to hit as many users as possible in order to make the most money. 

There have been reports of ransomware operating in accounting firms, law firms, consulting firms, the automotive, food and pharmaceutical industries, healthcare, logistics, transport, energy, mining, banking, and power engineering. As you can see, the range of interests of cybercriminals is wide. It should also be added that it is impossible to protect yourself from an attack and its effects in 100%. However, actions should be taken to minimize the probability of the attack's success and ensure the possibility of quickly restoring the systems' operation if the attack is successful.

According to article on the Government Security Center website, even large companies fall victim:

  • Garmin – WastedLocker malware, $10 million ransom payment confirmed,
  • Banco Estado Chile – Sodinokibi malware,
  • Canon USA – Maze malware,
  • Orange SA – Nefilim malware,
  • The Volksvagen Group – Conti malware.

 

What methods do attackers use?

 

There are many attack methods and they are constantly being improved. Among them are: 

  • Infected attachments and files – email attachments, files on USB drives or download links, 
  • Attacks on IT/OT infrastructure – exploitation bow in production line operating systems or SCADA controllers, 
  • Impersonating legitimate updates – ransomware pretends to be legitimate software or driver updates, 
  • Phishing and social engineering – malicious emails containing attachments or links leading to malicious websites, 
  • Exploitation of software vulnerabilities – exploiting known or previously undiscovered vulnerabilities of operating systems or applications, 
  • Attacks by service providers – use of cooperator or cooperating company software, 
  • Administrative credentials are captured – for example, via weak system administrator passwords or remote access sessions left logged in. 
  • Attacks on remote protocols (RDP) - exploitation of unsecured properly remote desktops, 
  • Attacks on network devices and servers, 
  • Ransomware injection via malicious ads (malvertising) 

As you can see, there are many methods of attacks and threats and there is much to watch out for. That is why it is worth using the competences of experienced external companies or using the knowledge of your own IT departments. 

 

How to behave after a ransomware attack and should you pay the ransom?

 

Unfortunately, there is no guarantee that the files will be decrypted after paying the ransom. This may be due to bugs in the decryption software or the attackers' lack of intention to allow decryption of the data. Additionally, forpaying the ransom reinforces the idea that their business is profitable or that they have achieved their goals. It can also be said that by paying the ransom, we are financing further activities of cybercriminals who improve their tools, which means more infections. 

But there is also good news, because sometimes it happens that some data can be recovered using publicly available decryption keys. There is also a chance that due to the specifics of some types of ransomware, some data can be recovered even without access to the decryption key. 

No matter what you need to act very quickly to prevent further hacker access to IT systems and, if possible, stop the data encryption process. The recommended actions are listed below: 

  • Isolation of infected systems: The first step should be to isolate infected systems from the network to prevent further spread of ransomware. 
  • Identify and remove threats: Using ransomware scanning and removal tools such as Malwarebytes to remove the active threat from your system. 
  • Attempting to decrypt files: Check available decryption tools on sites like No More Ransom to see if it is possible to recover your encrypted data. 
  • Restoring the system from a backup: If decryption is not possible, it is best to restore the system from a previous backup, if one is available. 
  • System analysis and security: Using analytical tools to understand how an attack occurred and implementing additional security measures to prevent future incidents. 

In a company or organization, there should be a ready plan of what to do and how to behave when business continuity is threatened or impossible. Such a plan is called a Business Continuity Plan (BCP) and its content and scope results from the analysis of what is most painful for business processes and what specific risks affect these processes. An example of an analysis of the impact on the business (BIA) is oprice of the impact of the unavailability of the financial system on the company's ability to make payments. In turn, risk analysis (Risk Assessment – RA) is aboutthe risk of a critical payment server failing due to a ransomware attack. 

In short, we should know in advance what we are most afraid of, when this threat may occur and how to prevent it. 

 

What formal actions should be taken?

