Author Archives: Elena Georgescu

Web Application Security – A Complete Guide

OCD or just very fond of structure, I must confess that I like pretty much everything around me to be in (a specific) order. Due to this habit, I got used to working mostly with web applications, since I don’t like to have many windows opened on my taskbar and I prefer moving swiftly between my browser’s tabs. Recently, though, I’ve started to wonder: what does this mean in terms of web application security? 

To answer that question, let us start from the beginning and clarify what is a web application in the first place. 

According to SearchSoftwareQuality

A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface. […] Web applications do not need to be downloaded since they are accessed through a network. Users can access a Web application through a web browser such as Google Chrome, Mozilla Firefox or Safari. For a web app to operate, it needs a Web server, application server, and a database. Web servers manage the requests that come from a client, while the application server completes the requested task. A database can be used to store any needed information.

web application security: the anatomy of a web application Among the benefits of web applications we list:

a. Easier installation and maintenance 

It’s much easier to install, upgrade or maintain a web-based application than a standalone desktop application. Web applications are upgraded in the host servers, and every user can access the updated version as soon as the deployment had finished, without needing to update the application on their PCs. 

b. No download hassles

From an end-user perspective, this is probably the greatest advantage – with web applications, you don’t have to download anything in order to use the service. A compatible browser with Internet access is usually all you need. 

c. Use of less storage space 

When using a web application, you don’t have to worry about how much space and memory it needs on your device. Moreover, they can be accessed from any place in the world where there is an active Internet connection. 

d. Accessible on various platforms  

It’s safe to say that nowadays mobility is a great asset and it sure helps a lot not to depend on a certain device in order to complete your tasks. Web applications can be used on any platform (desktop, laptop, phone, tablet), wherever you are. 

Web applications may be: 

a. Static web applications 

These are the most basic type of web application, created using HTML and CSS. If you need to make any serious changes to it, it’s highly certain that you need to contact the ones who planned and designed it. 

b. Dynamic web applications 

Dynamic web applications can include databases or forums and have the constant ability to update or change the available information. 

c. E-commerce applications

E-commerce apps are more complex than the other two mentioned before, since they need a way to collect electronic payment. 

d. Portal web applications 

Portal web applications include forums, chats, emails etc. and are characterized by many different sections or categories which are accessible by way of a home page. 

e. Animated web applications 

It’s mandatory for this kind of applications to use FLASH technology. Animated web applications do not work with SEO optimization or positioning, because search engines cannot read their information properly. 

f. Content management systems 

Content management systems offer interfaces that can be accessed and updated and are used for personal or corporate blogs, media sites and so on. 

If we want to talk about web application security, though, we must first specify that web applications are related to the supply chain topic, which we covered here. Unfortunately but not surprisingly, as third-parties in your business workflow, web applications can be attacked in various ways, from database manipulation to large-scale network disruption. 

According to DARKReading

Positive Technologies’ analysis unearthed some 70 different types of vulnerabilities in total in Web apps. Security configuration errors—such as default settings, common passwords, full path disclosure, and other information-leak errors—were present in four out of five apps, making this class of vulnerability the most common. Cross-site scripting errors were present in 77% of applications; 74% had authentication-related issues, and more than half (53%) had access control flaws. 

Here are the main web application security threats that you need to be aware of: 

web application security: risks / threats

1. Cross-Site Scripting ( XSS)

In a cross-site scripting attack, hackers inject client-side scripts into webpages to get direct access to important information, to impersonate the user or to trick the user into disclosing sensitive data. If a visitor loads the compromised page, his/her browser may execute the malicious code. This kind of attack is not really the most sophisticated, but it is the most common. 

2. Cross-site request forgery 

This type of attack is a serious web application security vulnerability, involving tricking a user into making a request utilizing their authentication or authorization. By leveraging account privileges, attackers are able to send false requests. The common targets for cross-site request forgeries are the highly privileged accounts, like administrator or executive, which results in the exfiltration, destruction or modification of important information. 

3. Denial-of-Service (DoS) & Distributed denial-of-service (DDoS) attacks 

During a DoS or DDoS attack, hackers try to overload a targeted server or its surrounding infrastructure. When the server is no longer able to effectively process incoming requests, it will start to behave in an irregular manner, denying service to incoming requests from legitimate users. 

4. Data breaches 

Data breaches may occur through malicious actions or by mistake, but the consequence is the same: sensitive or confidential information gets leaked. Depending on the company who is unfortunate enough to experience a data breach, millions of user accounts can get exposed. 

5. Buffer overflow

The term buffer refers to memory storage regions that temporarily hold data during its transfer from one location to another. A buffer overflow/overrun happens when the data volume is bigger than the storage capacity of the memory buffer, which results in adjacent memory locations being overwritten with data. By overwriting the memory of an application, the execution path of the program is changed, which triggers a response that compromises files or exposes sensitive information. Moreover, extra codes that send new instructions to the application may be introduced to get access to the IT systems. 

6. SQL Injection (SQi) 

Structured Query Language (SQL) represents a programming language typically used in relational databases or data stream management systems, being very effective in querying, manipulating, aggregating data and performing an impressive number of other functions. In a SQL Injection attack,  the malicious players exploit vulnerabilities in the way a database executes search queries. 

7. Memory corruption 

Memory corruptions refer to that process in which a location in memory is unintentionally modified, possibly leading into unexpected behaviour. Hackers will try to exploit this by attempting code injections or buffer overflow attacks. 

8. Path traversal

Path traversal attacks refer to the injection of “../” patterns in order to move up in the server directory hierarchy, for the purpose of accessing unauthorized files or directories outside the webroot folder. Successful path traversal attack might allow hackers access to user credentials, configuration files or even databases. 

All these sound pretty alarming, but, fortunately, there are many options you can choose when it comes to web application security and protecting your company by detecting, preventing and responding to attacks. 

