Representative offices: 

Request callback
btn

iIT Distribution is an official distributor of Holm Security!

News

iIT Distribution has signed a partnership agreement with the leading global provider of vulnerability management solutions – Holm Security.


With the cost of cybercrime on the rise, it is estimated that the annual cost to companies worldwide will reach $10.5 trillion by 2025. To address this, it is critical that companies have the tools to effectively manage risks and vulnerabilities across the complete business system infrastructure.

The Holm Security is a Swedish developer of automated vulnerability detection solutions. The company quickly gained recognition for its advanced vulnerability scanning solutions and has become known internationally.

Holm Security Vulnerability Management Platform is a next-generation solution that proactively protects against cyberattacks, ensures uninterrupted system operation, and ultimately contributes to business continuity.

The platform covers both technical and human resources, automatically performs scanning, and generates reports on the organization's networks, cloud, APIs systems and web applications . It also offers users, often considered the weakest link in the IT environment, training to counter phishing and increase awareness.


Learn more about Holm Security Vulnerability Management Platform


The vulnerability management platform enables organizations to assess the security of their entire IT infrastructure. Thanks to automatic and continuous scanning, it provides a comprehensive solution for detecting, assessing, prioritizing, and effectively mitigating vulnerabilities. Assets can be organized into separate dynamic lists for ongoing monitoring of existing systems. Information on threats and automated prioritization allows organizations to understand where to focus their security efforts.


The collaboration with iIT Distribution makes the vulnerability management platform from Holm Security available in Ukraine, Kazakhstan, Uzbekistan, Georgia, Azerbaijan, Kyrgyzstan, Moldova, Tajikistan and Armenia.

iIT Distribution has extensive experience working with corporate clients and system integrators across Ukraine and offers a full range of services—from sales and setup to technical support and user training.

Check the effectiveness of Holm Security solutions for yourself. Send a request to receive demo versions of solutions and order product testing through the feedback form on the website or contact us directly!

Back

iIT Distribution — срібний партнер IX CIO&CISO Forum!

News

Вже 21 березня (завтра) у Києві відбудеться дев’ятий CIO&CISO Forum, організований VlasConferencе.

Компанія iIT Distribution також візьме участь в заході у якості срібного партнера. Керівник українського офісу iIT Distribution виступить з доповіддю на тему: "Моніторинг появи корпоративних даних в DarkNet: необхідність рішень Ceber Threat Intelligence", де поділиться інсайтами щодо виявлення скомпрометованої інформації, особливо в контексті цифровізації та зростаючих загроз з дарквебу.

Зловмисники використовують анонімність для продажу або обміну викрадених даних, що ставить під загрозу не тільки фінансову стабільність компаній, але й приватність особистої інформації клієнтів та співробітників. Це породжує необхідність у постійному моніторингу та аналізі активності в DarkNet для раннього виявлення та зупинення потенційних загроз.

Приєднуйтеся, буде цікаво!

Про форум:

CIO&CISO Forum це щорічна подія, від організатора VlasConference, яка збирає під одним дахом керівників IT та інформаційної безпеки з різних галузей. Форум створений для обміну знаннями, досвідом, найкращими практиками, а також для обговорення актуальних викликів та тенденцій у сфері цифрової трансформації, кіберзахисту та управління інформаційними ресурсами.

Реєстрація для участі by the link

Back

Results of the event "Ecosystem of Excellence: From security innovations to sales success"

Release

On 7 March, the iIT Distribution team organised a partner event at theParkovyConvention and Exhibition Centre. The event discussed the cyber challenges faced by Ukrainian companies and covered a wide range of opportunities to meet the needs of customers in protecting information assets with the help of unique tools and services from leading vendors.


The meeting started with an introduction from Sergii Kulyk, Head of the Ukrainian office at iIT Distribution. Sergii spoke about the conditions of modern cyberspace and which risk areas pose the greatest threat to the security of data and infrastructure of organisations.

Specially invited guests, Yegor Aushev, CEO of Cyber Unit Technologies and Rostyslav Kondryk, COO of Cyber Unit Technologies, presented the first Ukrainian cyber range Unit Range. During their presentation, the speakers detailed the capabilities of the Unit Range platform for training specialists and developing cyber resilience, emphasising the importance of practical skills in countering cyber threats.

