Lifu Technologies - Blog by FrederikLifu Technologies - Blog by Frederikhttps://www.lifutechnologies.co.za/blogs/author/frederikThu, 16 Apr 2026 13:32:25 -0700http://zoho.com/sites/<![CDATA[All-in-one trusted platform and Immune to breaches]]>https://www.lifutechnologies.co.za/blogs/post/Bad-Actors-can-not-breach-businesses-that-adopt-stealthimmune to breaches from attack vectors like Malware/Ransomware, Port-scanning, Nation State attacks, DDOS attacks, Phishing, Code Injection, lateral movements, man-in-the-middle attacks, brute-force and infrastructure attacks.]]>


ZafePass from Zafehouze ApS offers the following capabilities that can work well for many customers with IT and OT Networks


  • All-in-one trusted platform: For the Enterprise where security, access management, file management and compliance work seamlessly together, minimising complexity and offers protection of known and unknown vulnerabilities
  • Immune to breaches:The Enterprise is immune to breaches from attack vectors like Malware/Ransomware, Port-scanning, Nation State attacks, DDOS attacks, Phishing, Code Injection, lateral movements, man-in-the-middle attacks, brute-force and infrastructure attacks. Offering the enterprise protection of their data, users and retains trust.
  • Virtual Private Connectivity: Allows for point-2-point private, privileged and encrypted direct access between an employee and e.g. ERP server. These connections cannot be breached nor can information be extracted from them.
Business flyer
For the CISO
]]>Sun, 24 Nov 2024 14:33:00 +0200<![CDATA[Cost and frequency of a data breach by initial attack vector]]>https://www.lifutechnologies.co.za/blogs/post/Cost-and-frequency-of-a-data-breach-by-intial-attack-vectorCost and frequency of a data breach by intial attack vector - IBM Cost of a Data Breach Report 2024]]>

Don’t let a data breach disrupt your business

Interesting to see which attack vectors are the most successful. Talk to us about how our Prevent & Protect solution can minimize the risk in these attack vectors or read about it here: 

Zafepass Prevent & Protect

Be prepared for breaches by understanding how they happen and learning about the factors that increase or reduce your costs. New research from IBM and Ponemon Institute provides insights from the experiences of 604 organizations and 3,556 cybersecurity and business leaders hit by a breach. Empower yourself with real-world examples and expert recommendations on how to mitigate the risks.

Register with IBM for a copy of the full report
]]>Fri, 02 Aug 2024 10:13:07 +0200<![CDATA[Get over it – you will be hacked: confronting and preparing for the reality of cyberattacks]]>https://www.lifutechnologies.co.za/blogs/post/Get-over-it-–-you-will-be-hackedThe inevitability of cyberattacks is a stark reality in today’s digital landscape. With 3,205 reported data compromises in the US in 2023, representing a 72% increase over 2021[1] , businesses must acknowledge that cyber risk is on the rise.]]>

It was a pleasure presenting to the Berne Union about Cyber Security and the potential impact to Credit Risks

The full post is here :

]]>Tue, 30 Jul 2024 10:16:17 +0200<![CDATA[What is the difference between ISO 27001 and SOC?]]>https://www.lifutechnologies.co.za/blogs/post/cobit-5-itil-v3-iso-27001-information-security-management-system-and-iso-9001-quality-management-sys1

ISO 27001 is the Standard that establishes requirements for an Information Security Management System (ISMS), a set of practices to define, implement, operate, and improve information security.

 

While SOC refers to a set of audit reports to evidence the level of Conformity of Information Security Controls’ design and operation against a set of defined criteria (TSC),

Comparison between ISO 27001:2022 and SOC

 

ISO 27001:2022 Revision defines requirements and Controls for the systematic Protection of Information, including PII which are Applicable to Organizations/Entities of any size across Industries that require Compliance with the Standard.

 

The Information Security Management System (ISMS), defined in Clauses 4 through 10 of the Standard, provides Directives to Organizations/Entities as to provide Guidance to ensure its Security Compliance are aligned with identified/adopted objectives and outcomes (eradication/mitigation of Threats as a result of incidents, operational optimization, etc.), predicated upon an EFFECTIVE Risk Management approach.

 

What is the relationship between ISO 27001:2022 and SOC?

 

ISO 27001 has at a minimum the following controls that can be used to comply with the Trust Services Criteria:


 

ISO 27001 vs SOC

 

It is not a question of whether ISO 27001 vs. SOC 2, as SOC is an Audit report, while ISO 27001 is a Standard to establish an Information Security Management System (ISMS)

 

Hence SOC can be considered as an output, delivered by an ISO 27001 ISMS Implementation.

