Most companies don’t tend to think that they have a password problem. After all, they use a built-in browser password manager or somehow encrypted spreadsheets. Unfortunately, this is hazardous thinking that can lead to data breaches and other cyber threats, according to Philipp Mandl, the CEO of Zettasecure, a managed security services provider (MSSP).
Contents:
Meet Zettasecure
Zettasecure GmbH is a cybersecurity consulting firm based in Vienna, Austria. It specializes in cybersecurity services for small and midsize businesses.
Founded in 2020, Zettasecure was driven by Philipp Mandl’s experience in a large enterprise security operations center (SOC). After successfully building and managing a SOC, he saw an opportunity to create a similar service offering comprehensive security solutions with the expertise he had gained.
The company also provides a managed SOC for continuous monitoring and tailored cybersecurity support, mitigating threats affordably and without relying on high-cost solutions. Currently, they cater mainly to German-speaking countries, such as Switzerland, Germany, and Austria.
Password managers matter as much as antivirus systems
From his experience as an MSSP, Philipp Mandl finds that companies often believe that if they already have antivirus software, for example, they are cybersecure. However, sound password management is a necessity equivalent to an antivirus or firewall system—without it, the company won't be as secure. After all, password managers are a best practice to comply with NIS2 requirements.
One of Zettasecure's first clients in need of a password manager came to them with a unique challenge: they wanted not only a centralized and intuitive password management tool but also one that would allow them to get notified in real time when data loss occurred. In other words, they wanted to know if a malicious IP had logged into the password manager and was now trying to copy all the passwords as fast as possible, or to share them with multiple sources that shouldn't be shared per company rules.
As their MSSP, Zettasecure was happy to offer a solution: NordPass, a password manager that has a centralized and smooth user onboarding and offboarding that the IT team manages through the NordPass Admin Panel.
“We came to NordPass for a solution because we knew it had an Activity Log API that we are now utilizing for this specific use case. We use the Activity Log data from our customers and us, push it to the XDR platform from our customers and our side, and then analyze it.“
Philipp Mandl,
CEO of Zettasecure
Additionally, NordPass provides an Activity Log API that became a holy grail for this client's use case. The Activity Log API is a NordPass Enterprise feature that helps companies manage employee access and monitor the organization's activities. Zettasecure coupled this feature with XDR (extended detection and response) by pushing the data collected via the Activity Log API to SIEM so they could:
Get an alert or set an automation rule on a third-party tool
Get notified about user activity outside of working hours
Automate emails/messages to a user who hasn’t used NordPass in X days.
This works similarly if a threat actor is within the company and tries to search for specific passwords or copy them from NordPass as quickly as possible. Zettasecure noted that if a user is excessively viewing or copying passwords from NordPass, they mark it as malicious via the XDR platform, so that the company can automatically tackle this threat actor by locking down their computer and investigating what's happening.
The CEO of Zettasecure believes that NordPass and the XDR solution have become a perfect fit that he can now offer to his customers and happily uses at his own company.
Sharing passwords in a secure way
The other Zettasecure client faced yet another challenge. This company is in the transportation business and was looking for a way to share passwords safely among their teams. Namely, they have several departments, like legal and finance, that use certain shared accounts.
NordPass came through as a tool that was just right for their needs. With Shared Folders, employees can now easily share passwords in bulk and have all the necessary access at hand by simply autofilling credentials when needed. This eased the company's stress on handling access quickly and securely among the teams.
In addition, NordPass provided the company with other great benefits that further improved its security and convenience. For instance, it allows the client to see who has access to what accounts in the company via the Admin Panel, helping to streamline compliance. Additionally, when an employee is offboarding, the company can quickly transfer data to their colleague, so no access is ever lost.
A password manager helps to save companies' money
Sometimes, convincing people that they need an additional app to manage only their company's passwords can be hard. After all, they already use a built-in browser password manager, and it's already there.
However, Philipp Mandl believes this line of thought is a big issue: a built-in browser password manager doesn't help a company see possible cyber threats coming their way, which can have devastating consequences. For example, such password managers are particularly vulnerable to malware attacks: when malware appears on the device, it simply copies browser cookies and their stored passwords.
“I think the problem is that most people are using an in-built browser password manager, and that’s a big issue that can have devastating consequences. For example, such browser password managers are particularly vulnerable to malware attacks. So when malware appears on the device, it simply copies browser cookies, and then cybercriminals can sell that copied information on the darknet market. This valuable info can later be used for hacking the said company with credential spoofing.”
Philipp Mandl,
CEO of Zettasecure
And there's always a human error: most data breaches occur when someone accidentally enters their credentials on a phishing website, which is then leaked on the darknet. That's why it's crucial to invest in a dedicated password manager.
So, it's no surprise that the most used NordPass feature among Zettasecure clients is the Data Breach Scanner. It allows companies to catch whether any of their email domains or passwords have ever appeared in a data breach. If such data is ever found in a data breach, the company gets timely alerts so they can act quickly to mitigate the cyber threats. NordPass includes the Data Breach Scanner in all of its Business plans without any additional cost.
:format(avif))
Philipp says that it allows their customers to save thousands of euros if they notice that their data appeared in a breach so they can act proactively to prevent their credentials from ending up on the dark web. MSSPs, as Zettasecure, can also monitor the security health of their end-users through the MSP Admin Panel and alert their clients if needed.
A password manager fit for an MSSP
When choosing which password manager to partner with, there were a few decisions why Zettasecure chose NordPass:
Zero-knowledge architecture: NordPass' end-to-end encryption and zero-knowledge architecture ensure the finest privacy and security standards for MSPs and their clients.
Activity Log API helps manage client employee access and monitor company activities. For extra security, MSPs can effortlessly import data collected through the Activity Log API into SIEM and then use XDR, a technology that collects and automatically correlates data across multiple layers of security. This enables alerts and immediate response in case of a cyber threat.
Data Breach Scanner scans the dark web for data breaches involving the client company's email domains or passwords. If such data is ever found, the client receives a timely alert. This tool is included in all Business plans.
No hidden costs: NordPass has transparent pricing across all Business tiers for MSPs and their clients.
So, if you are looking for a way to improve your clients' security, please reach out to our experts today to learn more about NordPass for MSPs.