Here’s how you can enhance your company’s web application security: 

web application security - advice / precautions

1. Classify Web Applications 

The first thing to do if you want to avoid paying the fiddler is a matter of common sense – you must know the number of web applications your company uses and how are they being used. You cannot build a security system if you don’t know exactly what you need to protect. First step? Make a web applications inventory and try classifying them: very critical, critical, serious, normal. 

2. Apply the Principle of Least Privilege

Access management can make or break web application security. Not all users will need the same set of rights and privileges, so make sure that you confine the higher privileges to only a few. Automated solutions can be of great help here. Our Thor AdminPrivilege™, will make your life a lot easier if you decide to proactively manage, monitor and control privileged account access. 

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

3.  Filter User Inputs

Input fields can be found in almost every web application. These sections, where users introduce data (text, images, file attachments), are often attacked in the attempt to corrupt or take over the web application, so make sure that your company uses filters

4. Use Application Monitoring 

By monitoring applications with the help of a web application firewall, you will be able to get some insights regarding what type of traffic flows in, what vulnerabilities are being blocked, what kind of inputs and responses the application is receiving etc. Both of our Thor Vigilance and Thor Premium include the firewall feature and can become your ally in your quest of implementing web application security. 

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

5. Perform Proper Testing 

Testing is a crucial aspect in cybersecurity. When it comes to the web applications your company uses, make sure your security experts perform penetration testing, in order to make sure that there are no logical flaws in the web applications you need to use. 

6. Update the Passwords Frequently 

This is another simple safety measure that every web application user can adopt. In order to stay safe is mandatory to use strong passwords that include special characters, numbers and letters. We wrote more about this topic here and here. In addition to strong passwords, a two-factor authentication method will make your accounts even more secure and will drastically reduce the cybercriminals’ chances to successfully attack your company. 

7. Properly Handle Sessions 

Web sessions consist of a series of HTTP requests and the responses of a user, in a certain period of time. Web application sessions are user-initiated and last till the end of the communication between two systems over a network. It’s important to properly handle these sessions if you want to avoid session hijackings, session sniffing, and cross-site scripting attacks.

8. Don’t Forget about Cookies 

Cookies are crucial for web application security, and yet they are often overlooked. They provide excellent cyber attacks targets since they contain valuable information which helps users to be remembered by the sites they visit. To avoid any nuisances, try not to use cookies to store sensitive information or consider encrypting it and don’t forget to always monitor and control the cookies’ expiry dates. 


As Dafydd Stuttard and Marcus Pinto say in their book, The Web Application Hacker’s Handbook

There is no doubt that web application security is a current and very newsworthy subject. For all concerned, the stakes are high: for businesses that derive increasing revenue from Internet commerce, for users who trust web applications with sensitive information, and for criminals who can make big money by stealing payment details or compromising bank accounts. 

Please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post Web Application Security – A Complete Guide appeared first on Heimdal Security Blog.

Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security

When it comes to privileged account management (PAM), you might want to know: 

– what is a privileged account? 

– does it have any connection to “privileged access management” (also PAM)? 

– how do privileged accounts benefit your company?

– how many /what types of privileged account are there? 

– how can privileged accounts compromise your security?

– what can you do to ensure the cybersecurity of your company? 

If so, you have come to the right place – we will answer all this and more in the following lines. 

First, let us clarify that we call privileged accounts those accounts that have the most power inside an IT department and are used by the team to set up the IT infrastructure, to install new software or hardware, to run critical services or to conduct maintenance operations. To put it simply, privileged accounts can access an organization’s highly classified IT assets and the sensitive information stored within them. 

privileged account management - concept

Source: Teiss

As the acronym suggests, privileged account management is related to privileged access management: privileged access management tools monitor privileged accounts in order to ensure business safety. We wrote more about this here. You can also get into this further by learning more about the Zero Trust model, Insider Threats, why removing admin rights closes critical vulnerabilities in your organization, the Principle of Least Privilege (PoLP), and Identity and Access Governance.

How does privileged account management benefit your company? In several ways:

– it helps you maintain a complete list of active privileged accounts in your network, updating it whenever new accounts are created. 

– privileged identities (e.g. passwords) are stored in secure vaults. 

– enforce strict IT policies regarding password complexity, frequency of password rest, automatic reset, etc. 

– securely shares privileged accounts, granting every user the minimal permissions to fulfill their tasks. 

– monitors and records all privileged users in real-time.

– audits all identity-related operations: user logins, password access attempts, reset actions, etc.   

How many / what types of privileged accounts are there? 

Well, overall, privileged accounts can install system hardware/software, make changes in IT infrastructure systems, log into all machines in an environment, access sensitive data, reset passwords for others. 

privileged account management - tasks

They can be:

1. Local Administrative Accounts 

Non-personal accounts, which provide administrative access only to the localhost or instance. Local admin accounts are used for maintenance on servers, network devices, databases, etc. and usually have the same password across the entire organization. Local Administrative Accounts are the first accounts created during system installation and some companies give their credentials to every employee, which makes them easy targets. Default Administrative accounts cannot be deleted or locked out, only renamed or disabled. 

2. Privileged User Accounts 

These are named credentials that have been granted administrative privileges on one or more systems. They have unique and complex passwords, yet they must be constantly monitored and secured since they have access to very sensitive privileged data. 

3. Domain Administrative Accounts 

They have access across all workstations and servers, offering complete control and the ability to modify every administrative account, which makes them the most sensitive target of a cyber attack in an organization.  The access and usage to domain administrative accounts should be granted only on-demand, with additional security controls and their activity should be fully monitored and audited. 

4. Emergency Accounts

Also known as “fire calls” or “break-glass” accounts, they describe the situation in which an unprivileged user gets administrative access to secure systems, in case of emergency. For obvious security reasons, they require managerial approval. Emergency accounts are also helpful when it comes to restricting compromised accounts from being continuously abused. 

5. Service Accounts 

Service accounts are privileged local or domain accounts used by applications or services to communicate with the operating system. Coordinating their password changes is difficult because they can interact with many Windows components – not to mention that changing their passwords hardly ever happens. Also, this kind of privileged account does not expire. 

