Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
Gabriel Álvarez Corrada Approaching Cybersecurity in Industry 4.0: The Age of Connected Machines Don’t run away yet! This era is not about machines enslaving humanity (at least, not yet…) but about the introduction of elements (IOT devices, cloud environments, IA, Big Data, SIEM,...
Innovation and Laboratory Area in ElevenPaths DIARIO: Our Privacy-Friendly Document Malware Detector DIARIO makes possible to scan and analyse documents for malware detection with no need to know the content of those files.. Find out more in this post.
ElevenPaths ElevenPaths has achieved AWS Security Competency status Telefónica Tech’s cybersecurity company has demonstrated deep technical and consulting expertise helping large enterprises to adopt, develop and deploy complex cloud security projects that protect their environments on AWS...
Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
Sergio De Los Santos Pay When You Get Infected by Ransomware? Many Shades of Grey The Internet is full of articles explaining why ransomware should not be paid. And they are probably right, but if you don’t make a difference between the type of ransomware and...
ElevenPaths Evrial, malware that steals Bitcoins using the clipboard… and the scammed scammers Evrial is the latest cryptocoin malware stealer, and uses the power to control the clipboard as its strongest bet to get “easy money”. Elevenpaths has took a deep...
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
Gabriel Álvarez Corrada Approaching Cybersecurity in Industry 4.0: The Age of Connected Machines Don’t run away yet! This era is not about machines enslaving humanity (at least, not yet…) but about the introduction of elements (IOT devices, cloud environments, IA, Big Data, SIEM,...
ElevenPaths Cybersecurity Weekly Briefing September 5-11 Microsoft Patch Tuesday Microsoft published on Tuesday its newsletter with updates for the month of September. In this new bulletin a total of 129 vulnerabilities have been corrected in 15...
Alberto Cuesta Partida We Acquire iHackLabs to Boost the Training of Our Ethical Hackers Telefónica Tech, through ElevenPaths, incorporates the platforms and knowledge about cyber security training of the iHackLabs startup.
Secure Homeworking, Applying Cybersecurity from HomeAndrés Naranjo 17 March, 2020 Sometimes changes occur in society and bring us new ways of addressing daily tasks, cultural, social or other changes that establish a new practice as a way of life to solve or ease a new reality. That way, with the arrival of coronavirus in Spain, the terms ‘teleworking’ or ‘home working’ are on everyone’s lips to try to maintain work activity while minimizing interpersonal contact to prevent further spread of the virus. However, this ability to work remotely is not new, teleworking is very positive both for society and for the individual himself, as almost all studies on it show. As a case in point, teleworking involves fewer trips and emissions. In a few weeks, China has reduced its environmental pollution by more than 25%. Similarly, accidents on the way to work are also avoided. Another great advantage is that home working is family-friendly. If we can adapt working hours to other family-related responsibilities, worker’s quality of life is increased, and stress reduced. Resources Required to Enable Teleworking and Its Risks It is obvious that nothing happens for its own sake. For a change of this size you must be prepared, particularly at the technological level. Mainly, secure access to all company’s resources must be ensured, have a way to hold online meetings with the appropriate connections and tools, as well as a synchronization method of all this that allows managing the meeting agenda. Also access to corporate mail, network or cloud folders to share data and, of course, the devices to be used remotely. But, like any change, there are drawbacks as well. When we work from home using our own technological means in terms of both network and devices, the company no longer has control over the cybersecurity measures applied if the company did not have this contingency planned. Working from Home Securely To begin with, the use of our own connection may generate a technological security risk for the company if it is not properly secured, both in terms of passwords and network segmentation. The work device should be isolated from other devices at home, potentially more insecure, particularly if they are managed by minors. In the same way, the system provided by the company must include the appropriate connection tools to transfer that connection to the company and, from there, secure the connections by using the usual perimeter security, for example. Let’s focus on those essential solutions to ensure security when working from home: Secure Connection to the Corporate Network: These conveniently-encrypted Virtual Private Network (VPN) services guarantee us, on the one hand, a point-to-point encryption of the connection, so that if someone ‘listens’ when penetrating into the communication, this would be illegible. These attacks, called man-in-the-middle, are usually more common than people might think (for example when using public Wi-Fi), and everything that happens through HTTP traffic, which is not encrypted, may be accessed. By the way, by connecting to the corporate network and “going out” to the Internet by its security measures we will be more protected and, if necessary, we will be allowed to access the Intranet or necessary network folders. Robust Identity Management: Any remote access must imperatively avoid delegating access to the username / password pair. It must be avoided at all costs since a potential theft or leakage of them will surely end up with unauthorized access to the company’s resources. Here, two-factor authentication systems or adaptive authentication play a major role and that’s why cybersecurity companies have identity services that, in short, guarantee that users are who they claim to be. Device Protection Tools or EDR tools, the evolution of old ‘antivirus softwares’ that perform a comprehensive and centralized management of the company’s security policy locally on the employees’ devices. Awareness about the Responsible Use of Technology: There is no science that advances at a faster pace than technology, so its use must be considered continuous training since every day more aspects of companies are related with the use of technologies. It is highly recommended that all companies train their employees in the appropriate use of technological means. Currently, more than 90% of successful cyberattacks are related with human errors. In short, whether due to the threat of coronavirus or not, your company may be considering allowing telework at least partly. This requires a study of the feasibility and risks in this regard. ElevenPaths has products and services to secure this digital transformation of the world of work. More and Shorter Certificates with a Lower Lifetime: Where Is TLS Going to?Cybersecurity Trends Report for 2020 from ElevenPaths
Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
Gabriel Álvarez Corrada Approaching Cybersecurity in Industry 4.0: The Age of Connected Machines Don’t run away yet! This era is not about machines enslaving humanity (at least, not yet…) but about the introduction of elements (IOT devices, cloud environments, IA, Big Data, SIEM,...
Sergio De Los Santos Pay When You Get Infected by Ransomware? Many Shades of Grey The Internet is full of articles explaining why ransomware should not be paid. And they are probably right, but if you don’t make a difference between the type of ransomware and...
ElevenPaths Cybersecurity Weekly Briefing October 17-23 New banking trojan called Vizom IBM Security Trusteer’s research team has published a report analysing the new “Brazilian family” banking Trojan called Vizom. This malicious software uses similar techniques to...
ElevenPaths Innovation and New Cybersecurity Tools: Security Innovation Days 2020 (Day 3) This was the 8th edition of the Security Innovation Days 2020 so far. Three intense days in which innovation in cybersecurity and the digital transformation have been the essence...
ElevenPaths New Capabilities for the Future of Cybersecurity: Security Innovation Days 2020 (Day 2) Second day of the Security Innovation Days 2020, focusing on the new capabilities we have acquired as a cybersecurity company from Telefónica Tech. A few weeks ago, we announced...
