Zero-Trust

The password problem

Rachid Groeneveld
Placeholder for Rachid GroeneveldRachid Groeneveld

Rachid Groeneveld

8 min. read

Share

Nearly all IT professionals (~95%) agree that passwords pose real security risks to their organisation. People have been using weak passwords for as long as we can remember, then there's mishandling passwords (writing them on post-its) and reusing the ones we feel comfortable with. Not exactly best practices according to LastPass, but also no shocking news, as we're all guilty as charged.

Placeholder for Password statsPassword stats

Do you recognise yourself in this video?

Just watch it, at the very least you'll have a good laugh.

Passwords are too weak

Among the top frustrations for employees is changing passwords, remembering the previous 100 passwords and not being able to re-use them. This makes password management a tedious part of the job and surely doesn't really add any security if done improperly. It also increases the additional labour required for simple hygiene; just think about the time wasted on password resets.

In order to combat weak passwords, we need to be building security habits that aren't overly complex and actually make life easier, instead of harder. Weak and/or re-used passwords pose a real threat to organisations because they're typically the one thing between your data and bad actors. The bad actors have done a marvellous job in indexing the most common passwords to make password spraying attacks easier and more effective. You just have to look for the right dataset, taking culture and language into account. Not just bad actors, but the good guys also index weak passwords, they do it for awareness reasons.

See below the top 11 of most used passwords for 2020 in the world. View all 200 most common passwords.

Placeholder for Common passwordsCommon passwords

Leaked passwords

Let's assume, for the sake of argument, that you have adopted on-par security habits, even if you do everything right, your secure passwords might be leaked. Your responsibility is only a part of the puzzle. The other side (the application), should also take measures to safely store the information you use to authenticate. This means they should hash the secret info and secure the systems and infrastructure on which this information is stored and accessible.

Information leaks all the time, in the past months we've seen TicketCounter.nl (August 2020), Eneco (January 2021), GGD GHOR (January 2021), AlleKabels.nl (Februari 2021), NAM (March 2021), RDC.nl (March 2021), DS-IT (April 2021), Gemeente Amsterdam (April 2021), Heijmans (April 2021) and a few weeks back New York Pizza (June 2021). It doesn't take long for this information to surface on the web, in fact, you can quite easily find combined (COMB) datasets with a quick google. COMB stands for combination and is basically a combination of leaks, sorted for ease of use.

Findings of my research on the first 100 million combo's from Cit0day are corroborated by research done by NordPass.

Dehashed

The bad guys are typically a few steps ahead of us, there's no silver bullet, nor a 100% safe system. At some point, we should assume systems are going to be breached and data leaked. If you've taken the measures prescribed by the various best practices, you are at least safer. Unfortunately, there are a lot of tools readily available to 'crack' even the hashed passwords.

Let's use this example:

Someone "found" a dump of leaked credentials, note that this information is quite easy to find.

"It’s well known that most people base their password on a word, in various forms:

  • Just a word (potentially with different capitalisations) — Password
  • A word followed by some numbers/symbols — monkey! or Coffee12
  • A word with ‘leet speak’ applied — p4ssw0rd or f4c3b00k
  • Multiple words stuck together — isthissecure"

In order to crack hashes you typically use highly efficient tooling, which is available for free (open-source), like Hashcat. I will not dive deeper than this, you can read the whole article online. Apart from tooling, you need a strong processor. You don't even need to own the hardware anymore, you can 'rent' an Nvidia Tesla K80 GPU on AWS for as little as $0,90/hour. It's able to calculate ~800 million SHA-256 hashes per second… let that sink in.

In the article the author used a dataset of 14 million credentials and reached the following milestones:

  • 2 hours: 48% of the passwords were cracked
  • 8 hours: nearly 70% of the passwords were cracked
  • 20 hours: over 80% of the passwords were cracked
Placeholder for Number of passwords crackedNumber of passwords cracked

In summary: "20 hours. $0.90 per hour. That’s just $18 spent to have 80% of 14 million passwords cracked."

The below table depicts how long it would take for an NTLM hash (i.e. Windows passwords) to be cracked. Note that these numbers may vary across research papers, these are pretty up-to-date and pertain specifically to NTLM hashes and the use of AWS compute available in 2020.

Placeholder for Password problemPassword problem

Note: the above table is based on 632GH/s cracking power (AWS p3.16xlarge @ $25/hour) for NTLM hashes, The Security Factory.