 

In effect the appropriate relationship between ISO 27001 and SOC is as follows:

 

1.ISO 27001 Certification is not Mandatory to create an SOC report

 

2.The ISMS can provide, without major additional cost and effort, a solid basis for preparing this report, whilst increasing Clients/Customers’ confidence that the Organization can Protect their Information/Data.

 

What is the difference between ISO 27001 and SOC?

 

ISO 27001 is the Standard that establishes requirements for an Information Security Management System (ISMS), a set of practices to define, implement, operate, and improve information security.

 

While SOC refers to a set of audit reports to evidence the level of Conformity of Information Security Controls’ design and operation against a set of defined criteria (TSC),

 

Definition. 

 

ISO 27001 is a Standard that establishes requirements for an Information Security Management System (ISMS).

 

SOC refers to a set of audit reports to evidence the level of conformity to a set of defined criteria (TSC),

 

Applicability by industry. 

 

ISO 27001 – for Organizations of any size or industry.

 

SOC 2 – for Service Organizations from any industry,

 

Compliance. 

 

ISO 27001 is certified by ISO certification body.

 

SOC 2 is attested by a licensed Certified Public Accountant (CPA),

 

What are the Objectives?

 

ISO 27001 – to define, implement, operate, control, and improve overall security.

 

SOC 2 is intended to prove Security level of Systems against static principles and criteria

.

Get Started Now
]]>Fri, 26 Jan 2024 12:45:51 +0200<![CDATA[CoBIT 5, ITIL V3, ISO 27001  Information Security Management System and ISO 9001 Quality Management System]]>https://www.lifutechnologies.co.za/blogs/post/cobit-5-itil-v3-iso-27001-information-security-management-system-and-iso-9001-quality-management-sysCoBIT 5, ITIL V3, ISO 27001 – Information Security Management System and ISO 9001 Quality Management System]]>

LIFU Technologies is delighted to share that Glenard O'Moore has joined us to offer certification services like ISO 27001 and 9001. Glenard has also been appointed CISO for Lifu Technologies.

Glenard has more than 15 years’ experience in implementing and Auditing “Best Practice” Frameworks, and Standards such as CoBIT 5, ITIL V3, ISO 27001 – Information Security Management System and ISO 9001 Quality Management System

Qualifications:

Certified ITIL Expert

Certified CoBIT Assessor

Certified ISO 27001 Lead Auditor

Certified ISO 9001 Lead Auditor

DevOps Practioner


References include: 

Implementation of ITIL in the Ministry of Finance and Office of the Prime Minister in Namibia where 16 Government Employees were trained and Certified as ITIL Experts


Establishment of GRC in accordance with Public Service Administration in Namibia


In collaboration with DD Limpopo, establishment of DPSA CGICT defined Core Practices at the then, newly established Collins Chabane Local Municipality


Implementation of ISO 27001 Information Security Management for QR-Connect in the Netherlands and Zafehouze ApS in Denmark.

Get Started Now
]]>Fri, 26 Jan 2024 12:45:51 +0200<![CDATA[ISO 27001 - NIST - CoBIT - Integrated Framework Model]]>https://www.lifutechnologies.co.za/blogs/post/ISO-27001-NIST-CoBIT-Integrated-Framework-Modelamely ISO 27001, the leading ISO standard for Information Security Management; COBIT, an IT management and Governance Framework; and NIST SP 800 series, a set of documents published by the United States government iro IT Technology Security, to which ISO 62443 (IoT) will be added]]>

Executive Summary

The increase in concern among businesses and customers about protecting their information has led to more complex security requirements, many times involving the integration of multiple approaches.

In turn, modern information security implementation projects have become even more challenging, especially information technology processes.

And, when we talk about integrating approaches, it is not a question of simply creating a single list of what each approach requires and implementing them, but rather to coordinate these requirements, through trade-offs between conflicting objectives and alternatives, and by reinforcing the common ones, so that the implemented requirements can meet the expected overall outcomes.

Therefore, before ensuring compliance with requirements, it is paramount to consider a process of integrating security practices into business activities, but strange as it may seem, there are not many readily available materials regarding integrating practices.

Our approach embraces the three areas, namely ISO 27001, the leading ISO standard for Information Security Management; COBIT, an IT management and Governance Framework; and NIST SP 800 series, a set of documents published by the United States government iro IT Technology Security, to which ISO 62443 (IoT) will be added

We will present their similarities and differences, and how they can be used together during an information security implementation project to improve information protection.


