NORDKAP: WHERE INSIGHTS AND FINANCES CONNECT

Introducing Nordkap: a Swedish company that offers solutions for the treasury function of capital intense companies. The solution is a completely web-based, installation-free SaaS platform. In a short timeframe, Nordkap has established themselves as the leading web-based treasury system in Sweden and Norway. Now, their focus is to continue to improve and develop the system in order to expand – both in the Nordic region and Europe.

EXPANSION REQUIRES TRUST, SECURITY AND RELIABILITY

As Nordkap grew and started acquiring bigger customers, the requirements on their data security levels increased. Nordkap also wanted to develop an internal strategy to be able to capitalize on customer data stored in the platform, which also contributed to the need for higher data security levels.

Before Nordkap found their way to Basefarm, they had hired another supplier for operational solutions. In their decision-making process at the time, keeping costs down received the highest priority, as the company was still in a start-up phase. However, one of the problems Nordkap was experiencing was that the solution wasn’t stable enough and, in some cases, the service would completely shut down. On top of the service being unreliable, the communication from the supplier was also inadequate – no information was provided when the problems arose nor was it communicated how long it would take before the problems were resolved. This level of operational insecurity jeopardized the trust Nordkap’s customers’ had in them.

Read the whole customer case

Read more about our PCI DSS as a service

WORLD-CLASS PUBLIC E-ADMINISTRATION IN NORWAY

“We landed on a mix of suppliers that best fulfilled our criteria. Basefarm was the best operations supplier.”

So says Edvard Pedersen, project manager for the Altinn solution at the Brønnøysund Register Centre. The government’s ambition is that Norwegian public electronic administration (e-administration) should be the best in the world. Altinn is perhaps their most important card.

“We must have a partner and supplier right out of the top drawer in order to achieve this goal. Basefarm is an important part of achieving the government’s ambitious target,” says Pedersen, who counts his supplier as a partner. We must have an operator and supplier right out of the top drawer in order to achieve this goal.
The decision to award the operations contract was made on the basis of stable operation, predictability, economy, scalability and security. Seen as a whole, Basefarm delivered the best bid,” says Pedersen.

Read the whole customer case here

Read more about our PCI DSS as a service

Give Up the Ghost: A Backdoor by Another Name

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Government Communications Headquarters (GCHQ), the UK’s counterpart to the National Security Agency (NSA), has fired the latest shot in the crypto wars. In a post to Lawfare titled Principles for a More Informed Exceptional Access Debate, two of Britain’s top spooks introduced what they’re framing as a kinder, gentler approach to compromising the encryption that keeps us safe online. This new proposal from GCHQ—which we’ve heard rumors of for nearly a year—eschews one discredited method for breaking encryption (key escrow) and instead adopts a novel approach referred to as the “ghost.”

But let’s be clear: regardless of what they’re calling it, GCHQ’s “ghost” is still a mandated encryption backdoor with all the security and privacy risks that come with it.

Read more

Top 5 Security News

Security Software & Tools Tips – January 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* Elastic Stack
* Security Onion
* Wireshark
* Cuckoo
* BeEF

Elastic Stack

Information from the Elastic Stack website:

Threats don’t follow templates. Neither should you. The Elastic Stack gives you the edge you need to keep pace with the attack vectors of today and tomorrow.

Website:

https://www.elastic.co/

Security Onion

Information from the Security Onion website:

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!.

Website:

https://securityonion.net/

Wireshark

Information from the Wireshark website:

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Website:

https://www.wireshark.org/

Cuckoo

Information from the Cuckoo website:

Cuckoo Sandbox is the leading open source automated malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Website:

https://cuckoosandbox.org/

BeEF

Information from the BeEF website:

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Website:

https://beefproject.com/

Photo by Markus Spiske on Unsplash

EU launches bug bounty programs for 15 software

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Starting in January, the European Commission is going to fund bug bounty programs for a number of open source projects that are used by members of the EU. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, which aims to ensure the integrity and reliability of the internet and other infrastructure.

Read more

Top 5 Security News