Multi-factor authentication (MFA)

This is why we need MFA sooner, rather than later. This will add a 'factor' to the login sequence, in other words, you need more than just your username + password (something you know). Because the other factors are not found online, it's way harder for the perpetrator to get into your accounts. Let me emphasise, it's not a silver bullet, there can be bugs in the system using or providing MFA functionality. But at least you've done all you can do in this regard.

What is MFA?

  • Something you know -> e.g. a password
  • Something you have -> e.g. your phone or a token
  • Something you are -> biometrics; e.g. face ID and fingerprints
  • Somewhere the user is -> geolocation

Passwordless, is that a thing?

Microsoft has already adopted this new idea, why should a password be safer than something that you have and are (still two out of the three tenets for MFA)? You just have to fill in your account login (e.g. your email address) and the system will send a push notification to your phone. This push notification can only be viewed if you authenticate on your phone with biometrics (e.g. fingerprint or face ID). This makes it way more difficult for bad actors to abuse your account because it's more difficult to get in, they will need your phone and you.

We will see more adoption of this idea because it eliminates one of the fundamental IT problems: password management. No more password reset requests or remembering all these different passwords or issues with password managers that don't integrate properly. Just a new way of signing in, and preferably one that holds your authentication for every app that you need for work until something changes in your session/behaviour. For example, your IP address, turning off security features on your laptop, privilege escalation etc.

In conclusion: what should I do?

So, what you're saying is that I should consider passwords pretty much compromised by default? Well yes and no, you can't go through life without passwords (yet), so at least use different passwords for different sites/services; if a passwords leaks, the damage is contained to that one account.

Advice #1 use a password manager

A little bit of personal advice, passwords are annoying (I know), but they’re pretty much the only thing between you and people trying to abuse some(if not most) of your accounts. Corporates tend to ask you to change your passwords frequently, which is a solid countermeasure, but not very user friendly. It’s therefore advisable to use a password manager and have it generate ridiculous passwords for your online accounts (16+ characters). You can determine for yourselves if you feel safe to store all your passwords there, in general, it's safer than the alternative (weak and reused passwords).

Which password manager is the best? There no easy answer, it boils down to two things: safety (most password managers score well in this area) and ease of use (this is quite personal). So try one or two before you buy (if you're going to buy).

Advice #2 use MFA whenever (and wherever) possible

On top of that, certainly for sensitive accounts, please enable MFA. Don’t worry if you haven’t heard of it, or if you call it something else. This typically requires you to use your username + password and a code/push notification in an app on your mobile phone (or tablet).

Drawing money from an ATM is comparable, you need the bank card and the pin code; something you have and something you know. You can use any of readily available authenticator apps; Microsoft Authenticator, Google Authenticator, DUO Mobile, etc. Even today, in 2021, many accounts are protected by weak passwords (and lots of passwords are leaked every day) and adding MFA makes it a whole lot more difficult for hackers to get into your accounts.

Tip: try enabling MFA on LinkedIn/Facebook/Instagram/Personal email, etc. This is easy to set up and gives you extra security.

Placeholder for Linked In MFALinked In MFA

Enable it, open your Authenticator App, scan the QR-code (press the plus sign, typically on the right side of the screen) and you’re all set! You have just upped the ante on your security game.

PS: while you're at it, you might want to change your password if you've never done this (especially if you joined before 2013).

Advice #3 stay vigilant!

Keep people from glancing at your keyboard when typing in passwords/passcodes etc. Setup monitoring of your account and/or regularly check the activity logs. You can also setup Google Alerts, to notify you when something about you pops up on the internet (note: it will not detect everything of course). It's quite easy, browse to google.com/alerts (and if necessary, sign in); here you can configure what to monitor.

Another tip is to register at haveibeenpwned.com; this site indexes leaks and notifies you if you're email has been in any of the known leaks.

If you have any questions, want a sparring partner, or you're curious about what this all means? Feel free to contact us.

Placeholder for Engineers manufacturingEngineers manufacturing

OT security

Top five OT security threats

These OT Security threats provides an overview of critical and most common cyber threats to Operational Technology.

1 min. read
Placeholder for Office facade cloud reflectionOffice facade cloud reflection

Multicloud Cloud security

How to protect your multicloud?

Protect your data across the multicloud and drive increased innovation and agility.

4 min. read
Placeholder for Retail shopper bags smartphoneRetail shopper bags smartphone

Zero-Trust

The password problem

What do these numbers and letters have in common? 123456, 123456789, picture1, password, 12345678, 111111.