According to World Economic Forumstatistics, 95% of cyber incidents are caused by human error. Therefore, cybersecurity training, skills assessment and practice is one of the biggest needs of Ukrainian companies.

Next, Oleksiy Markuts,Crowdstrike Lead at iIT Distribution – presented "CrowdStrike: How to beat the competition", where he described CrowdStrike 's technological leadership, the wide range of features of the CrowdStrike Falconplatform, experience in implementing solutions and CrowdStrike's capabilities to meet the needs of customers in Ukraine.

The next presentation was dedicated to the SIEM by LogRhythm. Speaker Dmytro Dolynnyi revealed the importance of adapting to the changing cybersecurity environment and how modern SIEM technologies can help identify, analyse, and respond to cyber threats more effectively than ever. Particular attention was paid to the potential of LogRhythm to increase the level of protection of organisations, optimise threat detection processes and ensure compliance with regulatory requirements.

The presentation by Andriy Levchenko, , Fastly Presale at iIT Distribution revealed the potential of Fastly, a new player in the Ukrainian WAF market. The main topic of the report was the discussion of Fastly in the context of its innovative approaches to ensuring security in the digital space and the identification of potential customers for this technology.

In the next block, Dmytro Dolynnyi enlightened the participants on the importance of monitoring the darknet using the SOCRadar platform. The attendees had a unique opportunity to see what confidential corporate data of large Ukrainian companies have fallen into the hands of attackers and could potentially be used against them. The speaker emphasised the critical role that SOCRadar plays in detecting and preventing such information leaks, thanks to its powerful cyber threat intelligence tools.

The event concluded with a panel discussion with the CISO of a large Ukrainian company. The discussion focused on the cybersecurity challenges facing businesses today. Attendees of the event had the opportunity to ask questions to the panelist and get important answers that will be useful for further work and establishing communication with customers.

After the official part of the event, the participants enjoyed a delicious dinner and fruitful networking. The guests of the event received positive impressions of the event, emphasising the high level of organisation, the relevance of the topics and the value for industry professionals.

Thank you to everyone who was with us and shared these unforgettable moments!

iIT Distribution is a distribution company that specialises in the supply and implementation of comprehensive and flexible solutions from the world's best vendors. Our experts will conduct a preliminary examination of the project and assess the availability of conditions for its implementation at the enterprise.

Back

CrowdStrike 2024 report: analysing global cyber threats and defence strategies

News

The CrowdStrike 2024 Global Threats Report details the key threats and trends shaping the threat landscape in 2023, the attackers driving this activity, and offers defence strategies your organisation can use to strengthen security in the year ahead.

The tenth CrowdStrike report explores how attacker behaviour is increasing the risk to the security of organisations' data and infrastructure.
Thanks to this report, organisations are becoming more aware and prepared to effectively confront new threats.

How speed and stealth increase the chances of successful cyberattacks

Attackers are operating with exceptional stealth and launching attacks in minutes.

Over the past year, CrowdStrike's Counter Adversary Operations (CAO) division has observed eCrime groups, state threat actors and hacktivists working to maximise the speed, stealth, and impact of their attacks.

The average eCrime breach time was just 62 minutes in 2023, up from 84 minutes the previous year. The fastest breach time was just 2 minutes and 7 seconds.

Personal data is increasingly being targeted

Behind most of today's attacks is a person. Interactive intrusions increased by 60% in 2023. Additionally, 75% of attacks were used to gain initial access and did not contain malware. Attackers are using more effective techniques such as credential phishing, password spraying, and social engineering. Attackers can log in with credentials with stolen identities. This is now one of the fastest and most common ways to gain access.

The stolen identity market continues to grow. In 2023 alone, the number of adverts from brokers has increased by 20% selling valid credentials.

Cloud environments are under threat

As organisations continue to move operations to cloud environments, attackers are rapidly improving their skills and exploiting weaknesses in defences. A 75% increase in intrusions into cloud environments has been recorded. Attackers are using identities to gain access.

This all goes to show that identities are the most vulnerable factor in the security of organisations.Therefore, protecting them becomes even more important.

In 2023, CAO started tracking 34 new entities, increasing the total number to over 230. To stop breaches, you need to understand the motivation and methods that attackers use to target organisations.

