Refirm Labs Signs emt Distribution

emt Distribution brings ReFirm Labs to Australia and New Zealand to counter growing cyber threats to devices and the IoT

Agreement allows reseller partners to offer Centrifuge Platform™ to secure Internet-connected devices from routers and security cameras to light bulbs

Adelaide, Australia – 23 April 2019: Cyber security software specialist, emt Distribution, today announced an agreement with U.S.-based ReFirm Labs to bring its Centrifuge Platform™ to Australia and New Zealand for vetting, validation and monitoring of organisations’ firmware security.

 

emt Distribution will execute a 100% channel strategy in the region, working with partners to market and support the Centrifuge Platform so organisations can counter the cyber threat to growing numbers of Internet-connected devices from routers and security cameras to light bulbs and refrigerators.

 

According to ReFirm Labs, cyber security standards have not kept pace with rapid Internet of Things (IoT) adoption. Firmware within devices is vulnerable to attacks that are difficult to predict or protect against, placing an organisation’s customers, finances and reputation at risk. Current security measures don’t effectively protect firmware, and fail to proactively address vulnerabilities before it’s too late.

 

Among the challenges faced by organisations is meeting the demand for IoT devices with the confidence that they do not pose a security risk. The entry of ReFirm Labs into the region closes this security gap for enterprises, government agencies and operators of critical infrastructure.

 

ReFirm Labs’ Centrifuge Platform gives organisations confidence in the security of their devices and IoT deployments. With no source code required, continuous monitoring, API integration and actionable reporting, organisations can address IoT vulnerability concerns, and make informed purchasing and deployment decisions.

 

“ReFirm Labs lines up with our focus on sourcing and delivering innovative solutions for cyber security vulnerabilities that mainstream technologies don’t address,” said Scott Hagenus, CMO at emt Distribution. “The fact that organisations with a heavy reliance on IoT devices can vet firmware images for vulnerabilities in around 30 minutes, without requiring source code, brings confidence to the choices they make.”

 

Channel partners looking to lower the cyber risks of organisations reliant on potentially vulnerable devices can leverage emt Distribution’s resources to assist with everything from discovery meetings to demonstrations, pre-sales engineering and solutions implementation.

 

“emt Distribution’s knowledge of the cyber security market, long-term relationships with channel partners and technical expertise give us the capability to meet the growing demand for firmware security solutions in Australia and New Zealand,” said Derick Naef, CEO at ReFirm Labs.

 

“emt Distribution is delighted to add device and IoT firmware security to our broad cyber security solutions set,” said Richard Rundle, CEO at emt Distribution. “ReFirm Lab’s entry into the region gives our channel partners and their customers access to a new level of cyber security sophistication and maturity in an area that is often overlooked.”

 

About ReFirm Labs
ReFirm Labs provides the industry’s first IoT and firmware security solutions that proactively vet, validate and continuously monitor IoT devices for hidden threats. Its flagship product, Centrifuge Platform®, detects and reports potential zero-day exploits, hidden crypto keys, backdoor passwords and known vulnerabilities in IoT devices without needing access to source code. ReFirm Labs’ technology has been proven to provide the insight and intelligence needed for users to proactively defend connected devices and maintain compliance and the integrity of supply chain security. Founded by a team of former NSA offensive cyber operators, ReFirm Labs is trusted by government agencies and Fortune 500 companies that operate in a wide variety of industries, including: telecommunications, cloud infrastructure and data centers, automotive, health care, utilities and manufacturing. For more information, visit www.refirmlabs.com or follow on Twitter @ReFirmLabs.

 

About emt Distribution

emt Distribution is an Adelaide-based value added distributor and vendor representative with a presence in Australia, Singapore, Hong Kong, Philippines, UAE and South Africa. It also works closely with like-minded distributors in the UK, Netherlands and Germany. emt offers cyber security solutions that address the top four mitigation strategies to prevent cyber security incidents, the broader strategies in the Australian Government’s Information Security Manual (ISM) and solutions to address Cyber Threat Management.

 

emt Distribution assists channel partners, MSPs and MSSPs to deliver cyber security solutions their customers need. emt offers pre and post-sales support, channel development, engaged sales processes and marketing assistance for both vendors and channel partners. See: www.emtdist.com

 

Media Contact

Chris Bowes

Bowes Communications

+61 (0)2 9387 2332

[email protected]

 

TRIAL Vipre Endpoint Security

What do ASD Essential Eight changes mean for your organisation’s security

 

By Alex Duffy, Security Solutions Architect, emt Distribution 

The recent (25/2/19) and unexpected update to the Australian Signals Directorate’s Essential Eight Maturity Model serves to keep the ASD’s guidelines relevant going forward and address the latest weak points in IT security. What stays the same though is the ASD’s guidance on practical updates on how to stay ahead.