 

The attack also imposes certain formal obligations on managers. These will be: 

  • Reporting the incident to the President of the Personal Data Protection Office (UODO) – this must be done within 72 hours of detecting the incident. 
  • Notification of those whose data has been leaked (employees and others). 
  • Reporting an incident to the NASK Computer Security Incident Response Team (CSIRT). 
  • Reporting a crime to the prosecutor's office or the police. 
  • There may also be an obligation andInforming shareholders or business partners (larger entities and listed companies). 
  • Even while removing the effects of an attack, it is worth creating rincident report (for internal purposes and for future audits) and create guidelines forupdating risk management procedures and security policies. 

 

In Poland, formal obligations in the event of a ransomware attack include reporting to UODO, CSIRT NASK and law enforcement agencies if it concerns personal data, critical systems or other resources subject to legal regulations. Quick action and documentation of the incident are essential to meet legal requirements and minimize the risk of sanctions (high financial penalties). 

 

How to prevent ransomware attacks?

 

There are a number of ways to significantly reduce the vulnerability of IT systems to ransomware. 

Among them are the following: 

  • Backups – preferably multiple copies on different media, 
  • Regular scanning and removal of vulnerabilities to cyberattacks – software updates and necessary reconfigurations, 
  • Network segmentation – limiting the possibility of ransomware spreading across the corporate network, 
  • Installing proven antivirus software with an option to prevent ransomware attacks (endpoint security), 
  • Periodic employee training to provide knowledge about current threats and ways to avoid them, 
  • Installing proven firewalls at the edge of the network that block cybercriminals from accessing IT systems from the outside, 
  • Securing remote access, for example by enabling multi-factor authentication (as in electronic banking systems), 
  • Monitoring and detecting threats – there are systems that allow for detecting attacks at an early stage, 
  • Proper policy for granting permissions to files and systems – granting users only those permissions that are necessary to perform their tasks, 
  • Incident response planning and testing. 

It is worth mentioning here that additional security for a company or organization can be provided by:protection against cyber and GDPR risks offered by some insurance companies. 

 

Summary

 

As described above, hacker attacks happen even in companies that pay attention to IT security issues, and there is no way to protect yourself from them in 100%. Protection against cyber threats is a continuous process, just as the methods of attackers are constantly being improved. However, we can reduce the chances of an attack succeeding and minimize its effects.

It is best not to be a victim, but even if it happens, remember that not everything is lost, and depending on whether and how many usable copies of data we have, we can restore the functioning of our systems. We also have a chance to decrypt some or all of the collected data.

We hope that our post will help you choose ways to protect yourself from ransomware attacks, and in the event of a threat, it will suggest what actions to take. In either case, please contact us.

By phone:

 

or using the form -> Contact | Upgreat

 

We will help.

WHAT IS ITAM AND WHAT IS IT USED FOR?

 

What is ITAM (IT Asset Management)?

 

ITAM is management process the life cycle of IT resources – from purchase, through implementation and use, to disposal. This process includes monitoring:

  • Computer hardware (servers, laptops, network devices, printers),
  • Software (licenses and subscriptions, updates, compliance with laws and regulations e.g. NIS-2, DORA).
  • And also cloud infrastructure (virtual resources, cloud services).

 

Why is ITAM important?

 

  • Cost optimization: Tracking all IT assets allows you to identify unused or unnecessary resources, which allows you to optimize operating costs.
  • Compliance with the provisions of license and subscription agreements, as well as with laws and regulations (NIS-2, DORA): ITAM helps monitor compliance with license agreements and legal regulations, minimizing the risk of financial and reputational penalties.
  • Data security: IT asset management allows you to detect and respond to potential security threats faster, protecting sensitive corporate data.
  • Operational efficiency: Effective management of IT resources streamlines internal processes, which translates into better productivity and customer and employee satisfaction.
 

What are the key elements of effective ITAM?

 
  • Asset inventory: Create an accurate record of all IT assets, including hardware, software and licenses.
  • Asset Lifecycle Management: Monitoring assets from acquisition, through use, to decommissioning.
  • Process automation: Using tools to automate asset management tasks, which increases efficiency and reduces the risk of errors.
  • Data analysis: Regularly analyze asset data to make informed business decisions.

 

How to implement ITAM in an organization?