Rachid Groeneveld
Placeholder for Rachid GroeneveldRachid Groeneveld

Rachid Groeneveld

8 min. read
Placeholder for Edr ndr mdr xdrEdr ndr mdr xdr

EDR NDR XDR MDR

EDR, NDR, XDR, MDR - Different concepts of Detection & Response

"Threat Detection & Response" is nowadays considered an indispensable means of securing corporate networks. We explain the difference between EDR, NDR, XDR and MDR.

1 min. read
Placeholder for Shark threatShark threat

Cyber attacks Cloud security

Top cybersecurity threats to be aware of in 2021

Remote working, which is still the standard in 2021, brings new cybersecurity threats. These are the top threats of 2021.

1 min. read
Placeholder for Aerial view high riseAerial view high rise

Cyber attacks Security

Top cybersecurity companies to watch in 2021

We selected 6 top cybersecurity companies to watch in 2021, who have successfully differentiated themselves from other players in the market.

11 min. read
Placeholder for Ransomware aanval socRansomware aanval soc

Ransomware

Double Trouble: Ransomware with Data Leak Extortion, Part 2

As data leak extortion swiftly became the new norm for big game hunting (BGH) ransomware operators since late 2019, various criminal adversaries began innovating in this area. This includes collaboration between ransomware groups, auctioning leaked data and demanding not just one ransom for the ransomware decryptor but also a second ransom to ensure stolen data is deleted.

1 min. read
Placeholder for ConstructionConstruction

Security

Security survey says: Don’t wait until it’s broken to fix it

In the report, “Network security in the spotlight: Understanding why it can go wrong is key to making the right investment decisions”. The Register conducted a survey of network and security professionals examining what drives organizations to excel in the delivery of information security.

1 min. read
Placeholder for Network security engineers meetingNetwork security engineers meeting

Security MFA

The importance of multi-factor authentication

Ethical hacker Victor Gevers reached news headlines this week as he managed to access president Donald Trump’s Twitter account for the second time.

1 min. read
Placeholder for Modern architectureModern architecture

Network security Network infrastructure

Viabuild selects Infradata as their guide towards an optimal security infrastructure

Infradata deploys a next generation endpoint protection solution at Viabuild enabling more visibility for remote workers.

1 min. read

Webinar: How CASB can protect your sensitive data

This is the last webinar in a serie of three cybertalk sessions. In this webinar Remco Hobo, Head of Cyber Security, explains how Cloud Access Security Broker (CASB) protects your sensitive data.

1 min. read
Placeholder for Webinar with womanWebinar with woman

Webinar: Why DLP matters to your security strategy

This is the second webinar in a serie of three cybertalk sessions. In this webinar Sr. Solution Architect Cyber Security Kunal Biswas will simplify Data Loss Prevention (DLP).

1 min. read
Placeholder for WebinarWebinar

Webinar: Demystifying SASE

This is the first webinar in a serie of 3 cybertalk sessions. In this first webinar our Sr. Solution Architect Cyber Security will demystify SASE (Secure Access Service Edge).

1 min. read
Placeholder for Mcafee partner reseller priceMcafee partner reseller price

McAfee Named a 2020 Gartner Peer Insights Customers’ Choice for CASB

For the third year in a row, McAfee was named a 2020 Gartner Peer Insights Customers’ Choice for CASB with its MVISION Cloud solution.

1 min. read
Placeholder for CrowdstrikeCrowdstrike

CrowdStrike

CrowdStrike Joins with Netskope, Okta and Proofpoint to Secure Remote Work

CrowdStrike, Netskope, Okta and Proofpoint are joining together to help better safeguard organizations by delivering an integrated, Zero Trust security strategy that is designed to protect today’s dynamic and remote working environments at scale.

1 min. read
Placeholder for Crowdstrike partner reseller priceCrowdstrike partner reseller price

CrowdStrike

CrowdStrike named a “Leader” in Q1 2020 Forrester Wave report for EDR

Learn all about the CrowdStrike Falcon endpoint protection platform being named a Leader in The Forrester Wave: EDR, Q1 2020 report.

1 min. read
Placeholder for Night city streetNight city street

5 reasons to consider a managed SOC service provider

When dealing with security threats, organisations could opt for a managed SOC (Security Operations Center). We provide five managed SOC service provider benefits.