 

While these guidelines are specifically relevant to federal government organisations’ critical infrastructure they are now being pushed indirectly to contractors or businesses who work with the federal government. But even though these guidelines may not be mandatory for private businesses, they are best practice. If they are good enough to safeguard our political, defence and economic interests as a nation, they should be appropriate to safeguard our businesses from the majority of possible cyber security attacks and incidents.

 

This recent update sees fewer restrictions around patching but a higher level of control on Application Whitelisting which has now been extended to all workstations for levels 1 and 2 of the maturity models. Multi Factor Authentication no longer permits the use of SMS, emails or voicemails for level 1 maturity and specifically states a requirement for passwords to be longer than six characters at all levels.

 

But what does this actually mean for today’s IT professionals?

 

These changes reflect the changing priorities required to address today’s threat landscape. With the loosening of controls around patching, the ASD acknowledges the balancing act that security personnel must perform in certain environments. There is definite acknowledgement of the dilemma faced where patching may break functionality vs maintaining a secure environment and strict adherence. A reduction in the burden on already overworked IT admins meeting requirements while allowing better automation is removing overhead while not reducing security.

 

The higher importance placed on Application Whitelisting definitely reflects what we see in the marketplace. With Application Whitelisting now available as a mature solution it is reasonable to expect organisations to use it across their entire environment. Increased visibility alone of endpoint applications makes life easier for security, helpdesk and management alike stopping more endpoint threats before they reach any part of the network.

 

Combined focus on patch automation and increased scope of Application Whitelisting we also see as acknowledgement of a more distributed workforce need for security and higher difficulty in controlling remote endpoints.

 

The more specific wording for Multi Factor Authentication also recognises how threat actors are now working around basic MFA and endeavours to close those weak spots.

 

There are now only three maturity levels instead of the original five: Partly (level 1), Mostly (level 2) and Fully (level 3) aligned. Level 0 is no longer listed as it doesn’t meet even the most minimal criteria and level 4 is only required on an ad hoc basis depending on advice from the ASD. These changes assume that organisations will now at least begin to adhere to these standards to a degree and give a clear path to full alignment at level 3.

 

The biggest takeaway from this update appears to be that it is no longer reasonable for a business entity to not address the Essential Eight, especially with the removal of level 0. If a business has not yet met the criteria for level 1 then its current security measures are faulty and need immediate remediation.

We welcome this specific update because it reflects what our customers have been demanding already. emt’s focus on security solutions addresses the Essential Eight and beyond to ensure our customers’ networks are ahead of requirements using the latest technologies. We already have solutions that address the Top 4 – Airlock Digital, Flexera, Stealthbits, and Thycotic.

 

Read more about our solutions for Top 4 mitigations at https://www.emtdist.com/solutions/australian-signals-directorate-top-4-mitigations/

 

 

Flashpoint Intelligence on APAC-ANZ Cyber Activity to Guide Upcoming Risk Decisions

Author:  Aaron Shraberg, Flashpoint

 

Geopolitical and economic tensions between the United States, China, and North Korea figure to steer risk management decisions in the Asia-Pacific region for the coming months. Organisations, such as some recently targeted financial services institutions in Australia and New Zealand, should closely monitor cyber and political activity in the area.

The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC. While most threat actors targeting organisations in the region are financially motivated, nation-state activity remains a potent threat against government and diplomatic entities, as well as financial organisations as nations such as North Korea continue to fund operations through hacking.

Political and Economic Events to Watch

As 2019 progresses, the ongoing trade conflict between the U.S. and China could spur an uptick in cyber activity against the U.S. and its closest Five Eyes allies, further eroding the Xi-Obama agreement to cease China’s industrial espionage activity for economic gain.

Last year, a limited number of named APT outfits operating in the region were alleged to be behind high-profile compromises and thefts of data and/or funds from global financial institutions, attacks on various multinational firms via third-party providers, and campaigns against the cryptocurrency industry.

North Korea is likely to remain a stressor in the region. It is unlikely to unilaterally disarm its nuclear program, and will likely ramp up its cyberattacks against APAC, ANZ, and Western financial institutions, as well as cryptocurrency exchanges in order to finance the regime and its activities. Organisations should also monitor unresolved disputes over ownership and militarisation of parts of the South China Sea, debates over the integrity of Huawei and ZTE devices in Western networks, and other events in the region that could impact businesses in ANZ and APAC.