 

  • Defining goals: Define what you want to achieve with ITAM, e.g. reducing costs or increasing security.
  • Choosing the right tools: Invest in asset management software that meets the needs of your business.
  • Team training: Ensure employees are properly trained and understand the importance of ITAM.
  • Continuous improvement: Regularly monitor and update ITAM processes to adapt to changing business needs.

 

Summary

 

ITAM implementation is a strategic step towards increasing the efficiency and competitiveness of an organization. Through effective management of IT assets, companies and organizations can not only reduce costs, but also minimize risk and improve the quality of services provided.

Are you ready to implement ITAM?

If you would like to learn more, please contact us:

Cisco Umbrella – protection against phishing, malware and ransomware

Cisco Umbrella – secure your network!

 

Cisco Umbrella DNS Security protects users against Internet threats such as malware, phishing, viruses and other unidentified threats known as "Zero day" threats. It protects all users, both those working in the local network and those connected remotely via VPN. Cisco Umbrella is another element of corporate network security, apart from the one we described earlier Cisco DUO.

Cisco Umbrella DNS Security is a solution available from the cloud and does not require any resources on the client's side. It works by preventing threats by blocking access to Internet resources with a low and suspicious reputation. It is based on several dozen URL categories that can be blocked or made available to users or their groups using configurable policies.

Cisco Umbrella DNS Security works by redirecting DNS queries to Cisco cloud servers, which check the reputation of websites visited by users. The whole thing is based on resources created by one of the leading cybersecurity teams - Cisco Talos Intelligence Group. Thanks to this approach, Cisco Umbrella protects against known and identified threats, but also against unknown threats by blocking access to malicious domains, URLs and files.

Cisco Umbrella DNS Security perfectly fits the needs of small and medium-sized enterprises, which have recently been frequent targets of attacks due to the lack of advanced security systems. SMEs have less specialized IT teams and limited budgets, which results in the increased use of simpler Internet gateways that do not protect against most new threats coming from the Internet. Cisco Umbrella protection is additionally extended to remote and mobile users, which can be a good complement to the security system also in larger organizations.

Cisco Umbrella DNS Security is a system configured and managed via a web browser. The management system allows for quick implementation of the basic scope of protection. The solution can be extended by integration with directory services, recognizing users and groups, assigning various policies to them, identifying workstations and their configurations, as well as collecting data and analyzing user traffic and existing threats. The whole thing is monitored using ready-made panels and tools available to the administrator.

Cisco Umbrella DNS Security can work with MDM systems managing mobile devices, ensuring their protection by redirecting DNS queries, with the Cisco DUO system providing two-factor authentication. Cisco Umbrella is an integral part of the Cisco Secure Client (AnyConnect) suite necessary for VPN connections.

 

What does Cisco Umbrella DNS Security do for you?

  • redirects and analyzes the correctness of DNS queries based on the Cisco Talos database,
  • protects users working on and off the network,
  • works against threats that the local antivirus system does not protect against, such as phishing, malware or unidentified threats,
  • available from the cloud with tools and panels for administration and management,
  • licensed per user with a subscription for one year or more,
  • attractive price - monthly subscription for one user - USD 4.5 (Cisco Umbrella DNS Security Essentials).

 

More information on the dedicated page Cisco Umbrella. Please also contact us:

Penetration testing workshops at the client's premises

Do penetration testing independently !

 

Penetration testing competencies for your IT team? Periodically checking the security of your IT infrastructure on your own?

We offer you 3-day, intensive practical classes in the field of IT security, which we can also organize at your company.
The program includes practical implementation of the following topics:

  • Module 1 – Preparation of the test environment (45 min.),
  • Module 2 – Information reconnaissance (90 min.),
  • Module 3 – Scanning and enumeration of systems (90 min.),
  • Module 4 – Vulnerability search and analysis (120 min.),
  • Module 5 – Using vulnerabilities to break security (120 min.),
  • Module 7 – Social engineering and backdoors (120 min.),
  • Module 8 – Penetration testing of web applications (120 min.).

 

Additional benefits?

