SMBs Need 2FA Also

I’m sure you’ve heard about the numerous cyber attacks on big businesses like Target, Chase Bank, Equifax, and Sony, and other large organizations like the U.S. Government.  These are big enterprises that have the resources to make their systems as secure as possible, yet they still can’t stop hackers from taking advantage.

Small- and medium-sized businesses get less media attention but they are also targets of these attacks.  Most have insufficient security and the results of a cyber attack can be devastating.

Consider this: In 2011, small business hacks represented fewer than 20 percent of all attacks; nowadays the number is close to 50 percent.

While large companies make the headlines, the reality is one-in-three documented data breaches occur in smaller businesses. And the aftermath is often grim. About 60 percent of small businesses close their doors within six months following a cyberattack, according to Brian Kearney, chief underwriting officer for Travelers Small Commercial Accounts.

Smaller businesses obviously can’t match what their large enterprise counterparts are able to spend on cybersecurity. Still, there are ways to compensate for any budgetary limitations and put in place a comprehensive defense before cybercriminals target you. (source)

SMBs need to be vigilant and face the fact that cybersecurity isn’t just for big businesses.  Resources and budgets may not be the same, but there are other ways smaller companies can implement strong security measures.

One of the simplest methods is to implement a robust two-factor authentication system like GreenRADIUS.  Smaller companies don’t need to be overwhelmed with cybersecurity – GreenRADIUS is easy-to-use for both users and admins.  It is also easy to deploy and even easier to maintain.  Contact us today to learn more.



GreenRADIUS enhancements for 2017? It’s up to you!

2016 has been an exciting year for GreenRADIUS.  Apart from security-related updates and bug fixes, your feedback has been the basis of over 50 new features and improvements to GreenRADIUS during the year!

The top 3 new features added to GreenRADIUS in 2016:

  • SAML 2.0 Enterprise 2FA Single Sign-On (SSO) to cloud services such as Salesforce, G Suite and Office 365
  • 2FA over the LDAP authentication protocol (in addition to using RADIUS)
  • 2FA support for 802.1x authentication (for NAC and WiFi)

Want to see more?  Click here to my previous post.

We have some exciting announcements coming soon.  However, what is coming in addition in 2017 is really based on your input.  For example, based on your feedback, in 2016, we added logs for all admin events.  Now, we are in the process of collecting logs from all of the different modules to syslog so that we can support SIEM central logging requirements.  We will also add archiving and log aging.

Please let us know what you need next from us.

  • Would you like to see 2FA support for a pure Microsoft RDS solution or a more general 2FA enabled gateway/remote access service that can support multiple environments?
  • What would you like to see in a cloud service version of GreenRADIUS?
  • Do you need support for Azure AD or G Suite Directory Services?
  • How would you like GreenRADIUS to work in a hybrid cloud environment such as with Azure AD?
  • With SAML 2.0 added, do you also need OAuth support?
  • Is there something else that you would like to see from us?

Please provide feedback by using our contact form or simply email us at  Those that provide input and suggestions by January 31, 2017 will have a chance to win 10 YubiKey 4s!


Top 10 New GreenRADIUS Features and Improvements in 2016

It was a busy, but successful 2016 for us!  The following list of new GreenRADIUS features and improvements in 2016 were almost all based on customer feedback and requirements.  So we would love to hear from you whether you are already a customer or are looking to add two-factor authentication to your security infrastructure.

  1. SAML 2.0 Enterprise single-sign-on (SSO) to cloud services such as Salesforce, G Suite, and Office 365
  2. 2FA over the LDAP authentication protocol
  3. 2FA support for 802.1x authentication (NAC and WiFi)
  4. User portal for self-service registration of mobile tokens and, if needed, allowing self-resync of OATH HOTP/TOTP tokens
  5. On-board OpenLDAP server replication
  6. Option to prompt for OTP instead of having to append OTP to password
  7. Certificate management through the GreenRADIUS console
  8. View and filter audit logs and new filtering options in reports
  9. Management of on-board firewall through the GreenRADIUS console
  10. Diagnostics capabilities



Average Cost of a Data Breach = $3.8 Million (USD)

In an earlier post, we read that the data breach against Target in late 2013 could cost over $500 million dollars (USD) in the end.  While that amount is staggering, it is likely due to the number of sensitive records compromised and the size of the corporation itself.

The Ponemon Institute conducted a global study sponsored by IBM on the cost of data breaches.  It reported the following:

According to our research, the average total cost of a data breach for the 350 companies participating in this research increased from $3.52 to $3.79 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s [2015] study. (source)

This can give you a good estimate of what a data breach would cost your organization.  Tally all of your sensitive records (customer and vendor records, past and current employee records, etc.) and multiply that by $154.

