PASSWORDLESS / FIDO2 / ZERO TRUST / PEN TESTS AS A SERVICE / MULTI-FACTOR AUTHENTICATION DEVICES (MFA) /

Posted by on | Featured | No Comments

We are witnessing on a daily basis countless traumatic experiences suffered by individuals in our inner circle; all of them clients of government departments, companies from various sectors, whose logical security measures have been violated, affecting their clients.

Among the sectors with the highest return on investment in hacking attempts are the banking and payment sector, telecommunications, cable operators and other service providers.

As a fact to highlight, it must be said that this does not happen only in Argentina, we have been consulted about attacks on the army/navy in neighboring countries and others not so close.

Unemployed labor and war in the world have brought with them a lot of side effects, one of them being the intense hacking effort, without going into further technical details.

Just a couple of weeks ago, a trusted person confided in me that his account balance disappeared from his bank at 2:00 AM.

 
It is possible to imagine the derivations of an event of this nature in the life of a person.

Identically, a global digital payments operator has suffered the same fate, even the ownership of the user’s account has been altered.

This information is sensitive, the brand cannot be disclosed, since it translates into negative marketing for the affected companies.

What is certain is that we are reached and the need for protection is increasingly evident… companies are responsible for the service they provide, and individuals should do their best to avoid being the target of fraudulent acts.

Where will the responsibility lie?

What can we do? What do we know how to do?

WHAT HAVE WE DONE AT SMARTLEDGE?

We know that this need requires experts, proven solutions and urgent and precise answers, we believe that we can provide answers aimed at:

  1. Agile detection of vulnerability in organizational networks.
  2. Centralized management of the access credential lifecycle.
  3. The provision of cryptographic devices for storage of digital credentials.
  4. Technical manpower consulting subject matter experts.
Diseño sin título (7)
Diseño sin título (8)
Diseño sin título (9)
Diseño sin título (11)
Previous
Next

Regarding point 1) we have been distinguished with the representation of the NODEZERO product of HORIZON3 (www.horizon3.ai), an American provider of Software solutions to manage Penetration Tests in organizations. Your innovative solution is fully operable from the cloud by authorized personnel. This state-of-the-art service is commercially available in PTAAS (“Penetration Tests As A Service”) modality, delivering *vulnerability reports and remediation steps* in fractions of an hour, for immediate remediation (avoiding weeks of waiting for a diagnostic precise, not to mention an exhaustive one).

Regarding point 2) we have been awarded with the representation of VERSASEC (https://versasec.com/), which has its innovative vSEC:CMS solution for issuing credentials and managing their life cycle in a security infrastructure. authentication. This solution is especially oriented to organizations that face the reality of having to manage multiple logical authentication methods such as PKI/FIDO/OTP by implementing Zero Trust policies.

As regards physical access, Versasec’s credential management solution (vSEC:CMS) allows you to manage the life cycle of downloadable physical access control credentials on RFID devices.

Regarding point 3) our ecosystem has referred us to YUBICO (www.yubico.com), a Swedish-American manufacturer of cryptographic hardware devices, which, in its family of authentication devices, provides tokens that comply with current regulations of PKI digital signature and compliance with NIST FIPS/CAC/PIV/OATH/FIDO2/FIDO U2F/webauth standards and others.

We consider it highly innovative to use these devices and their client software with “Zero Footprint” -no software is installed-, avoiding creating, remembering or even typing passwords, since the automatic generation, administration and use is supported by the inviolable device (“tamper- proof”), providing the convenience of operating without passwords (“passwordless”) with the security of its storage in an appropriate, inviolable medium, avoiding phishing.

Through these devices it is possible to authenticate on any platform that requires Multi-Factor Authentication (MFA) in any of the aforementioned standards, which is why they have been adopted by Amazon and many other customers around the world.

Finally, regarding point 4) identifying and imagining the resolution paths for the integration of said components as well as the remediation of vulnerabilities, requires having an extremely competent workforce, the most qualified that can make visible and viable with the greatest efficiency. and the best cost, the implementation tasks of these solutions, which are at the core of our clients’ security.

More information

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>