6. Active Directory or Domain Service Accounts 

Active Directory Domain Services represent the core functions that allow sysadmins to organize data into a logical hierarchy. Changing passwords here is a complicated job since they require coordination across multiple systems – this operation breaks the application(s) almost every time until the account is synced across the environment. 

7. Application Accounts

These allow applications to access databases, run batch jobs or scripts, or to provide access to other applications. Usually, they have broad access, so the passwords for this type of accounts are embedded and stored in unencrypted text files, which poses a significant risk to any organization. By compromising Application accounts, hackers can gain remote access, modify system binaries, or even elevate standard accounts to privileged. 

How can privileged accounts compromise your security?

According to the Netwrix Blog, “privileged user accounts are dangerous because they are so powerful, and that power can be misused in several different ways.” Specifically, 

1. Unintentionally

Unauthorized modifications to critical data can happen without thinking at any time. Plus, files that store sensitive data can be shared without checking the legitimacy of the business need, getting you in serious trouble. 

2. Maliciously 

Privileged accounts do have legitimate access rights, so if they engage in malicious actions, these would be pretty difficult to spot – if someone even thinks to check at all. Malicious use of privileged accounts is a serious threat, since these users’ activity may not be closely monitored or they usually have the expertise to dodge controls and do maximum damage without leaving any trace. 

3. By attackers 

Cyber attackers use a variety of techniques to obtain the powerful credentials of privileged accounts. Phishing, brute force or coercion are the most familiar. As the Netwrix Blog writes, 

The legitimate owner or user of the account might not even realize the account has been hijacked until it’s too late. Attacks often unfold like this: A hacker breaches the perimeter, takes control of a user’s PC, silently steals any privileged credentials cached there, and then moves from machine to machine looking for additional privileged users to hijack. In fact, hackers often dwell in the network undetected for months, steadily elevating their privileges until they are powerful enough to steal the organization’s intelligence.

As with almost everything in life, precaution is the key. But where do we start when we need to avoid serious privileged account management problems? 

Here are 5 key aspects you must consider in order to avoid privileged account management issues: 

1. Do you know all the privileged accounts in your company?

More than 50% of data breaches involve the use of privileged account access. If you don’t have a clear view of all the privileged accounts in your company, there’s a high probability you’ll have to deal with such a breach. Moreover, your security team must be able to apply the right controls to new systems and applications. 

2. Can you properly secure privileged credentials? 

Privileged credentials should not be shared among IT admins and should not be visible to end-user admins. Passwords and secure shell (SSH) keys should be rotated, random and should expire regularly – you don’t want static passwords to offer cyberattackers root access to your systems and data. If you do not take care of this aspect and do not use the principle of least privilege and multifactor authentication, phishing or man-in-the-middle attacks (no, not winter) might be coming. 

3. Can you identify privileged account use irregularities?

You should be able to monitor privileged accounts for any unusual behaviours and log activity information for later reviews. This should help you draw up a baseline of normal behaviour, which will help you catch deviations and, if need be, trigger alerts. The faster you detect an unusual incident, the better. 

4. Can you take quick action when you find suspicious activity?

As we said, the faster you detect a privileged account management irregularity, the better. Try to make sure that you can automatically shut down a privileged session based on unusual activity. It is not recommended to this manually,  because this might leave the attacker enough time to provoke irreparable damage.  

5. Can you recover/restore data after an incident? 

It is crucial to recover and restore data quickly after a data breach or system failure. The same goes for credentials – recovering them after an attack allows you to maintain control. A PAM solution can help you with this. 

Bearing this in mind…

Here are some precautions you can take in order to avoid compromised privileged account management: 

privileged account management - advice

1. Provide training to all your employees 

All your employees should be able to recognize suspicious or unsecure behaviour. This aspect is particularly important nowadays, since phishing and social engineering attacks are getting more sophisticated and more and more personal devices are being used for business purpose. 

2. Be proactive

Make a habit of actively monitoring and routinely auditing any privileged user accounts with elevated permissions, de-credential user accounts that no longer require elevated permissions, set appropriate expiration dates in order to avoid accumulated privileges. 

It’s also useful to perform a data risk evaluation in order to know exactly what privileged accounts have access to sensitive data, because those accounts need higher security scrutiny and protocol. 

3. Always change default credentials 

It’s mandatory to change default credentials when you set up a new account, application or system. Default credentials like “admin” or “12345” are always a top priority for hackers because they are, obviously, totally easy to crack. 

4. Adopt least privilege policies 

Although some users sometimes need more rights and have more responsibilities than regular users, there are times when they’re over-privileged. It’s better to configure a standard user and then elevate their privileges when needed. 

5. Analyze behaviour 

Look for any anomaly regarding when, from where, and how privileged accounts are used. You will only notice the irregularities if you first establish what normal looks like. 

6. Consider automation 

Automated solutions, like our Thor AdminPrivilege™, will make your life a lot easier because they help you proactively manage, monitor and control privileged account access. A Privileged Access Management tool is vital for scalability and it’s not only about managing user rights, but also about the fast flow of software installs, about logs and audit trail, about achieving data protection compliance. 

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

7. Don’t forget to protect your endpoints

You need an endpoint protection solution in order to keep malicious code that might get into your system from running. Thor Foresight Enterprise can help you prevent exploits, ransomware and data leakage at DNS level and hunt, detect and respond to threats faster. 

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

You can also make sure that your company is protected against any dangerous emails your privileged users might receive with MailSentry Fraud Prevention, which notifies you about fraud attempts, business email compromise (BEC) and impersonation. 

Heimdal Official Logo

Email communications are the first entry point into an organization’s systems.


is the next-level mail protection system which secures all your
incoming and outgoing comunications
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters which protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise (BEC);
Try it for FREE today Offer valid only for companies.