The Paper is written by Glenard O'Moore, CISO of Lifu Technologies and certified auditor on various standards

Read the paper
]]>Wed, 10 Jan 2024 12:31:28 +0200<![CDATA[Can you steal what can't be detected?]]>https://www.lifutechnologies.co.za/blogs/post/can-you-steal-what-can-t-be-detected"You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete" R. Buckminister Fuller]]>

"You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete" R. Buckminister Fuller

Download this document and you can read how we can turn

to this

Download
]]>Thu, 30 Nov 2023 13:07:47 +0200<![CDATA[Paradigm-shift-in-Cyber-Security-approach?]]>https://www.lifutechnologies.co.za/blogs/post/Paradigm-shift-in-Cyber-Security-approachThe Zafepass Prevent & Protect platform are by design leveraging Guard-Railed, Micro- Perimeter, and De-perimeterization based methodologies for ‘access and security’]]>

Zafepass Prevent & Protect – Fast Facts Intro


The Zafepass Prevent & Protect platform are by design leveraging Guard-Railed, Micro- Perimeter, and De-perimeterization based methodologies for ‘access and security’.

These are innovative approaches that organizations would adopt to address the challenges posed by the evolving landscape of IT (Information Tech.), OT (Operational Tech.), and IoT (Internet of Things) environments.

These approaches offer several advantages compared to traditional security measures like VPN (Virtual Private Network), PKI (Public Key Infrastructure), IAM (Identity and Access Management), CASB (Cloud Access Security Broker), DLP (Data Loss Prevention), and XDR (Extended Detection and Response), just to mention a few.

Let's break down the advantages of the new approaches and the problems with the traditional ones:

Advantages of Guard-Railed, Micro-Perimeter, and Deperimeterization:

  1. Segmentation and Reduced Attack Surface: The Zafepass approach focus on micro-segmenting down to individual resources, the access and the user-sessions by creating isolated micro-perimeters around every asset, application and/or data. This segmentation reduces/minimizes the attack surface and make it impossible for threats to move laterally to any other ‘micro-perimeter’ (segment).
  2. Granular Access Control: Instead of granting broad network access through VPNs, Zafepass enforce granular access controls including ‘environmental fingerprints’ ensuring only entitles users and devices are allowed access the specific resources they need. The risk of unauthorized access is hereby mitigated.
  3. Beyond ZeroTrust, SASE, SSE, Software Defined Perimeter and alike: The Zafepass design exceeds ‘these frameworks’ in several ways. Assuming compromise of any- thing, least privileged access and constant validation has been part of our design for 20 years. Every access request is authenticated and authorized’ regardless of whether the request originates from inside or outside the perimeter. The design includes constant validation, advanced obfuscation and preventive mechanisms, as well as ephemeral connectivity and end-to-end dynamic encryption.
  4. Adaptability to IoT and OT: As IoT and OT devices proliferate, traditional security solutions struggle to manage and secure these devices. The Zafepass Guard-Railed and Micro-Perimeter approaches are designed to handle the unique access and security challenges posed by these environments.
  5. Contextual Awareness (Attribute Based Access, Communication and Identity Control): Zafepass Prevent & Protect incorporate contextual awareness, taking into account, user behavior, device health, and other factors to make access decisions. Zafepass’ dynamic non-interruptive approach enhances security without causing unnecessary friction for legitimate users or lead to operational disruption.
  6. Cloud-Centric Security: With organizations increasingly adopting cloud services, traditional security measures can become less effective. The Zafepass approaches are designed with cloud environments in mind, ensuring consistent security across on-premises and cloud-based resources.

Challenges with traditional solutions (VPN, PKI, IAM, CASB, DLP, XDR):

  1. Limited Perimeter Protection: Traditional perimeter-based security, such as VPNs, relies on the assumption that internal network traffic is trusted. This approach becomes less effective as remote work, BYOD (Bring Your Own Device), and cloud services blur the traditional network boundaries.
  2. Complexity and User Experience: Traditional solutions like VPNs and PKI can introduce complexity for users, leading to poor user experience. Users often find VPN connections cumbersome, and PKI management can be challenging.
  3. Scalability Challenges: As organizations scale and adopt new technologies, managing identities and access control through IAM can become complex and resource-intensive.
  4. Lack of Visibility: Traditional solutions might lack visibility into cloud services and applications, making it difficult to enforce consistent security policies across all environments.
  5. Inadequate for IoT and OT:Traditional security solutions are often ill-equipped to handle the unique challenges posed by IoT and OT devices, which may have limited security capabilities and diverse communication protocols.
  6. Alert Fatigue: Traditional security solutions like XDR and DLP can generate a high volume of alerts, leading to alert fatigue for security teams and potentially causing critical alerts to be overlooked.
  7. Data Protection Challenges: While DLP solutions aim to prevent data loss, they might struggle to effectively monitor and protect data in decentralized, cloud- based, and IoT / OT environments.