  • Workshops can be held at the client's premises, so they do not require delegating employees or leaving the IT environment unattended. The workshop formula allows for flexible time management and, if necessary, handling of sudden failures or incidents requiring the participation of IT staff.
  • There are no rigid and predefined deadlines, we will adapt to the client's needs.
  • All tools presented at the workshops will be made available to participants along with training materials. In our workshops, we do not use tools that require any additional costs or licenses.
  • Each participant will receive a WLAN card used for penetration testing.
    Each participant will receive training materials and databases for testing password strength on a pendrive.

 

More details in the workshop agenda -> Penetration testing – workshops for clients

 

Contact persons:

Cisco DUO – universal multi-factor authentication

Cisco DUO – security in subscription

 

Multi-factor authentication, also known as MFA (Multi Factor Authentication), is currently an essential element of securing access at the edge of the network, and in environments requiring an increased level of security, also internal access to networks and applications. As part of multi-factor authentication, in addition to standard data such as user and password, an additional factor generated by the system is introduced. Only by providing three correct elements, the user can be authenticated and granted access to network resources.

Upgreat Systemy Komputerowe Sp. z o. o. is an experienced Premier Partner of Cisco Systems. We will implement two-factor authentication with Cisco DUO and secure your network.


Below are the most important features of the Cisco DUO system:

  • Cisco DUO is a cloud solution, and its implementation does not require additional resources in the customer's infrastructure. It's quick and relatively easy.
  • Cisco DUO offers the following additional authentication factor options: confirmation from a mobile application, a short SMS text message, a phone call, and a hardware token.
  • Cisco DUO provides an API compliant with the SAML 2.0 standard, allowing for easy integration with any application. This allows you to authenticate access to many applications, such as: Office 365, Salesforce, Dropbox, Zoom and others.
  • Built-in integration with directory services: Active Directory and Azure AD.
  • Integration with a wide range of remote access termination solutions. Among others: Cisco FirePower, Fortinet, Sonicwall, Paloalto.
  • The list of ready-made integration platforms can be found at https://duo.com/docs
  • In Premier and Advantage versions, monitoring the security status of customer devices, operating systems and applications and verifying their compliance with policies.
  • The infrastructure for European entities is located in the AWS environment in Europe.
  • The list price is 3$ per user per month for Cisco DUO Essentials, 6$ for Advantage, and 9$ for Premier.
  • Subscription licensing.

 

Contact persons:

LunaNet – network services on the Moon

Despite skeptical voices about space exploration -> https://www.scientificamerican.com/article/why-well-never-live-in-space/ The Artemis program is a fact.

 

The official goals of the Artemis program are:

  • Astronaut landing on the moon,
  • Construction of a permanent lunar base, which will act as a starting point for future space missions, including those aimed at Mars,
  • Conducting scientific research and astronomical observations in conditions of reduced gravity and in the absence of an atmosphere,
  • Although you will not find such information on NASA's website, you cannot forget about military, geostrategic and raw material issues.

IN interview for Politico NASA chief Bill Nelson said: "It's a fact: we are in a space race." And about the Chinese: “And it is true that it is better to be careful that they do not reach an [important] place on the Moon under the guise of scientific research. And it is not impossible that they will say: "Stay away, we are here, this is our territory."

It is also true that a large-scale conflict on Earth will begin with the destruction of satellites in low Earth orbits (LEO) in order to limit the enemy's military capabilities, and whoever controls the Moon will have an easier time controlling the space around the Earth. The US Department of Defense declares: "Operating in space is an integral part of the way the U.S. military fights."

An important part of plans to implement geostrategic goals and the Artemis program itself is network communication, i.e. "LunaNet: A Flexible and Extensible Lunar Exploration Communication and Navigation Infrastructure". Since, as one might assume, LunaNet is also intended to have military applications, it means that a network on the Moon will be created.

 

LUNANET

 

The requirements for communication within the LunaNet network are as follows:

  • Interoperability thanks to the use of standard communication solutions,
  • Support for multiple government and private users and vendors,
  • Service delivery orientation,
  • Scalability,
  • Openness thanks to the use of widely recognized technologies,
  • Resistance to damage,
  • Security and resistance to cyber threats,
  • Possibility of using LuneNet technology on other celestial bodies.