8 min. read
Placeholder for Falcon x banner bgFalcon x banner bg

Cybersecurity in the Time of COVID-19: Keys to Embracing (and Securing) a Remote Workforce

Learn what six key factors can help ensure remote worker cybersecurity and how to adopt a remote workforce quickly.

1 min. read
Placeholder for FlyoverFlyover

Juniper Networks Network automation

Juniper Networks’ 2019 State of Network Automation Report

Discover the impact of network automation. This report reveals how today’s use of automation affects engineers, NetOps teams, and business.

1 min. read
Placeholder for Futuristic bridge at nightFuturistic bridge at night

5 ways to boost your cyber security in 2020

Finding the best cyber security solutions in 2020 starts by improving policies and strengthening existing security tools in use.

1 min. read
Placeholder for Mountain viewMountain view

Endpoint security EDR

Top 5 Endpoint Security Solutions 2020

A cyber security strategy that does not address endpoint security, is no strategy. We select the 5 best endpoint security vendors to watch in 2020.

1 min. read
Placeholder for Milkyway lakesMilkyway lakes

Security Managed services

Eight major benefits of having a Managed Security Services Provider (MSSP)

Managed Security Services Providers (MSSPs) provide structural security solutions against cyberattacks, including always up-to-date expertise in the latest cyber threats and appropriate solutions. Here's 8 benefits of the best MSSP to prevent cyberattacks and save costs.

9 min. read
Placeholder for Leave green macroLeave green macro

Prevent lateral compromise with microsegmentation

Why network microsegmentation matters for network security and how it helps mitigate the spread of lateral compromise.

1 min. read

Why 5G Security and Interoperability must not be optional extras

Mobile Solutions Architect Ditri Trio elaborates on 5G Security and Interoperability challenges with existing 3G and 4G networks.

1 min. read
Placeholder for Glass architectureGlass architecture

19 Cloud Security Best Practices for 2019

Mitigate risks to using any cloud service with these Cloud Security Best Practices. Cloud computing has become near-ubiquitous, with roughly 95 percent of businesses reporting that they have a cloud strategy.

1 min. read
Placeholder for Tunnel traffic nightTunnel traffic night

Rapid international expansion thanks to specialisation

Interview with Infradata Group CEO Nino Tomovski. About the international growth of Infradata Group, Cyber ​​Security solutions and the importance of local expertise.

1 min. read
Placeholder for Coffee meetingCoffee meeting

Maintaining Effective Endpoint Security 201

With the threat landscape evolving every day, is there more these organizations can do to sustain an effective endpoint strategy while supporting enterprise expansion? Let’s take a look at how teams can bolster endpoint security strategy.

1 min. read
Placeholder for Shark fish schoolShark fish school

The Dark Side of Governments: A Growing Threat of APT Groups

For most nation states, covert advanced persistent threat (APT) groups are an equally valuable tool that operate in the shadows, stealing data, disrupting operations, or destroying the infrastructure of targeted enemies.

1 min. read
Placeholder for Milkyway lakesMilkyway lakes

Network security

Top 5 Network Security Solutions and Technologies

The 5 best Network security solutions and technologies that help define and guarantee business success. Unfortunately many enterprises do not know what network security solutions are essential to securing their network and data.

1 min. read
Placeholder for Partial view of woman using laptopPartial view of woman using laptop

Endpoint security EDR

5 Endpoint Security Best Practices

Your Cyber Security strategy should include Endpoint Security, as it is one of the most critical components for network security. In this article, our experts sum up Endpoint Security best practices for the Enteprise.

1 min. read
Placeholder for Fortinet firewallFortinet firewall

Fortinet Wins SE Labs Best Network Security Appliance Award

Fortinet has been awarded the Best Network Security Appliance award from SE Labs – one of the most respected labs in the testing community. SE Labs has been testing FortiGate products for the past three years, and in addition to this accolade, have awarded a AAA rating to the FortiGate solution for the third year in a row.

1 min. read
Placeholder for Runner street shimmerRunner street shimmer

CrowdStrike Endpoint security

CrowdStrike Positioned as a Magic Quadrant “Leader” for Endpoint Protection Platforms 2019

Crowdstrike is positioned as a “Leader” in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP). This recognition from Gartner is the first time Crowdstrike has been placed in the Leaders Quadrant with their Crowdstrike Falcon Endpoint Protection Platform.