While some criminal organisations operating in ANZ and APAC are believed to be behind Eastern European outfits in terms of experience and capabilities, APT activity from China and North Korea is considered highly advanced. Organizations in the region should be aware of campaigns linked to criminal or nation-states in the area, and some of the tactics, techniques, and procedures (TTPs) employed by these groups.

Advanced TTPs Coming out of APAC-ANZ

Some TTPs include commonplace first-stage attacks such as phishing or spear-phishing emails and watering hole attacks. These groups also have at their disposal banking Trojans, malware that seeks out and steals credentials, and ransomware, among others. Many criminal groups are proficient in activity to facilitate carding and reshipment fraud, the theft and sale of personally identifiable information, as well as more technically involved operations, including the sale of compromised RDP hosts, developing proxy and anonymization tools (to circumvent law enforcement and censorship efforts), and other tactics to carry out fraud.

Some attackers are also making use of publicly available exploits for common vulnerabilities in Apache Struts, Oracle products, Adobe Flash, Microsoft Office and others. Most of these vulnerabilities have already been publicly disclosed and patches are available, meaning that threat actors are opportunistic in the region, capitalising on lax patching efforts, or under-resourced IT organizations to exploit these security flaws.

Already this year, financial institutions in Australia, Japan, and elsewhere have reported being targeted by a new spam campaign using the Hancitor dropper to infect machines with the Gozi information-stealing malware. Gozi, also known as Ursnif, packages up banking and other account credentials from an infected machine and exfiltrates them to an attacker-controlled server. Variants of the banking malware have been active since 2014 and frequently target Microsoft Office vulnerabilities to gain a foothold on unpatched machines.

Malware-based attacks aren’t the only means of profit for threat actors in the region. Late last year, several Chinese-language Deep & Dark Web forums contained posts advertising the availability of fraudulent identification cards from Australia, New Zealand, several locations in Europe, as well as North America. The fraudulent documents would allow, in some regions, the ability to travel without additional visas, vote in elections, or open bank accounts, for example. Another post also advertised processing of identifications and passports from Australia, New Zealand, Canada, France and Germany, opening the door to citizenship in some of those locations, in addition to the previously mentioned capabilities.

Assessment

Enterprises in Asia-Pacific, Australia, and New Zealand will have impending risk management decisions guided in some part by the fragile geopolitical and cyber climate in the region. As the U.S., China, and North Korea tug at each other’s shirttails in cyberspace and in the political arena, businesses will continue to be targeted by criminal and state-sponsored outfits operating in APAC and ANZ. Any erosion of these diplomatic or economic relationships will trickle down to businesses in the area, and threat activity targeting countries and companies in APAC-ANZ will be influenced accordingly.

 

About the Author

Aaron Shraberg is Senior Analyst on the Asia-Pacific intelligence team at Flashpoint. He speaks Mandarin and specialises in analysing key trends, threat actors, and campaigns emanating from the region, with an emphasis on China. Prior to Flashpoint, Aaron held roles in foreign policy and national security research for organisations including the Institute for International Economic Policy, DGI, and Kharon. He received a bachelor’s degree in literature from the University of Kentucky and a master’s degree in Asian studies from The George Washington University.

Flashpoint empowers organisations worldwide with meaningful intelligence and information that combats threats and adversaries. Headquartered in New York, Flashpoint has offices in Melbourne, Australia and is distributed in Oceania and South East Asia by emt Distribution.

emt Distribution survey finds 85% of MSPs see growth potential in password or privileged account management as a service

emt Distribution at AISA National Conference

AISA National Conference focused on helping members navigate the security landscape

 

emt Distribution Stand 21 AISA NC 2017

Acunetix, Flexera and Airlock at AISA National Conference 2017

emt Distribution exhibited at the AISA National Conference in Sydney in 2017 with Stand 20 dedicated to Thycotic and Privileged Account Management, and Stand 21 showcasing Acunetix, Flexera and local security firm Airlock Digital.  The diversity of attendees and their breadth of knowledge was impressive.  Most impressive was the overwhelming openess attendees had to discussing varying security topics and challenges and their eagerness to hear the experiences of their peers in the industry.

This year emt Distribution focused on the Top 4 with application whitelisitng, patching (and vulnerability management) and restricting and managing privileges being core to our theme.

Cyber Security Maturity in Australia

History has shown many security initiatives have been reactionary and re-prioritisation has often been post incident.  This year, the general consensus seems to be that the Australian information security culture is maturing rapidly with many organisations taking a more concerted proactive approach and broadening their measures beyond traditional gateway and endpoint defences.