Or, without even going into that calculation, the Ponemon study reports an average cost of $3.8 million for a data breach.  Consider that cost versus how simple and affordable a two-factor authentication solution can be, a solution such as GreenRADIUS.  This extra layer of security can thwart attacks and also keep organizations compliant with user authentication regulations, all in an inexpensive package.  Contact us today to learn more.

GreenRADIUS in Amazon Web Services (AWS)

Several organizations have moved in part or entirely to the cloud for their IT infrastructure.  This article details the interesting story of the University of Notre Dame and its gradual adoption of and migration to Amazon Web Services (AWS).

While GreenRADIUS is usually deployed on-premise, GreenRADIUS is also able to be deployed in AWS.  All of the same features are included, such as auto-deployment of tokens, auto-enrollment of users, the ability for users to have multiple tokens assigned to them, managed updates, a hardened OS, and more.

Our premium add-on modules are also available, the OATH Module (to support Google Authenticator and other OATH tokens) and the FIDO U2F Module.

Contact us to learn more.

2FA Becoming Widespread

So I ran across this nice article over at PC Magazine that has a nice description of services offering some sort of 2FA. If only these were all the same, it would be great (though I think the FIDO Alliance may start to solve that problem as more devices and services start supporting their specifications), but the important point now is that there is a recognition that 2FA is important and needed.

Stay tuned, we will all be using this and won’t think anything of it.

Where is 2FA in use today?

So I thought this article was a nice description of 2FA and some examples of where it is currently in use. An important thing to remember is that 2FA is not just about a token used for authentication, it can be any second factor.

Some of the examples they talk about include various services (from Apple to Google to Twitter and more) that send SMS messages to your phone (where-in the phone is the second factor), or Microsoft, which has an authenticator app where you approve (or reject) logins on untrusted devices. A common example that isn’t mention here (but is in other places) is your ATM card and PIN, where the card is the second factor.

Let the learning begin!

Applying the Gartner™ Hype Cycle Methodology at RSA 2015

As long time security industry participants, the team at Green Rocket Security has enjoyed watching the evolution of the RSA Conference through the years – into this year’s edition, which undoubtedly is the largest incarnation in its history.

It’s easy to find oneself becoming overwhelmed while being here.  Sifting through the onslaught of content and messages to find the solutions or information you seek can be numbing.

One tool that we find useful to understand and evaluate all the technologies on display at RSA is Gartner’s Hype Cycle methodology.  For those of you who aren’t familiar with the methodology – Gartner has a clever graphic they use to plot companies and products in a given technology category.  The Hype Cycle depicts the relative position of the companies and their products through time – moving from inflated expectations, through disillusionment and finally on to practical productivity.

For us at Green Rocket Security, we believe in providing pragmatic solutions to well-documented security problems. By nature we avoid hype, and instead look to develop and market practical and affordable technologies that deliver measurable improvements in security for all of our customers.

As technologists, we are by nature attracted to the new and exciting technical breakthroughs in our industry.  However, many years of experience in security have taught us that harvesting the benefits of innovation requires patience.  It takes time for technology providers, government, and users to gain a clear understanding of the benefits and challenges of deploying and using these technologies in production. From this understanding comes best practices and methodologies which allow for wide use and adoption.

Gartner’s Hype Cycle is an effective way to evaluate security market segments and help customers evaluate risk and reward when making purchase decisions in a category.  Our industry works best when it delivers clear and concise solutions to the growing array of threats facing all of us.  Tools like the Hype Cycle help improve our understanding of the industry and allow us to move forward in deploying solutions with greater confidence – which is a good thing indeed.

Why we believe in security industry Alliances, Initiatives and Standards

The technical and product teams at Green Rocket Security have spent many years working together in a variety of settings – and have seen firsthand how security industry alliances, initiatives and standards have worked to improve the state of computer security.

Whether it is cooperation between industry and government (FIPS, Common Criteria) or commercial initiatives and ecosystems to promote a particular security standard we’ve seen many successful partnerships that have resulted in improved products and processes that directly benefit users of security solutions. These initiates have many proven benefits – like improving interoperability of technologies which increases the speed and ease of deployments. These initiatives are also helpful in providing industry specific solutions for specific compliance or regulatory needs. They also help define key functional requirements that all users of the technology appreciate and rely on. This is particularly beneficial when not every user of these technologies has access to a CISO or CISSP to help guide them in architecting an appropriate security solution for a given use case.

Like any other human endeavor, these initiatives can be slowed or sidetracked by politics, lack of funding, or lack of commitment. In spite of these challenges important contributions continue to be made that move our industry forward to meet the next generation of cyber-security threats.

You can count on Green Rocket Security to support, adopt, interoperate and contribute to the security initiatives that we believe will improve the security posture of our customers. You can expect a number of significant announcements in this area from us in 2015.