The new era of transferring data.
Live webinar with Max Schrems.
System & Network Scanning
Find vulnerabilities in your entire infrastructure.
Web Application Scanning
Find vulnerabilities in your web apps and APIs.
Phishing & Awareness Training
Increase resilience against social engineering.
Efficient and secure in the cloud.
Installed in your infra with local storage.
System & Network Scanning
Systems, IoT, OT, SCADA etc.
Web App Scanning
All web apps and APIs.
Build your human firewall.
Sales Director India & SAARC
+91 8800-67 77 99
Hi! My name is Alok and I'm your local representative in India. Looking for a cyber security solution and vulnerability management? Let's talk!
Sales Director Southeast Asia
+60 19 434 2727
Hi! My name is Ahmad Faurani and I'm your local representative in Malaysia. Looking for a cyber security solution and vulnerability management? Let's talk!
Key Account Manager, Finland
+46 8-550 05 582
Hei! Nimeni on Cristian ja olen paikallinen edustajasi Suomessa. Etsitkö tietoturvaratkaisua ja haavoittuvuuksien hallintaa? Puhutaan!
Victor Bunge Meyer
Key Account Manager, Sverige
+46 08-550 05 582
Välkommen till Holm Security i Sverige! Jag heter Victor och är din lokala kontakt. Kontakta mig om du vill veta mera om vår platform för sårbarhetsanalyser.
Account Manager, Benelux
+31-20-238 63 94
Mijn naam is Beth Murrell en ik ben uw lokale vertegenwoordiger in Nederland, België en Luxemburg. Op zoek naar een cyberveiligheidsoplossing en kwetsbaarheidsbeheer? Laten we praten!
Key Account Manager, Norge
+46 8-550 05 582
Velkommen til Holm Security i Norge! Jeg heter Jens og er din lokale kontaktperson.Kontakt meg hvis du vil vite mer om vår plattform for sårbarhetsanalyser.
Country Manager Denmark
+45 31 12 10 05
Velkommen til Holm Security i Danmark! Mit navn er Ronnie og jeg er din lokale kontaktperson. Kontakt mig, hvis du vil vide mere om vores sårbarhedsanalyseplatform.
January 17, 2020
A new year, new vulnerabilities. From appliance hacking to password spraying - our security predictions on what we think will impact the cyber security landscape in the next year. Here are our cyber security predictions for 2020. Stay safe!
An often-recurring question I get asked is: “When do you think passwords will disappear?”. Whatever we do we will have to tolerate passwords and PIN codes for many years to come. Attackers benefit from this by finding more platforms and protocols to try and guess the correct username and password.
My prediction is that even more platforms and protocols will experience forced attempts regarding usernames and passwords along with an increase in attacks using, for instance, 2FA through MITM (man-in-the-middle)
We need to build our network and IT architecture in such a way that even if an attacker can get into an individual client computer, they are unable to escalate their rights or get further without this being promptly discovered and investigated. This demands a continuous Threat Hunting effort and good solutions for Endpoint Detection and Response (EDR).
It is important to have a baseline over how your environment looks i.e how network traffic flows and where, which software should be installed, etc., to make it more difficult to access business-critical information. It is then, therefore, easier to identify any conspicuous pattern - assuming that the attacker is already in your networks.
Last year we saw countless closed platforms, On-Premise, such as Citrix NetScaler, Pulse Secure, Fortigate (see blogpost in Swedish, external link: https://kryptera.se/attacker-mot-ssl-vpns/). Since the hardening of these platforms is often neglected and the data logging inadequate, it is consequently difficult to carry out forensic investigations and detect intrusions.
And as such, these units are usually in a central point where many are connecting or a lot of traffic pass-through occurs, making it a gold mine for attackers. In addition to reading and modifying traffic passing through the unit, there is also the opportunity to attack connecting clients. In this area, I also include Supply Chain Cyber Security, because everything that is connected and plugged into your systems should be checked, defined, or isolated.
Note that firmware/software updates can have both favorable and adverse effects on your environment in terms of security.
This prediction is probably just wishful thinking on my part. Specifically, that more organizations are getting better at sharing IOCs and infringement information. With enhanced transparency and systems that enable automatic and rapid sharing of threat information, such as MISP (external link: https://www.misp-project.org/index.html) or TheHive (external link: https://thehive-project.org/).
If you work in a specific industry, I will argue that it is very important that you share your threat information – within your particular industry.
It would be serious malpractice if I did not mention MITRE's ATT&CK framework that is constantly evolving and making it easier to share issues that are not purely technical IOCs such as Tactics, Techniques, and Procedures (TTPs). An additional thought for your organization is to investigate how ATT&CK can be used in your security products such as antivirus software.
A continually recurring problem is all the connected gadgets (Internet of Things) where new vulnerabilities are discovered daily. This will most likely not decrease any time soon as more things are become connected. And perhaps 2020 be the year when we will see more security products with Artificial Intelligence (AI)?
Vulnerability Management is a cornerstone in a modern cyber security defense.