Below are the trends and conclusions we examine in this year's report:

  • Relationships with third parties. Attackers have consistently worked to exploit vendor-client relationships. By gaining access to vendors' IT services, they compromised the software supply chain and used it to distribute malicious tools.
  • The use of generative artificial intelligence will grow. In 2023, we saw states and hacktivists experimenting with generative AI to democratise attacks and lower the barrier to more sophisticated operations. Generative AI will likely continue to be used in cyberattacks in 2024, as its popularity only continues to grow.
  • Global election disruption.There are more than 40 democratic elections scheduled for 2024. Therefore, state and eCrime attackers will have numerous opportunities to interfere with the electoral process or influence voter opinion. States such as China, Russia, and Iran will likely conduct disinformation and sowing discord operations amid geoconflicts.

Don't miss the opportunity to strengthen your organisation's defences against advanced cyber threats. Downloadthe CrowdStrike 2024 Global Threat Reportnow for a detailed analysis of the threat landscape.

iIT Distribution is a leading cyber security expert and official distributor of CrowdStrike's advanced solutions. We offer comprehensive support to organisations in strengthening IT security and optimising their infrastructure. Our approach covers not only the provision of the necessary software and hardware but also includes comprehensive integration and support services to ensure that cyber defence solutions are implemented effectively.

Back

iIT Distribution is the official distributor of Niagara Networks

Release

The iIT Distribution team is proud to announce the signing of a distribution agreement with Niagara Networks, a leading company in the field of network solutions.


Niagara Networks specializes in the development of high-quality network solutions that provide reliable control and management of network traffic. Their products, which have already made a mark on the global market, include advanced traffic management technologies for optimizing and securing corporate networks.

The vendor focuses on creating out-of-band networks for copying, filtering, and delivering traffic copies to monitoring and security systems.


Niagara Networks' key advantage is transforming standard visibility into an enhanced level of visibility and security. This allows NetOps and SecOps teams to seamlessly manage security, performance, monitoring, and other critically important network services, as well as administer a multitude of security tools and platforms. This, in turn, helps reduce operational costs and downtime while simultaneously providing flexibility and scalability of services.

Niagara Networks' solutions are characterized by high reliability, flexibility, and ease of integration with an enterprise's existing IT infrastructure, making them indispensable for effective network management.

They provide all the components for an advanced level of visibility at data transmission speeds up to 100 Gbps, which is ideal for all types of networks, including 5G, traffic splitters, bypass elements, packet brokers, and a unified management layer.

Additionally, Niagara Networks actively collaborates with leading global technology companies to ensure a high level of transparency and security of network systems. The iITD portfolio includes several solutions that are optimally combined with Niagara products, including protection systems and balancers from A10 Networks and NDR solutions from Gatewatcher.


To learn more about Niagara Networks' solutions and to request a trial, you can follow by the link.


iIT Distribution will distribute Niagara Networks' solutions in the territories of Ukraine, Kazakhstan, Uzbekistan, Georgia, Poland, Lithuania, Latvia, Azerbaijan, Estonia, Kyrgyzstan, Moldova, Tajikistan, and Armenia.

Back

Hacking of Microsoft by Russian hackers and its significance in the field of cybersecurity

Release

After a Russian-aligned hacker group gained access to the email accounts of Microsoft's top executives, CrowdStrike CEO George Kurtz said in a TV interview that the expose contained "scant" details that did not explain what really happened.


Chief Executive Officer of CrowdStrike George Kurtz, criticized Microsoft for providing "scant" details about the hack that affected senior Microsoft executives and suggested that the disclosure did not provide a meaningful explanation of how the incident occurred.

Kurtz, whose company is Microsoft's main competitor in many segments of the cybersecurity market, made the comments on Monday during an interview on CNBC.

To watch the full version of the interview, please follow by the link

On Friday, January 19, Microsoft reported that a Russian-linked threat actor had stolen emails from members of its senior management team, as well as employees of its cybersecurity and legal departments. The details of this incident are covered by CRN with a comment from the CEO of CrowdStrike.

The tech giant attributed the attack to a group it tracks as Midnight Blizzard, and previously tracked as Nobelium, and which Microsoft holds responsible for the large-scale SolarWinds hack in 2020..