1 min. read
Placeholder for Shark fish schoolShark fish school

Network security Enterprise networking

Top 5 Key Challenges for Network Security

We have compiled a list of key challenges regarding network security and cyberthreats, as numerous companies and governments are taking measures to ensure privacy and maintain security by preventing cyberattacks. Nevertheless, cybersecurity remains a constant and ongoing issue of considerable concern.

1 min. read
Placeholder for Smartphone closeupSmartphone closeup

4 Emerging Challenges in Securing Modern Applications

Advanced threats force the best application security solutions to do more. Web Application Firewalls must be tested for security effectiveness. Here's 4 emerging challenges in securing modern applications

1 min. read
Placeholder for Round facade officeRound facade office

Mist Will Join Juniper Networks to Accelerate AI for IT Adoption

Five years ago, I had the good fortune of launching a new company with two luminaries in the networking space – Bob Friday and Brett Galloway. Together, we recognized that the world of IT was at an inflection point whereby the old, reactive way of delivering services needed to be replaced by a new model built on AI-driven automation and user insight.

1 min. read
Placeholder for Digital identityDigital identity

Endpoint security

Top 5 Endpoint Security Solutions of 2019

Here's the 5 best endpoint security solutions. Recent studies show that 30 percent of known breaches involved malware being installed on endpoints. Select an Endpoint Protection Selecting that fits your needs considering these vendors

7 min. read
Placeholder for Wide angle sky line blueWide angle sky line blue

Juniper Networks Acquires Mist Systems to Bring AI to IT

. With a shift from mere service management (ITSM) to strategic enabler, the very purpose of IT has changed. Where the past was about uptime in a largely static environment, the present is about user experience

1 min. read
Placeholder for Education classEducation class

Infradata delivers National Education Network security system to Poland

Infradata Polska will launch the NASK National Research Institute project for the delivery of the National Education Network (Ogólnopolska Sieć Edukacyjna, OSE) security infrastructure system. Infradata’s offer was selected in a tender. The project will ultimately cover 25.000 schools.

1 min. read
Placeholder for Milkyway roadMilkyway road

Security

The 5 key IT security assessment types

Different IT Security Assessment types explained. Every day, digital attacks threaten the continuity of your business. Cybersecurity assessments accurately map out the threat.

4 min. read
Placeholder for Drops on green leaveDrops on green leave

Cisco announces Wi-Fi 6 product portfolio

Cisco announced Wi-Fi 6 solutions and products for improved wireless connectivity this week. Besides the Wi-Fi 6 Access Points, Cisco also announced the Catalyst 9600 campus Core Switch purpose-built for cloud-scale networking.

1 min. read
Placeholder for Digital identityDigital identity

Effective Endpoint Security Strategy 101

Balancing your business’ objectives while ensuring your organization’s data is secure can be a challenge for many. But that challenge can be assuaged by addressing cyberthreats at the start – the endpoint. Adopting an effective endpoint protection strategy is crucial for a modern-day organization

1 min. read
Placeholder for Juniper networks nxtJuniper networks nxt

Juniper Networks introduces SD-WAN as a Service solution

Juniper’s Contrail Service Orchestration now manages the full enterprise branch, campus and cloud SD-WAN, now adding branch security, LAN and Mist Learning WLAN

1 min. read
Placeholder for Northern lightNorthern light

Establishing the Zero-Trust Cybersecurity Framework

The principle 'Zero-Trust' is one of the most integral security frameworks in recent times. Its crux lies in simplicity - a default deny for all flows and concept of minimal access. To effectively realize 'Zero Digital Trust' in your ecosystem here's what it entails.

1 min. read
Placeholder for Power plantPower plant

Ransomware 'LockerGoga' wreaks havoc on Norway's Norsk Hydro

What is 'LockerGoga' ransomware and how did it infect Norway's Norsk Hydro? Read all about it in this blog.

1 min. read
Placeholder for Lily flower macroLily flower macro

5G security: Challenges to overcome enabling new business models

As the world is about to start rolling out 5G networks, the question arises what the challenges will be to address 5G security and privacy concerns. In this blog René shares his thought on 5G security challenges and potential business benefits.

1 min. read
Placeholder for Milkyway roadMilkyway road

Juniper Networks expedites 5G Transformation for Service Providers

Juniper Networks continues to expand to address use cases across access, pre-aggregation and aggregation to assist in the transitions from 4G LTE to 5G. Includes ACX700 Universal Metro Routers, industry-first 400GbE native MACsec support and Triton Silicon-powered 14.4Tb line cards for the PTX10008

1 min. read
Placeholder for Laptop dev codeLaptop dev code

Another coding example that turned into a malicious threat

Two days ago an example of bad code popped up in the security community when a programmer was reviewing 7Zip's code to see if it would suit his needs. 7Zip is a free open source software for compression and packing/unpacking of ZIP and GZIP formats.