 

LunaNet will provide communication between objects on the Moon itself and communication with Earth. The network infrastructure will be built based on nodal points that will be placed on the surface of the Moon, in lunar orbits and on or around the Earth.

  • The network layer topology will consist of store-and-forward nodes, which is to guarantee resistance to delays and interruptions in transmission.
  • Data will be exchanged in a multi-hop infrastructure.
  • Access to the network will be through connections to relays on the lunar surface, to relays in lunar orbits, or directly to relays on Earth.
  • The network bandwidth is to ensure the possibility of multiple simultaneous video and voice streams in HD quality.

 

SERVICES OFFERED BY THE LUNANET NETWORK

 

LunaNet will provide 3 basic types of services:

  • Network Services (Net) – data transfer services enabling data transfer between nodes over a single link or an end-to-end path spanning multiple nodes.
  • Positioning, Navigation and Timing (PNT) Services – position and speed determination, synchronization and time determination services. PNT also provides location services in the field of search and rescue.
  • Services for Scientific Applications (Sci) – services providing situational alerts and scientific measurements, and working for the safety and protection of people and property. Data from scientific instruments will enable further research and technology development on the Moon.

Network Services (Net)

 

Data transmission services will be able to be provided at various levels:

  • At the lowest layer, communication will take place using network services based on the DTN Bundle Protocol (Delay Tolerant Networking),
  • Communication in some parts of the LunaNet network may be routed via IP packets, provided that the IP protocol does not guarantee end-to-end delivery of data to all nodes in the larger network,
  • Some intermediate nodes may switch or forward data on the link or at a lower layer to ensure speed or interoperability.
 
Interoperability between directly adjacent nodes and with the standard network layer will enable the construction of the LunaNet architecture within many types of infrastructure elements, regardless of the frequency band, spacecraft type or service provider.
The entire LunaNet network will meet security requirements such as confidentiality, integrity and availability.
Currently, the basic requirement for Earth/Moon communication is 110Mbps. In 2035, it will be 950Mbps, thanks to complementing radio communication with optical communication from 2029.
 

Positioning and Navigation Services (PNT)

 
Service features:
  •  Navigation on the lunar surface,
  •  Location tracking, including search and rescue (SAR) operations
  • Time synchronization,
  • relative navigation,
  • Autonomy,
  • Time keeping and dissemination (GPS time tracking possible).

 

Services for scientific applications (Sci)

 

Service features:

  • The distributed infrastructure will enable the construction of an efficient network and transmission of scientific data from many sources, such as sensors and scientific instruments ("geodesy", radio astronomy),
  • Measurements of the Sun's behavior will enable early response to events that may threaten human safety. It is necessary to use soft X-ray and solar energy particle (SEP) monitoring in a heterogeneous configuration:
    • X-rays arrive from the Sun within 8 minutes of the event starting,
    • The arrival of solar energy particles (SEPs) occurs 200 minutes after the event begins.

SUMMARY

 

  • Implementation of the Artemis program and mission requires the use of high-quality communication infrastructure, which should be reliable, flexible and scalable. The LunaNet architecture is open and is being developed not only by NASA, but also other government agencies, international organizations, commercial partners and universities.
  • Users, both humans and robots (!), will be able to use network functionality similar to that available on Earth.
  • The DTN architecture allows infrastructure to be built in stages that do not require continuous end-to-end connectivity for all users. Moreover, the DTN-based network architecture will be fully suitable for use on Mars and other places where the speed of light delays to Earth is much faster than between the Moon and Earth.
  • Position, Navigation and Timing (PNT) services and scientific applications, space weather observation (SpWx), are critical to users of space and the lunar surface, as well as astronaut safety.
  • This architecture directly supports the Artemis program, which aims to ensure a presence on the Moon by 2028.
  • LunaNet's network architecture enables commercial, interagency (U.S. government) and international partnerships and capabilities seen on the terrestrial Internet.
  • Work on LunaNet is well advanced, both at the conceptual level and in detailed technical solutions.
  • There is close cooperation on the development of LunaNet standards between NASA and ESA (European Space Agency).