The names of the Microsoft executives whose accounts were affected were not disclosed.

In its announcement on Friday, Microsoft said the incident began with a password spray attack in late November 2023 that compromised "an account of an outdated, non-production test tenant.".

In an interview with CNBC, Kurtz emphasized that this explanation for the Microsoft hack is not entirely true.

“I’m confused, because what Microsoft talks about is [that] it was a non-production test environment. So how does a non-production test environment lead to the compromise of the most senior officials in Microsoft [and] their emails?” he said. “I think there's a lot more that's going to come out on this.”

In his criticism, Kurtz also referred to the timing of the Microsoft disclosure, which was released on Friday after the stock market closed for the weekend.

In addition to the blog post, Microsoft discussed the incident in a filing with the U.S. Securities and Exchange Commission on Friday, as part of its compliance with recently introduced cyberattack disclosure rules for public companies.

“When you drop this on a Friday at five o'clock, and you have scant details, I think there's more to come on it,” Kurtz said during the CNBC interview.

Microsoft declined to comment further to CRN on Tuesday.

In its announcement on Friday, Microsoft said that the attackers used permissions from the initially compromised account to "access a very small percentage of Microsoft's corporate email accounts, including those of members of our senior management team and employees from cybersecurity, legal and other functions, and stole some emails and attached documents."The hack also affected accounts belonging to the company's cybersecurity and legal staff, as well as "other functions," Microsoft said.

Microsoft said that its security team learned about the compromise after it detected "an attack by a state actor on our corporate systems" on January 12, 2024.

Secure Future Initiative

In its post, Microsoft also made two references to its Secure Future Initiative, a set of major changes announced in early November 2023 aimed at improving Microsoft's security, as well as the security of its widely used platforms.

"As part of our ongoing commitment to transparency, recently affirmed in our Secure Future Initiative (SFI), we are sharing the latest news," Microsoft said in a statement on Friday.

During an interview with CNBC on Monday, Kurtz questioned the emphasis on this initiative that Microsoft placed on its disclosure.

“When you look at some of the things that Microsoft talks about [in the disclosure], it's secure initiatives and it's marketing around this,” he said. “If they spent some more time on coming clean on what happened here and less on the marketing and papering over it, I think it would be good for the industry.”

A series of hacker attacks

The incident followed last year's high-profile hacking of Microsoft cloud email accounts belonging to several US government agencies.

The attack, discovered in June 2023, is believed to have affected the emails of Commerce Secretary Gina Raimondo, as well as US Ambassador to China Nicholas Burns and officials at the Department of Commerce. According to reports, a total of 60,000 emails were stolen from 10 US State Department accounts in the China-related compromise.

A frequent critic of Microsoft's security, Kurtz told CRN in an interview in 2023 that the cloud email hack was an example of how Microsoft's security "failures" had jeopardized the US government and businesses.

Ultimately, Microsoft's security problems "put millions and millions - tens of millions - of customers at risk," he told CRN earlier.

Kurtz, who is also the co-founder of CrowdStrike, echoed these comments in an interview with CNBC on Monday. "I think what you're seeing here is a systemic failure at Microsoft that is putting not only their customers at risk, but also the U.S. government, which is a big customer," he said.

The Microsoft paradox in the context of cybersecurity

Microsoft has always been a popular target for attackers. When you have the world's dominant operating system and a significant market share in email platforms, productivity software, cloud services, and applications, attackers will try to find weaknesses that can be exploited.

The situation is complicated by the fact that Microsoft is not only a software and operating system provider, but also one of the leaders in the cybersecurity market. They offer tools and services to protect against cyberattacks, often targeting vulnerabilities in their own products.

In the digital world, where the number of threats is constantly growing and attackers are finding new methods to achieve their goals, it is important to stay one step ahead of the attackers and ensure your infrastructure has reliable solutions to protect against cyber incidents.

The iIT Distribution portfolio includes solutions from industry-recognized vendors. Our partners, clients, and organizations of any size can request a trial version of any vendor's solutions through the feedback form on our website. Stay safe and secure!

Back

CrowdStrike's undisputed leadership and Gartner recognition

News

CrowdStrike is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.


If a picture is worth a thousand words, then the Gartner® Magic Quadrant 2023 for Endpoint Security Platforms speaks for itself.