8. Record sessions 

If an attacker manages to obtain access to your system, you must be able to determine to which purpose he used the credentials, if any data got exfiltrated, if malware was inserted into any of your servers, which databases were compromised.  Thor AdminPrivilege™ can also help you with this aspect. 

Wrapping Up…

As Security Intelligence says, “Privileged account management (PAM) is emerging as one of the hottest topics in cybersecurity — and it’s easy to understand why. Cybercriminals are relentless when it comes to finding and compromising their targets’ privileged credentials to gain unfettered access to critical assets.” You should have some peace of mind, though, if you adopt a proactive attitude and take safety measures. 

Also, please remember that Heimdal™ Security always has your back too and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security appeared first on Heimdal Security Blog.

Cloud Computing Threats: Beyond Vulnerabilities

When you hear the term cloud computing, know that it has little to do with the famous cloud number 9 some sing about – it is a key concept in the current and future evolution of technology. Like everything else, though, it has its strengths and downsides, so let us have a closer look at some of the most relevant cloud computing threats and vulnerabilities, not without first defining the notion. 

According to Edwards Zamora

Cloud computing consists of the set of systems and services working in unison to provide distributed, flexible, and measurable resources to consumers of cloud services. The National Institute of Standards and Technology (NIST) defines cloud computing as a model that consists of on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service (Mell & Grance, 2011). Essentially, cloud computing allows consumers to provision for themselves resources available from a cloud services provider. Consumers are able to access their cloud resources from a wide variety of devices including mobile, thin clients, and traditional desktops. […] Physical and virtual systems are combined to provide consumers with resources dynamically without the user needing to know the details of how it all works.

cloud computing threats and vulnerabilities - cloud computing concept 1

Source: Cloud Testing Methodology,  Edward Zamora  

As i-SCOOP notes: 

Cloud computing is also one of the essential enablers of Industry 4.0, has been shaping the software and business applications market for over a decade, has an important place in the development of the Internet of Things and is essential to manage data, including big data, to give just a few examples.

cloud computing threats and vulnerabilities - cloud computing metaphor


Cloud technology is also used for hosting popular services like e-mail, social media, business applications. The average person checks their phone 221 times per day to look at e-mails, browse the Internet or use smartphone applications. Besides, 82% of large enterprises are now using cloud computing and up to 78% of small businesses are expected to adopt cloud technology in the next few years. 

Depending on the delivery methods, the 4 main cloud delivery models are the following: 

Public Cloud – owned and operated by a third-party provider, can be used by everyone, so it’s publicly accessible. Examples: Microsoft Azure, Google. 

Private Cloud – a distinct cloud, whose main key trait is privacy, which can be used in several ways by a specific organization. 

Hybrid Cloud – a computing environment which combines a public cloud and a private one (or more) by allowing the exchange of data and applications between them. 

Community Cloud – a cloud used by a community of people with, possibly, shared or common profiles, for a common shared purpose. 

Depending on the types of services and resources a customer subscribes to, here are the 3 main cloud services available: 

Software as a Service (SaaS). The choice of most businesses, SaaS utilizes the Internet to deliver applications that are managed by a third-party vendor to the users. Many SaaS applications run directly through the web browser, meaning they do not require to be downloaded or installed. 

SaaS is the best option for: 

– short-term projects that require quick, easy and affordable collaboration. 

– startups or small companies that need to launch e-commerce quickly. 

– applications that need both web and mobile access. 

– applications that aren’t needed very often. 

Platform as a Service (PaaS). Cloud platform services deliver a platform that can be modified by developers to create customized applications. 

PaaS is particularly useful when:

– multiple developers are working on the same development project. 

– other vendors must be included, PaaS providing great speed and flexibility to the whole process. 

– you need to create customized applications. 

– you are rapidly developing and deploying an application, because it can reduce costs and simplify challenges. 

Infrastructure as a Service (IaaS). Cloud infrastructure services are made of highly scalable and automated compute resources. IaaS is self-service for accessing and monitoring computers, networking, storage and so on, allowing businesses to purchase resources on-demand. 

IaaS is most advantageous:

– for small companies or startups, to avoid spending time and money on purchasing and creating hardware and software. 

–  for larger companies, who want to purchase only what they actually consume / need. 

– for companies who experience rapid growth and want to change out easily specific hardware and software. 

cloud computing threats and vulnerabilities - cloud service models

Among the benefits of cloud computing we mention: 

A. Mobility

Cloud computing allows mobile access to your company’s data via various types of devices – smartphones, tablets, laptops, which is particularly useful in the context of the Coronavirus and work from home policy. 

B. Easy to scale server resources

Most cloud servers provide access to an intuitive site management dashboard where you can view your site’s performance in real-time. Server resources can be scaled up or down on the spot, without having to wait for your hosting provider’s approval.   

C. Safety from server hardware issues and loss prevention

By choosing a cloud service you make sure you avoid any physical server issue like hacking, hardware failure or system overload. We could also include here natural disasters or fires that could destroy your equipment. Most cloud-based services provide data recovery for all kinds of emergency scenarios, from natural disasters to power outages. 

D. Faster website speed and performance 

Usually, a cloud server should equal whipping speed, which will allow you to increase your site’s capacity, providing you with a great competitive edge. 

E. Automatic software updates 

Any busy man knows how irritating having to wait for system updates to be installed is. Instead of forcing an IT department to perform a manual, organisation-wide, update, cloud-based applications automatically refresh and update themselves.   

F. Sustainability 

If you aim to have a positive impact from an environmental point of view too, bear in mind that by choosing cloud computing you help cut down on paper waste,  improve energy efficiency and reduce commuter-related emissions.  

As I already mentioned, cloud computing can bring amazing benefits to companies, but it also has its downsides. If we want to discuss cloud computing threats and vulnerabilities, though, we must not forget the context of the times we live in. 

According to Gartner

The shortage of technical security staff, the rapid migration to cloud computing, regulatory compliance requirements and the unrelenting evolution of threats continue to be the most significant ongoing major security challenges. However, responding to COVID-19 remains the biggest challenge for most security organizations in 2020. 