The NDB scheme

The Notifiable Data Breaches scheme, coming into play in February 2018 has been received with mixed feelings among the security community.  Some members believe it will have a positive impact on C and board level awareness of, and involvement in, the overall security posture of their organisations.  Others are taking a more cautious attitude, believing it will take some time for Australian businesses to adjust.

Threat Mitigation and the ASD’s 37

Beyond federal government and critical infrastructure, more organisations are starting to pay attention.  The vast majority of people we spoke with were aware of the ASD’s top 4, Essential 8 and the 37.  As always, prioritisation, business impact and mitigation effectiveness play a major factor on the decision making process of what people choose as part of their cyber security mix.  The ASD, government and commercial security community should be applauded for the work they have done in promoting the efforts the ASD have gone to bring a balanced, well researched and thought out set of mitigation strategies to the Australian public and private sectors.

Cyber Security Talent

There is no question about it.  Australia has some incredible talent in this space.  Speaking with the many security professionals at AISA demonstrates this.  There is also no question that we don’t have enough of them.  Many organisations are actively looking for people suited to security roles and coming up short.  The talent is there, there’s just not enough to go around.  Education institutions should be paying attention to this, whilst enterprises need to invest in the talent pool available to them.

#4 in the Top 4 – Minimise Administrative Privileges

Thycotic AISA NC 2017

Thycotic at Stand 20 generating a lot of buzz

Thycotic does this in spades.  The 2017 AISA National Conference saw Thycotic back for a second year running and the wrap was unanimously positive. The main theme of the conference was collaboration, and Thycotic managed this with dozens of in depth, security oriented conversations around the landscape and threats posed by poorly managed privileged accounts.

A number of the breakout sessions and keynotes during the three day conference directly or indirectly alluded to the core security requirement of locking down privileged access, removing local and domain levels of privilege where possible, and adopting best practice around password management and rotation. In fact, one of the most talked about speeches on the anatomy of a breach ended up being in part tied back to poorly managed Active Directory credentials. The sheer interest in this case study indicates how front-of-mind Privileged Account Management (PAM) is right now.

For Thycotic, attending AISA is an equal matter of meeting new prospective customers and also raising awareness and industry recognition.  A number of large government and private organisations showed very real interest as they either did not have a full PAM solution or were struggling with their current providers implementation. For Thycotic, the enterprise level feature set matched with the industry gold standard in ease-of-use and adopt-ability made for several outstanding conversations and a chance for Thycotic to demonstrate just how successful a PAM implementation can be.

#3 & #2 – Patch Operating Systems and Patch Applications

 

emt at AISA National Conference 2017Patching shouldn’t ever be ignored.  Many people visiting us on the emt/Flexera stand explained the challenges of balancing the calls from security teams to patch with operations teams day to day need to keep business running while implementing business impact projects.  In many cases, application patching is done manually while server patching requires significant testing and change control process prior to roll out.  Patching falls under both Security and Operations. This is where true collaboration is needed within  organisations – SecOps.  Besides making sure critical patches and fixes are applied within 48 hours, we need to understand what the vulnerabilities are, where they lie and just how critical they really are.  What’s the real risk?  Flexera Security Vulnerability Manager  fits this scenario perfectly.  Backed by the Secunia Research Labs, SVM allows users to reduce exposure to hacks, stay informed and most importantly,cut through the noise.  It also gives operations teams set and forget ability, takes care of 3rd party patching through their existing SCCM infrastructure and gives them broad patch assessment ability.  The resulting reduction in test times and verification means organisations can achieve faster patch deployment with real positive impact to business.  A shout out here to all those that stopped by with an open mind to find out what is possible!

emt Distribution Stand 21 AISA NC 2017On the topic of understanding Vulnerabilities – Kudos goes to Acunetix.  The sheer volume of people who visited the emt/Acunetix stand who had used, were using or want to use Acunetix Web Application Scanner with Integrated Vulnerability Management was staggering. We all know the threats posed web applications written in haste or not maintained and so the capabilities of Acunetix was high on people’s minds. Acunetix customers told us how they loved the automation, ease of use and the Acunetix APIs to automate the scanning of their most recent work.  Perfect for people utilising Agile software development methodologies.  A key point of interest for people was Acunetix’s ability to test vulnerabilities in the underlying technology as well.  With the Equifax breach fresh on minds, Acunetix ability to test for things like Apache Struts Vulnerability was of keen interest.  Acunetix had a real work out on the stand with over a dozen demonstrations given over the two days.  Anyone who has worked a stand understands how hard that is to achieve.