Today, we are proud to announce that CrowdStrike has been named a Leader in the Gartner® Magic Quadrant™ for Endpoint Security Platforms in 2023. The company was ranked first in the Completeness of Vision category and first in the Ability to Execute category among the 16 vendors that participated in the study.

The AI-powered Extended Detection and Response platform (XDR) CrowdStrike Falcon , is the most powerful, effective, and innovative cybersecurity platform on the market today. And the only platform that delivers the best security on the market for endpoints and beyond, for organizations of all sizes.


Defining the Future of AI Cybersecurity

This is the fourth time in a row that Gartner has ranked CrowdStrike highest in the Completeness of Vision category, which we believe positions the company as a trusted innovation partner in the endpoint security space.

Since CrowdStrike's founding, the company has been leveraging the power of artificial intelligence to innovate detection and optimize analysts' work. CrowdStrike pioneered the endpoint threat detection and response market by developing an AI-powered platform designed to centrally analyze trillions of events every day and enrich that information with world-class analytics to identify hostile activity patterns and stop cyberattacks. Since then, the company has continued to innovate in endpoint security and is a leader in AI, as evidenced by the recent announcements of CrowdStrike Charlotte AI, AI-powered indicators of attack (IOA) for advanced behavioral analysis, and continuous improvement of its advanced AI-based detection engine.

These AI innovations help organizations more quickly detect, respond to and prevent threats. The AI-native platform, with a single lightweight agent, empowers customers to simplify their operations and consolidate disjointed point products to achieve a unified defense against increasingly sophisticated attacks targeting endpoints, identities, cloud workloads and more.

Cybersecurity consolidation has been a key focus for organizations seeking to improve security outcomes, reduce technology sprawl, and minimize cost and complexity. Customers are consolidating with CrowdStrike because the Falcon platform makes it easy to expand protections beyond the endpoint to defend cloud, identity and data using the same lightweight agent and command console.

And while adoption of our XDR solution has soared, we’ve doubled down on R&D. The recently announced Raptor release of the Falcon platform introduces more innovative XDR capabilities that radically transform the speed and efficiency of investigations with generative AI and a completely reimagined analyst experience.

Cybersecurity Built for Every Organization

Gartner positioned CrowdStrike highest in Ability to Execute, which we believe acknowledges our trusted combination of a unified, innovative platform and professional services to protect organizations of all sizes.

Our cloud-based endpoint security solutions have been designed to protect a wide range of organizations. CrowdStrike is trusted by the world's leading enterprises and government agencies, and we recently made it easier for small and medium-sized businesses (SMBs) to take advantage of our market-leading cybersecurity. CrowdStrike Falcon® Go offers award-winning AI-powered cybersecurity to protect SMBs from ransomware, data breaches, and other threats. With just a few clicks, users of all skill levels can quickly and easily deploy CrowdStrike endpoint security.

For organizations that require additional support, CrowdStrike offers round-the-clock expert management, monitoring, proactive threat detection, and comprehensive remediation. In May, Gartner ranked CrowdStrike as the #1 company in the "Market Share: Managed Security Services, Worldwide, 2022" for Managed Detection and Response (MDR) market share for the second year in a row. We believe that this, along with recognition in the Gartner® Magic Quadrant™ for Endpoint Security Platforms 2023, validates CrowdStrike's ability to deliver innovative and powerful endpoint security solutions for every organization.


Learn more about the components of the CrowdStrike solution and evaluate their effectiveness in person.


The iIT Distribution – is the official distributor of CrowdStrike solutions. We help organizations ensure comprehensive protection and increase the efficiency of their IT infrastructures. Our approach provides customers with the necessary software, hardware, implementation and support services.

Back

iIT Distribution is the official distributor of Fastly!

Release

iIT Distribution is pleased to announce the signing of an agreement with Fastly, a prominent American technology company specializing in cloud computing and internet content delivery.


IT Distribution has partnered with Fastly, a leading provider of cloud computing and internet content delivery. This collaboration broadens IT Distribution's portfolio for enterprises seeking to supplement their public cloud capabilities with a high-performance and secure edge computing platform.


Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver the fastest online experiences possible, while improving site performance, enhancing security, and empowering innovation at global scale. With world-class support that achieves 95%+ average annual customer satisfaction ratings, Fastly’s beloved suite of edge compute, delivery, security and observability offerings has been recognized as a leader by industry analysts such as IDC and Gartner. Compared to legacy providers, Fastly’s powerful and modern network architecture is one of the fastest on the planet, empowering developers to deliver secure websites and apps at global scale with rapid time-to-market and industry-leading cost savings. Thousands of the world’s most prominent organizations trust Fastly to help them upgrade the internet experience, including Reddit, Pinterest, Stripe, Neiman Marcus, The New York Times, Epic Games, and GitHub.


Learn more about Fastly


According to the Forrester Wave™: Edge Development Platforms, Q4 2023 report: “Fastly delivers on its vision for a locationless internet with innovative compute.” The Forrester evaluation notes that the “Fastly edge development platform, built on a WASM (WebAssembly), focuses primarily on delivering performant, personalized experiences on the web but it is also more than suitable for general purpose use cases. To that end, developers building and deploying applications with Fastly gain the benefit of a fast, programmable CDN with robust security and an excellent developer experience. Fastly couples this with a generous, egress-free billing model that makes the platform a better choice than public cloud FaaS platformsfor use cases where data might need to move around such as with AI use cases and IOT.” Forrester also states that “Fastly is an excellent fit for enterprises seeking to extend their capabilities from the public cloud with a highly performant and secure edge compute platform.”


Cooperation with iIT Distribution makes Fastly 's advanced EDGE computing and content delivery solutions available in Ukraine, Kazakhstan, Uzbekistan, Georgia, Azerbaijan, Kyrgyzstan, Moldova, Tajikistan, and Armenia.


iIT Distribution forms its product portfolio in such a way that partners and customers can get the best solutions for their projects. Therefore, our specialists are ready to provide expert advice on the selection of Fastly solutions, taking into account the specific requirements, business objectives, and goals of the customer!

Back

Що нового пропонує NAKIVO Backup & Replication v10.11 Beta - iIT Distribution

WHAT'S NEW WITH NAKIVO BACKUP & REPLICATION V10.11 BETA
Release

NAKIVO introduces a transformational set of features aimed at maximizing data security and optimizing IT workflows. New features included in the beta version Backup & Replication v10.11will allow companies to stay one step ahead and navigate the changing threat landscape with greater confidence.

In the beta version of NAKIVO Backup & Replication v10.11 introduces new features such as alerts and reports for IT monitoring, backup for Oracle RMAN on Linux, file system indexing, backup from HPE Alletra and HPE Primera snapshots, and a universal transporter.

Here is a detailed overview of the new features of the latest release of the NAKIVO Backup & Replication platform:


Alarms and Reporting for IT Monitoring

Set up custom alerts based on VMware host, VM and datastore metrics using alert templates. Alerts allow you to detect suspicious activities and receive timely notifications for proactive protection of your VMware infrastructure. Configure and view different types of reports on datastore capacity, VM and host performance, and infrastructure overview.


Backup for Oracle RMAN on Linux

Protect Oracle databases running on Linux operating systems. Automate Oracle RMAN backups by setting up backup jobs to run on demand or on a schedule. Instantly discover and restore the necessary database directly from existing backups. Streamline Oracle database protection with simplified RMAN administration.


File System Indexing

Enable file indexing for VMware and Hyper-V to create an іndeх of files and folders in the backups of virtual machines and simplify object recovery. Perform fast and accurate searches for specific files or folders based on criteria such as file name, file type, restore point date, and location.


Backup from HPE Alletra and HPE Primera 
Storage Snapshots

Back up your VMware VMs hosted on HPE Alletra and HPE Primera Storage devices directly from storage snapshots instead of regular VM snapshots. Reduce the time required to perform backup, replication or recovery tasks and minimize the impact on your production environment.


Better legal compliance and e-discovery

Back up In-Place Archive mailboxes, as well as mailboxes/items with Litigation or In-Place Hold enabled. Instantly recover items from these backups to meet regulatory compliance requirements and easily locate items to fulfill e-discovery requests. Ensure Exchange Online data stays available even during an outage and other disruptions


Universal Transporter

Use a single Universal Transporter to manage and protect diverse workloads located on the same host, including Hyper-V VMs, physical servers and Oracle databases, as well as tape devices. Manage the backup and replication processes of different types of workloads from one interface, reduce management overhead and save on licensing, infrastructure and maintenance costs.