“The pandemic, and its resulting changes to the business world, accelerated digitalization of business processes, endpoint mobility and the expansion of cloud computing in most organizations, revealing legacy thinking and technologies,” says Peter Firstbrook, VP Analyst, Gartner.

Here are the main cloud computing threats and vulnerabilities your company needs to be aware of:

1. Lack of Strategy and Architecture for Cloud Security 

Many companies become operational long before the security strategies and systems are in place to protect the infrastructure, in their haste to migrate to the cloud. 

2. Misconfiguration of Cloud Services 

Misconfiguration of cloud services is a growing cloud computing threat you must pay attention to. It is usually caused by keeping the default security and access management settings. If this happens, important data can be publicly exposed, manipulated or deleted. 

3. Visibility Loss 

Cloud services can be accessed through multiple devices, departments and geographic places. This kind of complexity might cause you to lose sight of who is using your cloud services and what they are accessing, uploading or downloading. 

4. Compliance Violation 

In most cases, compliance regulations require your company to know where your data is, who has access to it, how it is processed and protected. Even your cloud provider can be asked to hold certain compliance credentials. Thus, a careless transfer of your data to the cloud or moving to the wrong provider can bring potentially serious legal and financial repercussions. 

5. Contractual Breaches 

Any contractual partnerships you have or will develop will include some restrictions on how any shared data is used, how it is stored and who has authorized access to it. Unknowingly moving restricted data into a cloud service whose providers include the right to share any data uploaded into their infrastructure could create a breach of contract, which could lead to legal actions. 

6. Insecure Application User Interface (API) 

Operating systems in a cloud infrastructure is sometimes done through an API that helps to implement control. API’s are sets of programming codes that enable data transmission between one software product and another and contains the terms of this data exchange. 

Application Programming Interfaces (API) have two components: technical specification describing the data exchange options, in the form of a request for processing and data delivery protocols, and the software interface written to the specification that represents it. 

cloud computing threats and vulnerabilities - how does API works

Source: Medium 

Any API can be accessed internally by your staff and externally by consumers – the external-facing API can represent a cloud computing threat. Any insecure external API might become a gateway for unauthorized access to cybercriminals who might steal data and manipulate services. 

7. Insider Threats 

Your employees, contractors and business partners can, without having any malicious intent, become some of your biggest security risks due to a lack of training and negligence, as we have already shown. Moving to the cloud introduces a new layer of insider threat, from the cloud service provider’s employees. 

Since it is clear, although there are so many threats and vulnerabilities, that cloud computing could be really helpful to any company if used correctly and that it is here to stay, let us now mention some of the safety measures you can take. 

Here’s what you can do to efficiently combat cloud computing threats and vulnerabilities: 

1. Manage User Access

Not every employee needs access to every application, file or bit of information. By setting proper levels of authorization you make sure that everyone gets to view or manipulate only the data and the applications necessary for them to do their job. 

2. Deploy Multi-Factor Authentication 

Stolen credentials are one of the most common methods hackers use to get access to your company’s online data. Protect it by deploying multi-factor authentication and make sure that only authorized personnel can log in and access data. 

3. Detect Intruders with Automated Solutions that Monitor and Analyze User Activity 

Abnormal activities can indicate a breach in your system, so try using automated solutions that can help you spot irregularities by monitoring and analyzing user activities in real-time. This is a very efficient tool in the combat against cloud computing threats and vulnerabilities. 

4. Consider Cloud to Cloud Back-Up Solutions 

The chances of losing data because of your cloud provider’s mistake are pretty low – unlike losing them due to human error. Check with your cloud provider for how long they store deleted data, if there are any fees to restore it or turn to a cloud to cloud back-up solution. 

5. Provide Anti-Phishing Training for Employees 

The Heimdal™ Security team is very fond of education – we really believe that knowledge is power and that many things can be confronted if we know about them and try our best to prevent them. It goes without saying that we recommend you to discuss with all your employees about the dangers of phishing. (We actually wrote more about this herehere and here.)

6. Develop an Off-Boarding Process to Protect against Departing Employees 

Always make sure that the employees that leave your company can no longer access your systems, data or customer information by revoking all the access rights. You can manage this internally or outsource the task to someone who knows how to implement the process. 

Heimdal™ Security can also help. Here’s how! 

In our opinion, you can choose between 3 approaches – or opt for all of them if you want top cybersecurity for your company:

Manage user access with Thor AdminPrivilege™ , our Privileged Access Management (PAM) software which helps your organization achieve not just better cybersecurity, but also full compliance and higher productivity. Thor AdminPrivilege™ will allow your system admins to approve or deny user requests from anywhere or set up an automated flow from the centralized dashboard.  Moreover, all the activity will be logged for a full audit trail. 

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

Prevent any phishing attempt with MailSentry Fraud Prevention, our revolutionary communications protection system which alerts you to fraud attempts, business email compromise (BEC) and impersonation. MailSentry Fraud Prevention monitors all of your e-mails, can detect BEC, CEO frauds phishing attempts and Imposter Threats, offering you live monitoring and alerting 24/7 from a specialist fraud team. 

Heimdal Official Logo

Email communications are the first entry point into an organization’s systems.


is the next-level mail protection system which secures all your
incoming and outgoing comunications
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters which protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise (BEC);
Try it for FREE today Offer valid only for companies.

Enjoy the benefits of a complete endpoint security solution with Thor Premium Enterprise, our multi-layered security suite that brings together threat hunting, prevention, and mitigation, securing any device that connects to your cloud.

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

Whatever you choose, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post Cloud Computing Threats: Beyond Vulnerabilities appeared first on Heimdal Security Blog.