SOURCES

 

The study was prepared based on NASA materials:

Emphasis on security - AirTight Networks

As we wrote on our blog (Chasing EPS. Is it profitable to be innovative?) wireless networks and mobile devices are very interesting solutions for enterprises and individual customers. It is estimated that by 2019, sales of wireless devices will increase by 40% compared to now.

What are the challenges of the universality of wireless solutions? In addition to the performance and stability of operation, this is for sure security. For this reason, our company has included AirTight Networks technologies and products in its offer. The question arises, of course, what distinguishes AirTight Networks from other manufacturers. There are two reasons for our choice: these are products designed with the highest level of security in mind and the uniqueness of AirTight, consisting in the possibility of cooperation with already existing networks of other manufacturers.

 The basic features of AirTight Networks solutions are:

  • security - unique patented WIPS protocol ensuring, among others, protection against Client Mis-association attacks, Ad hoc Networks, Rogue AP (WIPS will recognize the difference between "Rogue" AP and external, e.g. neighbor), Mis-configured AP, MAC-Spoofing, unauthorized access, Honeypot / Evil Twin Attack, Denial of Service (DoS) Attack, Man in the Middle Attack.
  • monitoring of wireless networks - additional protection of existing wireless networks thanks to WIPS functionalities (1 AP AirTight for 4 existing ones).
  • openness - the possibility of network cooperation with AirTight on-premise controllers (hardware and virtual) as well as with controllers of other companies such as Cisco, Aruba, Motorola.
  • work in the cloud - the possibility of using a wireless network controller available in the cloud - functionality especially useful for distributed retail networks (shops, restaurants, pharmacies and others).
  • work in various external conditions - AirTight offers inside and Outside access points at very attractive prices.
  • data analysis - AirTight management software provides the ability to analyze incidents related to security and customer traffic. Integration with social media allows for flexible customer service by analyzing their preferences and habits (Social Engagement).
  • compliance with standards - in addition to compliance with the required regulations wireless networks AirTight Networks systems enable periodic audits and reports of compliance with electronic payment regulations PCI DSS 3.1 (Payment Card Industry Data Security Standard).

UpGreat Systemy Komputerowe Sp. z o. o. has the status of an Authorized Partner of AirTight Networks in Poland and provides exclusive customer service in western Poland (Wielkopolskie, Zachodniopomorskie, Lubuskie, Pomorskie, Opolskie and Dolnośląskie provinces).

To learn more about the AirTight product portfolio, please see leaflet. Please also contact us to organize a presentation of solutions, demonstration implementation along with a demonstration of functionalities related to data security and analysis, and possibly to organize site-survey. We also invite you to visit the company's website AirTight Networks.

AirTight Networks is an American company headquartered in Mountain View, California, specializing exclusively in the production and implementation of solutions for building secure wireless networks. Thanks to the use of the proprietary WIPS protocol, networks based on this solution are characterized by the highest level of security available on the market, as evidenced by implementations in the military and banking sectors. Secure wireless networks based on the Airtight Networks architecture are used in the world by over a thousand large companies from every sector of the economy.

KRI audits

Security audits have been included in our offer for a long time. The service is addressed to both private enterprises and public institutions. In every organization, an increasingly extensive sphere of internal activities and those related to contacts with clients takes place with the use of IT systems.

For public institutions, many services are available to provide services to citizens through electronic media. Applications, certificates, extracts from registers, tax declarations can be submitted via internet applications without visiting offices. These possibilities are a great help, but at the same time they endanger the systems available on the Internet and the data stored in them.

We would like to draw your attention to the audits of compliance with the National Interoperability Framework (KRI) performed by our company, i.e. information security management audits in public entities.

KPRM

In May 2012, the Regulation of the Council of Ministers of April 12, 2012 on the National Interoperability Framework entered into force, concerning the minimum requirements for public registers and the exchange of information in electronic form, as well as minimum requirements for ICT systems.