Join the NAKIVO Backup & Replication v10.11 Beta Program

Try out the new features and capabilities of NAKIVO Backup & Replication v10.11 Beta and get a $30 Amazon eGift Cardby completing the beta program requirements by the link.

The offer is valid until December 30, 2023, so register today.


iIT Distribution is the official distributor of NAKIVO in Ukraine, Kazakhstan, Georgia, and Uzbekistan. We offer a variety of cybersecurity solutions to help companies comprehensively protect and improve the efficiency of their IT infrastructures. We work closely with our customers and partners to provide full support in the design and implementation of custom solutions.

Back

Securing Custom-Developed vs. Commercial Off-the-Shelf Software

News

Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to implementing strong application security is understanding the type of application you need to protect.

The two types of applications security teams must be familiar with are custom-developed softwareㅤand commercial off-the-shelf (COTS) software. In this blog, we explain the differences between custom-developed applications and COTS applications and how each type of application is secured.

What Is Custom-Developed Software?

The crucial difference between these two types of applications is who owns the source code — the set of computer instructions that accomplishes some task. Every application is built from source code, and that source code is created by software developers. Modern programming languages you’re likely to encounter in source code include Java, Python, .NET, Node.js and Go.

Custom software consists of proprietary source code, which is typically owned by the developer or company that created it. If you’re interfacing with proprietary source code, then you’re managing custom-developed software — software that is “built in-house” to fulfill a specific business requirement. Companies either sell their custom-developed applications or use them for internal business needs.

Here’s an example. Suppose you work in security at a company called Math Tutors. The company’s developers created the Python code shown below.

Customers have purchased version 1.0.0 of your software, and you’re responsible for ensuring the custom-developed Python code is secure.

One day, you realize your “sum” function leaks proprietary data when the user enters a non-integer. Your developers add error handling to the sum function to secure it. The updated source code is shown below.

After securing your custom-developed software, you release version 1.1.0 of your product. When customers purchase your software, it’s their responsibility to upgrade to the latest version, meaning they must now use version 1.1.0 to ensure they’re using the most secure version of your software.

How Are Custom-Developed Applications Secured?

Securing custom software begins before writing the first line of code. Once functional requirements are defined, architects lay out the initial design. The architecture should then go through a threat model where the likely attack vectors are analyzed. After the initial threat model is complete and design changes implemented, software development begins.

Most modern software teams use some form of Agile software development. With Agile development, the software is iterated over time and updates occur on a regular basis. The scope of work is decomposed into stories, which typically include small feature implementations (building a new capability) or bug fixes (fixing problems in existing code). Stories that are not actively being worked on are placed in the backlog. When the security team needs developers to fix a security issue, they create a story that lives in the backlog until the development team is able to resolve the problem.

With the shift left approach to security, vulnerable code detection begins during development through software composition analysis (SCA), static application security testing (SAST) and dynamic application security testing (DAST). These tools are effective at isolating unique instances of vulnerable code.

The most challenging aspect of securing custom software is finding the weaknesses that lurk in production. Common issues that plague application security include:

  • Unauthenticated APIs
  • Unknown sensitive data stores or data flows
  • Internet-facing microservices
  • Third-party communication

What makes this set of issues particularly challenging is they frequently deviate from the original design. This is why having visibility into what’s deployed in production is essential. When the true architecture is unknown, inferred or outdated, it’s difficult to detect and prioritize security weaknesses. This can lead teams to rely solely on security scanning tools, which tend to provide an overwhelming list of vulnerabilities.

The most effective solution to this problem is application security posture management (ASPM). ASPM provides specific remediation advice based on the real-time status of your software architecture. You not only receive a concise list of the highest priority security weaknesses, but you can also speak clearly to engineering teams about the business impact of vulnerabilities.

Figure 1. With its powerful ASPM capabilities, CrowdStrike Falcon® Cloud Security shows a list of all internet-facing microservices that access personally identifiable information (PII) data and contain critical vulnerabilitiesFigure 1. With its powerful ASPM capabilities, CrowdStrike Falcon® Cloud Security shows a list of all internet-facing microservices that access personally identifiable information (PII) data and contain critical vulnerabilities

CrowdStrike Falcon Cloud Security provides powerful ASPM capabilities as part of a single cloud-based application security platform (CNAPP) to fully protect your applications. To learn more about custom application security, please fill out the contact form on our website.