A Complete Guide to IoT Security for Your Business

We might feel that technology plays a big part in our lives, always with our eyes on our phones or turning on the TV immediately after we got home – maybe even consider, in a certain way, that electronic gadgets are part of our family, like Mildred from Fahrenheit 451, Bradbury’s famous dystopia. We must not forget, though, that although technology has had a huge contribution to the evolution of human civilization, our devices can also be seen as a source of possible threats, especially if they are connected to the Internet. This happens because Wi-Fi routers, Smart TVs, smart cameras, smart locks, smart lights, voice assistants, some medical devices or Internet-connected cars fall into the category of the so-called Internet of Things and can become the target of cybercriminals. 

The Internet of Things (IoT) describes the physical objects that are embedded with software, sensors and other technologies that allow them to connect and exchange data with other devices and systems over the Internet. 

The emergence of IoT has been fostered by a series of factors that include: 

Connectivity. Hosts of network protocols for the Internet easily connect sensors to the cloud and “things”, streamlining data transfer. 

Access to low-cost and low-power sensor technology. Nowadays, manufacturers use affordable and reliable sensors. 

Cloud platforms. Cloud platforms’ increase in availability enables both businesses and consumers to benefit from their advantages, without having to manage them. 

Machine learning and analytics. The advances in machine learning and analytics plus the vast amounts of data stored in the cloud allow companies to gather insights faster and more easily. 

Rise of conversational artificial intelligence (AI). IoT devices (like the digital personal assistants Alexa, Cortana and Siri)  can now benefit from natural-language processing due to advances in neural networks. 

IoT security for business concept image


As i-SCOOP shows, “In 2020 the number of IoT endpoints is forecasted to reach 5.8 billion endpoints, as mentioned a 21% increase from 2019. […] The fastest-growing segments in terms of IoT endpoints installed base: building automation, automotive and healthcare. The second-largest user of IoT endpoints is physical security, says Peter Middleton. Here building intruder detection and indoor surveillance use cases will drive volume.” Other industries use as well this kind of technology, so this growth tendency only underscores the importance of IoT security for business. 

IoT security for business - selected segments


The major benefits of IoT secure devices for your business are the following: 

They increase the productivity and efficiency of business operations. 

They create new business models and revenue streams

They easily connect the physical business world to the digital world, which saves time and creates value. 

The tricky part is, whether we use them as home consumers or in our workplace, that they are convenient – IoT devices allow us to turn lights on and off remotely, unlock the front door when we are not even in the building or get Alexa or Siri to check our calendar for us. As Peter Milley says, in his paper Privacy and the Internet of Things,

This convenience comes at a price. The unfortunate reality is the companies making these devices, although well steeped in the challenges of manufacturing physical products, are not as well versed in software development. […] Appliance makers create back-door access for support personnel or hard-coded passwords and encryption keys to simplify manufacturing and support with little regard for security. Furthermore, they rarely take into account the need for regular patch maintenance and rely too heavily on the end-user to make security changes to their products.

Here are some aspects that threaten IoT security for business: 

1. Identity and access management 

Identity and access management is usually associated with end-users, but it also extends to devices and applications that need network and resource access. What they have access to and the legitimacy of their request in the first place must always be verified, because devices left exposed in various locations can be easily attacked and used by cybercriminals to infiltrate into your organisation. 

2. Data Integrity 

Data is essential for IoT operations and it’s also critical that its integrity is wholesome. Take measures to assure that your data has not been manipulated, neither while at-rest, in-transit or in-use. Don’t forget about personal data either. This kind of information and any data generated by an IoT device must be protected through encryption, whether it’s in-transit or at-rest. 

3. The great number of devices 

Another aspect that threatens IoT security for business is the use of a great number of devices. To be precise, integrating new systems and devices provides more points of access for potential attackers, which raises the security stakes exponentially. 

4. The simplicity of the devices 

IoT devices are being more and more used in various sectors, and even the most simple devices (like a fish-tank thermometer in a casino who can gather tens of GB of personal data and expose it to hackers, for example)  can be potential gateways to private segments of a company’s network. 

5. The physical protection and disposal of connected devices 

Anyone with physical access to some products can extract the owner’s password from the plaintext, private keys and root passwords. As companies adopt and upgrade IoT, it’s also important to consider the aspect of protection during use and disposal of old or defective smart devices. 

6. Malware on an industrial scale 

Hackers are developing more and more dangerous forms of malware, so companies must not forget to ensure the security of the industrial control systems that are connected and depending on IoT devices. 

7. GDPR Compliance 

Innovation always has the possibility to open potential loopholes for data protection.  The fines levied for GDPR exposure show that the European Commission regulators are very serious when it comes to ensuring that personal data remains private. There are some new security laws on the horizon that promise to hold device manufacturers accountable for vulnerable entry points, yet companies need to take more responsibility for the imperfections within their own IT architecture. 

8. Inertia

Inertia is, in general, one of the greatest cybersecurity threats of today. Technology constantly evolves, hackers elaborate more and more strategies to get what they desire, yet so many companies still rely on security tools developed decades ago. 

IoT security for business - IoT characteristics

Up to this point, the safety systems of a Saudi Arabian oil refinery has been targeted by the Triton industrial malware. Vast amounts of personal data have been accidentally exposed at the British Airways, Marriott Hotels and various local authority organisations. A group of hackers got access to impressive amounts of a casino’s sensitive information by using an Internet-connected thermometer in an aquarium. Don’t let anything like this happen to your company! 

Here are a few tips for flawless IoT security for business: 

1. Pay special attention when you choose the IoT devices providers 

Make sure that you choose a well-known and reliable supplier, most likely one who will probably still be around for a long time. IoT devices require regular updates, especially when new security flaws appear, so you need a manufacturer that, over the years, provides patches and fixes any security bugs that may arise. 

2.  Invest in a network analysis tool  

Monitor activity and quickly identify potential security issues by investing in a network analysis tool. This way you will not risk missing instances of information being accessed without permission or at unexpected hours – both signs that can point to a breach of your company’s IT system through IoT device. 