Zafepass offer a more adaptive and dynamic approach to access, communication and security in today's complex IT, OT, and IoT landscapes.


All rights reserved. Zafehouze 2023

Get Started Now
]]>Tue, 07 Nov 2023 11:33:55 +0200<![CDATA[Practical Cyber Security advice for owners of SME with minimal budget]]>https://www.lifutechnologies.co.za/blogs/post/Practical-Cyber-Security-advice-for-owners-of-SME-with-minimal-budgetUnless your company deals with national secrets, valuable transactions the likelihood of your company being targeted by hackers is small. Likelihood will be spray and pray attacks from hacker using phishing and business email compromises (BEC)]]>

Thereafter: Assume compromise of EVERYTHING

Unless your company deals with national secrets, valuable transactions the likelihood of your company being targeted by hackers is small.  Likelihood will be spray and pray attacks from hacker using phishing and business email compromises (BEC). Hackers offer phishing and business email compromise online as a service and utilize AI to increase volume and precision. Email addresses, phone numbers etc. they have from numerous data breaches.The best defense against this is creating awareness among your family, employees, about digital hygiene, which includes:
  •  Questioning any request of data by following a link in a SMS. (Log on directly to the bank, Tax services, etc. and respond to queries there)
  • Do not announce on e.g., Facebook that the whole family is on vacation. 
  • Double check odd requests from family/employees/bosses by a separate comms channel, e.g., use WhatsApp if the request came from email.
  • Review your password reset procedures and include call-back, send the reset password to the employees' manager, so identification can be verified.
  • Data privacy acts e.g., GDPR(EU), POPIA(ZA) applies basically to any organisation, so at a minimum this has to be addressed.
  • Only install SW that is downloaded from the vendors website and minimize browser plug-ins. (Take extra care if you let your kids use your laptop/smart phone.)
     
    While not 100% guarantee for security, enabling multi-factor-authentication (MFA) will raise the defenses and hackers will potentially move on to the next potential victim.
     
    Finally, make sure your IT-department and/or IT Service provider is updated on SW Security patches as vulnerabilities are published.
     
     
    Thereafter: Assume compromise of EVERYTHING
     
    In august a hosting company with 300 clients was hacked and everything was encrypted (including backups) and held for ransom, as a result several companies have declared bankruptcy with more to come. In the end the owner(s) are responsible and lesson #1 is to take data backups (systems can be re-created) and store the files at a different location.
     
    Recreation can take time days/weeks, so consider what is absolutely critical data/information required to continue production/operations for e.g., a week and make a plan for that. Thereafter test the plan.
     
    If you use cloud providers e.g., MS 365, do not assume they automatically backup your data. They can, but typically it is a separate billable service!
Get Started Now
]]>Fri, 06 Oct 2023 15:07:38 +0200<![CDATA[Twilight Cyber offers ultra-fast detection of compromised machines and credentials, drastically minimizing the likelihood of ransomware attacks, data breaches, and internal system damages.]]>https://www.lifutechnologies.co.za/blogs/post/Twilight-CyberTwilight Cyber offers ultra-fast detection of compromised machines and credentials, drastically minimizing the likelihood of ransomware attacks, data breaches, and internal system damages.]]>

Swift Detection, Bolstering Security with Complete Intelligence

In an increasingly digital world, the security of online systems and data is paramount. One key vulnerability is compromised credentials – usernames, passwords, and cookies that have been stolen or exposed and are utilized by bad actors to attack your organization. leading to catastrophic outcomes, including devastating ransomware attacks and data breaches.

In this high-stakes environment, the early detection of compromised credentials is more than just a best practice – it’s a necessity. By identifying and addressing compromised credentials swiftly, organizations can act before cybercriminals do, preventing ransomware attacks, protecting their data, and preserving their operations and reputation.

With Twilight Cyber, we specialize in detecting compromised credentials in the critical, first few hours post the initial leak. Such an extremely early detection provides actionable intelligence, empowering organizations to stay one step ahead of potential threats. Join us in our mission to secure the digital world and prevent the next big ransomware attack.

.

Request more information
]]>Mon, 25 Sep 2023 07:47:28 +0200