1 min. read
Placeholder for Windmills cityWindmills city

SD-WAN

What is zero touch provisioning and is it useful for me?

Zero Touch Provisioning or ZTP is a term that appears increasingly on the feature list of networking products. ZTP can be found in switches, wireless access points, (SD-WAN) routers, NFV-platforms and firewalls.

Jan-Willem Keinke
Placeholder for Jan Willem KeinkeJan Willem Keinke

Jan-Willem Keinke

6 min. read
Placeholder for Media broadcastingMedia broadcasting

Global media company transforms network security with visibility and Network Access Control (NAC)

Infradata supports a leading media company to strengthen the security of the network through Network Access Control (NAC). With this security solution, the security policy for access to the entire network as well as endpoint security is greatly improved.

1 min. read
Placeholder for Street by night5Street by night5

6 cybersecurity trends you need to know for 2019

With the continuous growth of new emerging technologies and innovative Cyber Security solutions being developed, we asked our Cyber Security experts: What are the 6 cyber security trends for 2019 to watch?

1 min. read
Placeholder for Arista networks background2Arista networks background2

Arista to Demonstrate Any Cloud Networking for Kubernetes at KubeCon NA 2018

New solution uses Arista virtual and cEOS software instances to provide a uniform enterprise-class/cloud-grade routing platform with enhanced visibility and security features tied into OpenShift and Calico commercial enterprise platforms from Red Hat and Tigera.

1 min. read
Placeholder for ForcepointForcepoint

Forcepoint Reveals Cyber Security Predictions for 2019

Forcepoint launched its Forcepoint Cyber Security Predictions 2019 Report . The report provides guidance on the sophisticated threats facing organizations in the months to come.

1 min. read
Placeholder for Engineers manufacturingEngineers manufacturing

Pulse Secure expands Firewall Auto-provisioning and Behavioral Analytics for IIoT Security

Pulse Secure, the provider of Secure Access solutions to both enterprises and service providers, announced the release of Pulse Policy Secure (PPS) 9.0R3 to extend its Zero Trust Security model to IIoT devices and smart factories.

1 min. read
Placeholder for Fortinet firewallFortinet firewall

Fortinet Introduces New Security Automation Capabilities on Amazon Web Services

Fortinet announced the expansion of its Fortinet Security Fabric offerings and new automation capabilities for AWS to provide streamlined and consistent security management for hybrid infrastructures.

1 min. read
Placeholder for CrowdstrikeCrowdstrike

CrowdStrike gets highest score in Gartner peer insights customer's choice Endpoint Protection Platform

CrowdStrike Falcon receives high score of 4.8 out of 5 based on highest user satisfaction among Endpoint Protection Platform vendors

1 min. read
Placeholder for DatacenterDatacenter

The road to next level Data Loss Prevention

Data leaks happen constantly to many different organizations. We have examples of cases in which credit card data of hundreds of thousands of users was leaked, or disgruntled workers that copy sensitive data of the organization they want to leave, to later publish or sell that information in the external world, damaging users and businesses. There is no limit to the amount of data that can be leaked, nor to the amount of damage that can be done.

1 min. read
Placeholder for LondonLondon

UK Government launches Code of Practice for IoT Security

The UK department for Digital, Culture, Media and Sport has launched a Code of Practice for consumer IoT security. The aim of the Code of Practice is to "support all parties involved in the development, manufacturing and retail of consumer IoT", as stated on the UK.gov website.

1 min. read
Placeholder for Smartphone closeupSmartphone closeup

Why Mozilla Firefox's upcoming DoH update might be a mistake

"DoH does not solve a real problem. Contrary, it creates a problem." In his blog solution architect Hilmar Burghraaff dives into the potential risks of Mozilla moving DNS to HTTP over DNS.

1 min. read
Placeholder for Falcon x banner bgFalcon x banner bg

Gartner and Forrester position Crowdstrike leader in endpoint security

Crowdstrike's cloud-delivered Endpoint protection solutions have been named a leader by Forrester and leads the visionary quadrant in the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms.

1 min. read

Sign up for our newsletter

Get the latest security news, insights and market trends delivered to your inbox.