3. Consider network management protocols a priority 

IoT devices’ manufacturers often include an in-built protocol that allows the monitoring of internal activity. This usually isn’t enough if you want top security, so it’s crucial for your business to choose IoT devices that support Simple Network Management Protocols (SNMP). SNMP is a worldwide standard for network management, which allows them to be monitored by intrusion detection and prevention systems. 

4. Consolidate your network’s security 

It’s crucial to have an up-to-date router, with a firewall enabled, because it can be the first point of attack. If the router is compromised, your entire network will be vulnerable. 

5. Make sure your IoT devices get patched up

Security updates are often released by responsible manufacturers, but you must also make sure that your IoT devices are patched regularly, with the latest updates. If you happen to stumble upon a device that doesn’t receive updates, it’s best to think whether the benefits of the device surpass the potential impact of a potential attack in your company’s case. 

6. Remove unsupported operating systems, applications and devices from the network  

Improve your business’s IoT security by conducting an inventory to check which operating system a device might be running. If a certain operating system is not getting patches anymore, it shouldn’t be connected to the network. 

7. Narrow down internal and external port communication on your firewalls

Companies should restrict outbound communication if that communication is not particularly necessary. As Ciber Security Services says, 

“ Ports 80 and 443, typically associated with the internet, are common services that are open from the corporate network. But 80/443 might not be required for other VLANs associated with specific device types. These two ports are known to pose significant network threats since they allow web surfing, are rarely monitored and offer an entry path into the network. It is very common for malicious hackers and identity thieves to use those ports to exfiltrate data, as they are often left open in most organizations. This could allow a backdoor into the organization. ”

8. Last but not least, change default passwords! 

This may seem commonsense, but you must ensure that the default passwords are changed for every IoT device on your network. The new passwords should also be changed over a period of time and stored in a password vault. 

Heimdal™ Security can also help. Here’s how! 

You can ensure your IoT devices’ security by choosing Forseti, an Intrusion Prevention System that can actively protect your network and is delivered as Saas. Forseti can shield your organization from DNS queries to unwanted domains by stopping communication between infected devices and malicious servers, which guarantees that every device used in the perimeter of your company’s network will pose no danger to your business. Here we include any (possibly compromised) personal device that your employees or visitors use to connect to your corporate network. 

Heimdal Official Logo

Increasingly, hackers target organizations at network or DNS traffic level.


  • Full DNS protection and full network logging.
  • Uses Machine Learning on device to infrastructure communication for a strong HIPS/HIDS and IOA/IOC add-on to your network.
  • An easy way to add network threat prevention, detection and blocking.
Try it for FREE today Offer valid only for companies.

Your organization’s protection can be also enhanced in the case of remote work with Thor Foresight Enterprise, our proactive DNS security solution deployed at the endpoint-level.

Wrapping up…

As i-SCOOP says, “despite challenges, different speeds and the fast evolutions which we will see until the first years of the next decade, the Internet of Things is here.” That, at the end of the day, the number of IoT security breaches is only going to grow is also a fact. Consequently, securing connected devices can no longer be treated as optional – it is mandatory. 

Please remember, though, that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture in the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post A Complete Guide to IoT Security for Your Business appeared first on Heimdal Security Blog.

What Is a Man-in-the-Middle Attack? How It Works and How to Stay Safe from It

While the nature of cyberattacks is constantly changing, and our lives become more and more influenced – if not affected – by global health problems, thus leaving our cybersecurity even more vulnerable, information remains the most powerful tool we have. When it comes to the cybersecurity of your business, the so-called man-in-the-middle attack is one of the threats you must be aware of. 

The three players involved in a man-in-the-middle attack are the victim, the entity with which he or she is trying to communicate and the man-in-the-middle, intercepting the victim’s communication. Essential to the success of this kind of attacks is that the victim isn’t aware of the man in the middle.

In other words, during a man-in-the-middle attack, a malicious player inserts him/herself into a conversation between two parties, impersonates both of them and gains access to the information that the two parties were trying to share. The malicious player intercepts, sends and receives data meant for someone else – or not meant to be sent at all, without either outside party knowing until it’s already too late. You might find the man-in-the-middle attack abbreviated in various ways: MITM, MitM, MiM or MIM. 

man-in-the-middle attack flow illustration

Image Source:

Public Wi-Fi networks are most likely to be used during a man-in-the-middle attack because they usually are less secure than private Internet connections. Criminals get in the middle by compromising the Internet router, by scanning for unpatched flaws or other vulnerabilities. The next step is to intercept and decrypt the victim’s transmitted data using various techniques – about which we will tell you more below. 

The most susceptible for a man-in-the-middle attack are the financial sites, other sites that require a login and any connection meant to be secured by a public or private key. 

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

A man-in-the-middle attack can come in many shapes, yet the most common are the following: 

1. IP spoofing 

The Internet Protocol Address (IP) refers to a numerical label which is assigned to each device that connects to a computer network that uses the Internet Protocol for communication. IP addresses have two main functions: host or network interface identification and location addressing. By spoofing an IT address, attackers make you think that you’re interacting with a website or someone you’re not, thus allowing the attacker access to the information you’d otherwise keep to yourself.  

2. HTTPS spoofing 

The HyperText Transfer Protocol (HTTP) represents the foundation of data communication for the World Wide Web, hypertext documents including hyperlinks to other resources that users can access. HTTPS means that a particular website is secure and can be trusted. Despite that, attackers can fool your browser into believing it’s visiting a trusted website when it’s not. 

3. DNS Spoofing

The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services or other connected to the Internet resources, which translates more readily memorized domain names to the numerical IP addresses needed for localization and identification. By DNS spoofing, an attacker’s goal is to divert traffic from a real website or capture user login credentials, trying to force you to access a fake one. 

4. SSL hijacking 

SSL stands for Secure Sockets Layers and is a type of protocol that establishes encrypted links between your browser and the webserver. A connection to a secure server (guaranteed by HTTPS) means that standard security protocols are in place, protecting whatever data you’re sharing to that server. When someone hijacks SSL, he/she uses another computer and another secure server to intercept all the information passing between the server and the user’s computer. 