The Regulation in question is an implementing act to The Act of February 17, 2005 on computerization of the activities of entities performing public tasks.

It imposes requirements on public administration units as to the annual IT infrastructure security audit. It concerns in particular:

Art. 2. 1. Subject to sec. 2-4, the provisions of the Act shall apply to those performing public tasks specified by the Acts: 1) government administration bodies, state control and law protection bodies, courts, organizational units of the prosecutor's office, as well as local government units and their bodies, 2) budgetary and local government units budgetary establishments, 3) earmarked funds, 4) independent public health care establishments and companies performing medical activities within the meaning of the provisions on medical activity, 5) the Social Insurance Institution, the Agricultural Social Insurance Fund, 6) the National Health Fund, 7) state or local government persons legal entities created on the basis of separate acts in order to perform public tasks - hereinafter referred to as "public entities". 2. The provision of Art. 13 sec. 2 point 1 shall also apply to the entity to which the public entity has entrusted or commissioned the performance of a public task, if due to the © Kancelaria Sejmu s. 3/28 2015-05-12 implementation of this task there is an obligation to provide information to or from non-administrative entities governmental.

Source: Journal of Laws 2005 No.64 item. 565 ACT of February 17, 2005 on computerization of activities of entities performing public tasks.

We will now focus on the provision concerning the minimum requirements for ICT systems. It includes 13 checkpoints:

  1. Provision of updating internal regulations with regard to the changing environment;
  2. Keeping the inventory of hardware and software used for information processing up-to-date, including their type and configuration;
  3. Conducting periodic analyzes of the risk of losing the integrity, availability or confidentiality of information and taking actions to minimize this risk, according to the results of the analysis;
  4. Taking actions to ensure that people involved in the information processing process have appropriate rights and participate in this process to an extent adequate to their tasks and obligations aimed at ensuring information security;
  5. Immediate change of powers in the event of a change in the tasks of the persons referred to in point 4;
  6. Providing training for people involved in the information processing process, with particular emphasis on such issues as:
    a) information security threats,
    b) consequences of breach of information security rules, including legal liability,
    c) application of measures ensuring information security, including devices and software minimizing the risk of human error;
  7. Ensuring protection of processed information against theft, unauthorized access, damage or
    disturbances, by:
    a) monitoring access to information,
    b) activities aimed at detecting unauthorized activities related to information processing,
    c) providing measures to prevent unauthorized access at the level of operating systems, network services and applications;
  8. Establishing basic rules to guarantee safe work in mobile computing and working remotely;
  9. Securing information in a way that prevents its disclosure, modification, deletion or by an unauthorized person
    destruction;
  10. Including in service contracts signed with third parties provisions that guarantee the appropriate level
    information security;
  11. Establishing information handling rules ensuring minimization of the risk of information theft
    and information processing means, including mobile devices;
  12. Ensuring an appropriate level of security in ICT systems, consisting in particular in:
    a) care for software updates,
    b) minimizing the risk of information loss as a result of a failure,
    c) protection against errors, loss, unauthorized modification,
    d) using cryptographic mechanisms in a manner adequate to the threats or requirements of a legal provision,
    e) ensuring the security of system files,
    f) reduction of risks resulting from the use of published technical vulnerabilities of ICT systems,
    g) immediately taking actions after noticing undisclosed vulnerabilities of ICT systems to
    the possibility of a security breach,
    h) control of compliance of ICT systems with the relevant ones
    security standards and policies;
  13. Immediate reporting of information security breach incidents in a predetermined and predetermined manner, enabling quick corrective action.

Meeting the above requirements does not guarantee full safety. Remember that security is not a state, it is a process. The level of threats is constantly growing and we are not able to fully take care of every detail of our infrastructure or the carelessness of our employees. The solution is periodic security audits, preferably external, carried out by high-class specialists who are certified by industry organizations in the field of security.

Our company is a member of ISSA Polska - Association for the Security of Information Systems. Our specialists have conducted several dozen security audits also in local government units. We have a certificate Certified Ethical Hacker (CEH) awarded by the International Council of Electronic Commerce Consultants (EC-Council).