 

#1 – Application Whitelisting

Why is it number 1? We’ll answer a question with a question.  If it can’t execute, it can’t run, if it can’t run, what harm is it going to do?

Airlock was built ground up around the controls the ASD specify.  That in and of itself, as far as this writer knows, is unique in the app whitelisting space.  The fact that the creators have extensive experience in implementing controls from the ISM, writing SANS course on whitelisting and experiencing the pain it can cause, made them take stock and create an Application Whitelisting solution that wasn’t an imposing, daunting task. Being the new kid on the block, Australian, and gathering a real following in the sec space made Airlock a real attraction for attendees.  Questions focused heavily on understanding how to deploy the solution and around gaining understanding into the Airlock product workflows that make application whitelisting actually work. There were also many follow up questions on how the solution handles developers and administrator groups, a traditional pain point in whitelisiting solutions.  Daniel Schell, co-founder of Airlock Digital didn’t have much time to relax with demos, barrages of questions and follow up appointments coming thick and fast.   If there is a company and product to watch with keen interest through the remainder of 2017 and 2018, Airlock Digital is it.

 

Now to be clear, All the companies and product mentioned here may be trademarked by their respective owners, and in no way are we suggesting that the Australian Federal Government or ASD has any endorsement or affiliation with them.  It just makes it a lot easier to pigeon hole solutions into mitigation strategies where it makes sense to do it to help out the end user community.

The Wrap

AISA National Conference 2017 was incredible for both members, sponsors and exhibitors.  If you are not an AISA member and you work in security, you should seriously consider it.

 

RSA Conference 2017 Wrap Up

San Francisco, yet again, hosted another fantastic RSA Conference event. This is the fourth I have been to and the first as an attendee. Putting aside the fan fare of post event parties, the number, volume, maturity and quality of security vendors all in one place is staggering.

Some things are very clear from RSA2017 – the volume of threats are not going down, threat intelligence is gaining far greater momentum and traditional blacklist technology is making way for more dynamic defence mechanisms.  And there a lot to choose from depending on need.

We had the opportunity to catch up with many of our vendors while in San Francisco and we would like to thank the folks at OPSWAT, Cybonet, Ninja, Flexera and Palamida (now Flexera), Cososys, Thycotic, and Picus Security for the time they took out of their busy schedules to go over new innovations, direction, and strategies for shared growth. Covering endpoint protection, DLP and device control, privileged account management, air gap networks, content disarm and reconstruct technology, network defence effectiveness, remote monitoring and management and so much more, was a challenge but we got through it with new insights and clear directions. For quick overviews checkout our solutions page.

Keep your eye on all of the above as there is some exciting stuff coming through this year for each of these vendors and new products launching to address market need.  As a starter keep your eyes open for Cybowall, The new Opswat Kiosk, Ninja’s newest integrations, Flexera’s SVM and Thycotic Privileged Behavioural Analytics.

What is most impressive, is the overwhelming desire from all fronts to address the needs of respective markets. The breadth, depth and direction of our vendors’ solutions is more than commendable. 2017 is shaping up to be a very busy year.

As always, understand your position, understand the threatscape, analyse what’s normal and what’s not, assess your need for adjustments, make a decision, execute, test effectiveness and start again. And don’t forget to educate!

emt Distribution signs local OPSWAT representation

emt Distribution are pleased to announce that we have significantly deepened our channel relationship with OPSWAT Inc, the leading provider of cyber security tools that keep critical infrastructure, government, and enterprise customers safe from malware. Our relationship with OPSWAT hails back to 2010 when we bundled Metadefender with integrated with sandboxing solutions to add AV metadata for dynamic malware analysis.

Our partners and their customers will benefit from dedicated local channel management, product support, pre-sales and marketing resources. Product training and partner certification will be provided by emt Academy while emt’s MarketMagnitude Briefings will educate our partners on the business case for OPSWAT.

Metadefender’s optimized multiple anti malware engines offer IT professionals and software engineers a way to enhance security though multi-scanning, data sanitisation, and vulnerability detection technology. Because of the flexibility of its APIs, Metadefender can be easily deployed in enterprise, telecommunication and government networks and at the same time provide diverse packaging options.

This multi-scanning anti malware technology is intended to protect an organisation from risks associated with infected files entering either through media present on peripheral devices such as USB drives and CDs/DVDs, email or web proxies.

Metadefender AV engine packages include up to 30 engines with vendors such as, AVG, Kaspersky, McAfee, Symantec, and others.