5. E-mail hijacking

E-mail hijacking is a type of man-in-the-middle attack used by cybercriminals to target e-mail accounts of banks or other financial institutions. After they have obtained access, they could monitor transactions between an institution and its customers and convince them to follow the attacker’s instructions, and not the bank’s. The result? If you’re not paying enough attention, you may end up putting your money in the attacker’s pockets. 

6. Stealing browser cookies 

In technical language, cookies are small pieces of information – like items you add in the cart of an online store – that websites store on your computer. Since browser cookies can store passwords, addresses and various other types of sensitive information, they can become the target of cybercriminals. 

7. Wi-Fi eavesdropping 

This type of man-in-the-middle attack is particularly dangerous: hackers can set up Wi-Fi connections that sound very legitimate, similar to a business you know. Once a user connects to it, the cybercriminal will be able to monitor its online activity and intercept login credentials, payment card information etc. 

A man-in-the-middle attack is dangerous. End users can carry on with their business for days or even weeks without noticing that something is wrong. Consequently, it’s almost impossible to know, during that time, what data was exposed to malicious actors. Finding out more about what happened often requires good knowledge of the internet or mobile communication protocol and security practices. 

Fortunately, there are some security measures you can take in order to be safe. 

Here are some precautions that may help you to avoid a man-in-the-middle attack: 

1. Use a VPN 

A Virtual Private Network (VPN) is used to extend a private network across a public one, enabling users to share and receive data as if their devices were directly connected to that private network. Particularly useful when talking about preventing a man-in-the-middle attack is that VPN connections can mask your IP address by bouncing it through a private server. Plus, they can encrypt the data as it’s transmitted over the Internet. 

2. Access only HTTPS websites 

HTTPS websites prevent attackers from intercepting communications by encrypting data. 

An excellent method to go around HTTPS spoofing is by manually typing the web address you need instead of relying on links. 

You can also check if the link you want to access begins with ‘https://’ or has a lock symbol, suggesting it’s secure. 

3. Watch out for phishing scams 

There are lots of tips that we can give you regarding phishing precautions. 

– check grammar and punctuation. Suspicious e-mails might include poor grammar or punctuation or might show an illogical flow of content. 

– remember that established banks never ask you sensitive information via e-mail. Consider big red flags any e-mails that ask you to enter or verify personal details or bank/credit card information. 

– pay special attention to alarming e-mail content and messages where you are told that one of your accounts has been hacked, that your account has expired or other extreme issues that may provoke panic. Do not take immediate action!

– don’t fall for urgent deadlines either. This kind of e-mails usually leads the users to data harvesting websites, where sensitive personal or financial information are stolen. 

– beware of shortened links. They don’t show the real name of a website, so they are a perfect way to trick users into clicking. Get used to always place your cursor on shortened links to see the target location. 

4. Use strong router credentials 

Make sure that not only your Wi-Fi password but also router credentials are changed. In these credentials are found by an attacker, they can be used to change your DNS servers to their malicious ones or to infect your router with malware. 

5. Make sure your company has a software update policy

A software update policy helps you seal potential access points for a man-in-the-middle attack because up-to-date systems include all current security patches for known issues. The same should be considered for any routers or IoT devices connected to your network. 

6.  Adopt a zero-trust security model 

Although it might seem a little too much, requiring your colleagues to authenticate themselves each time they connect to your network regardless of where they are will make it more difficult for hackers to pretend to be someone else. They would need to prove their identity before accessing the network in the first place.  

Learn more about the zero-trust model and your organization will be more secure by default.

7. Prevent cookie stealing

Saving passwords on web browsers or storing credit card information on shopping websites might save you a bit of time, but it also leaves you more vulnerable to hackers. You should try to avoid storing sensitive information on websites and also get used to clear your cookies regularly. If you use Chrome, you can do this by accessing History > Clear Browsing History and ticking the checkbox “Cookies and other site data”. 

Heimdal™ Security can also help. Here’s how!  

As we have already seen, a man-in-the-middle attack can take various forms: IP, HTTPS or DNS Spoofing, SSL or e-mail hijacking, browser cookie theft or Wi-Fi eavesdropping. 

Some of the Heimdal™ solutions are perfect for protecting your business from them: 

Thor Foresight offers DNS and DoH security, plus a powerful and scalable Automated Patch Management system. Its DarkLayer Guard™ mitigates ransomware, next-gen attacks and data leakage. Its VectorN Detection™ tracks device to infrastructure communication and its X-Ploit Resilience feature closes vulnerabilities and deploys updates anywhere in the world. 

For paramount protection, you can combine it with Thor Vigilance, our antivirus solution with an unparalleled threat intelligence, EDR, forensics and firewall integration.   

For your e-mail security, we have developed MailSentry. MailSentry E-mail Security can help you detect malware, and stop spam, malicious URLs and phishing with simple integration and highly customizable control. If you want to take one step further, MailSentry Fraud Prevention will make sure that no e-mails containing fraud attempts, business e-mail compromise or impersonation reach your inbox. 

Heimdal Official Logo

Email communications are the first entry point into an organization’s systems.


is the next-level mail protection system which secures all your
incoming and outgoing comunications
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters which protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise (BEC);
Try it for FREE today Offer valid only for companies.

Wrapping up…

When trying to prevent a man-in-the-middle attack, there are three major aspects you must consider:

awareness & education. People are the ones who unknowingly click on bad links or use their login data on a compromised website, allowing hackers access to their information, so making sure that your colleagues and employees know the basic principles of preventing MITM attacks is essential. 

encryption & VPNs. Use encryption on all of your company’s devices and use VPNs whenever you connect to public networks, for extra protection. 

software update policy. Make sure that all your systems are up-to-date. Even a single point of failure can put your entire network in danger. 

Also, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company against cyber threats and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it.

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your thoughts!


The post What Is a Man-in-the-Middle Attack? How It Works and How to Stay Safe from It appeared first on Heimdal Security Blog.