What Is Commercial Off-the-Shelf Software?

COTS software is built for commercial use and is readily available for purchase. If you pay for application access but can’t see the source code, you’re working with commercial-off-the-shelf software.

When the application is paid for on a recurring basis, you’re purchasing software as a service (SaaS). SaaS is a revenue model, but the terms COTS and SaaS are often used synonymously.

Now, think back to the Math Tutors example, but this time, imagine you work in security at a different company called Math Learners and you’re using the software that Math Tutors developed. From your perspective, the application is a COTS application. Rather than seeing source code, your view of the application will look like the screen shown below.

When version 1.1.0 of the application is released, your team at Math Learners is responsible for upgrading your systems to ensure the vulnerability is patched and they use the secure version. Even though you don’t notice a visible change, upgrading the version adds security fixes to the software.

Common examples of COTS applications that organizations purchase include Google Workspace, Microsoft Outlook and many others. Each of these applications is considered “custom-developed” by the organizations selling them.

How Are COTS Applications Secured?

Purchasing COTS software introduces several security responsibilities. The steps for initial setup and continuous monitoring are as follows:

  1. Perform a security review of the COTS vendor and application.
  2. Provision access to the necessary members of your organization.
  3. Continuously monitor:
    • Application programming interface (API) connections between internal custom developed applications and the COTS application
    • Individual access permissions and configuration
    • Data transmitted to (and from) the COTS application

From a security perspective, the first step to introducing new COTS software to an organization is to understand the risks. Vendors will not typically share source code, so customers must rely on a limited scope of information. You may consider asking for:

  • A recent penetration test
  • A software bill of materials (SBOM)
  • Documentation on a vendor’s software development lifecycle (SDLC)
  • Certifications such as SOC 2 or ISO
  • Customer references
  • Data access rights in the terms and conditions

Each of these items can give a deeper understanding of the COTS software security posture, but there will always be inherent risk when using another company’s software.

Once the software is approved, the next step is to grant access to the appropriate users. This may be done through role-based access control if entire departments will use the software, or discretionary access control if only certain users need the application.

With access granted, it’s vital to monitor COTS applications continuously. The first area to manage is software-to-software access. This type of access occurs via the APIs that software developers create.

A successful implementation of API management includes an inventory of all API calls to COTS applications. The API inventory should update as software developers create and remove APIs, and note all APIs transmitting sensitive data. ASPM tools automatically generate a comprehensive list of API calls to third-party applications.

Figure 2. A graphical representation of COTS APIs shown in Falcon Cloud SecurityFigure 2. A graphical representation of COTS APIs shown in Falcon Cloud Security

The second area to manage is user provisioning. Security teams must audit and update user access to COTS applications regularly. Additionally, security teams are responsible for managing the configuration of COTS applications. Both identity access management (IAM) and SaaS security posture management (SSPM) help ensure COTS configurations are correct.

The third area to manage is sensitive data transfer. Detecting and preventing unauthorized data egress requires a data protection solution. The data protection solution should combine content with context to provide deep real-time visibility into what is happening with your sensitive data, including data artifacts, as they move from the source to the destination, which could be COTS applications.

Consider the following scenario, for example:

  1. A sensitive file is downloaded.
  2. The contents are copied to a spreadsheet.
  3. Smaller chunks of the data are copied to another sheet and moved to a personal google drive.

Data protection solutions provide the complete flow, along with who performed the actions and where this data landed.

How CrowdStrike Helps Secure Custom and COTS Software

Both custom and COTS software face unique challenges, but transparency is important in both cases. With CrowdStrike Falcon, you can track your organization's use of COTS software and prevent data loss.

The CrowdStrike Falcon platform provides insights into both your custom developed applications and the use of third-party software. To learn more, request a demo.


iIT Distribution is the official distributor of CrowdStrike solutions. Our partners, clients, and organizations of all sizes can get access to highly effective CrowdStrike products by requesting a trial version on our website. Stay safe and secure!

Back

Mobile Marketing
+