nGran, LLC

Data Security Solutions - 978.519.9809

nGran, LLC is a software and data security firm specializing in multi-platform endpoint protection software. In addition to our endpoint security software we offer threat reporting services to allow our clients access to the latest verified and updated threat data. Our software, tailored reports and consulting services allow clients to defend against malware, malicious website connections, prevent IoT and ransomware infections, increase user data privacy protection, and minimize security risks to their environments.

Providing internet security to clients around the world.

TAS-Block Details

nGran products and services secure a variety
of clients, from Large Banks and Financial
Services corporations
to small, private companies.

MD5's for downloadable PDFs are found on the
Products and Services pages of this website.
Some PDFs require passwords available from

Find out what we can do for you:

>  Emerging Threat Catalogue
>  Privacy Impact Assessments & GDPR
IoT Security Reviews
Malware Behavior Testing
Web Application Intrusion Prevention
>   Cyber-Security Weakness Assessment
>   Security Awareness Training
>   Vulnerability Risk Assessments
>   Spear Phish Simulation Testing
>  TAS-Block Endpoint Security Product

Connect with us:
We are here to help you implement a more secure 
environment on your systems and for your
. Please contact us at
for most Product and Service PDF passwords.

For more information, contact:

Office Phone: 978.519.9809


IoT and Ransomware Security Problems Increasing

The Internet of Things (IoT) and Ransomware continue to expand their unsecured reach into the Internet due largely to vendor and management lack of awareness with relevant security standards. It is not a valid argument to state that "accepted industry standards do not include security" when in fact there are multiple standards which apply for all Internet connected devices in all industries and in all parts of the globe as of January 01, 2017.

The same shortsitedness exists when it comes to protecting assets from "weaponized" ransomware attacks. And yes, there is no excuse for avoiding updates or upgrades on targeteted Internet accessible platforms. There is equally no excuse for limiting IT resources needed to perform "safe" backups and supported upgrades that compensate for advanced ransomware attacks, including those using IoT devices. Preventive maintenance is clearly a better approach to remediation than hoarding unregulated Bitcoins! Unfortunately, the "penny wise and pound foolish" model of many management groups, exascerbates and contributes to the ease of IoT and ransomware attack campaigns!

A recent study looked at 10 varied IoT device and sensor types, showing that over 70 percent of the IoT devices and sensors examined were susceptible to one or more of the vulnerabilities in the Open Web Application Security Project (OWASP) Internet of Things Top 10. The latest sets of Distributed Denial of Service (DDoS) attacks on companies like Dyn have been using unprotected Small Office & Home Office (SOHO) modems as well as Digital Video Recorders (DVRs), Internet Protocol Cameras and other IoT devices delivered in an insecure state by the vendor. A forensic analysis of malware running the attacks (NetWire,Mirai,Bashlight,Kaiten/STD) reveal an extensive list of available attack vectors along with the ability to execute arbitrary commands and take full control over any weak security configured IoT system.

Unfortunately, the security on many deployed IoT systems is effectively non-existant, using lightweight and clear text protocols, primitive to easily guessed basic authentications, the use of unnecessary ports and protocols that allow the attack surface of each simply configured IoT device to be a zombie in a botnet. Again, vendor lack of awareness for current security standards are unacceptable excuses for any manufacturer who adopts and deploys insecure IoT devices that violate accepted Privacy and Security standards, including those from IETF, OWASP, NIST, ISO/IEC, the Cloud Standards Customer Council, the Industrial Internet Consortium Reference Architecture, and the Online Trust Alliance’s IoT Trust Framework.

Prior to deploying any IoT set of systems, a full design review must include that for "Best Practices" conforming to appropriate and existing security and privacy standards. The goal of such a review should be to evaluate the delivered IoT device configuration, use of system resources, security monitoring and the ability to disable or modify IoT platform components that violate existing security "Best Practices". If you are seriously considering an IoT deployment project, you should contact us at for further consultation.

Prevention, Protection, & Awareness

nGran has added more real time information feeds from industry leaders and links to the Federal Trade Commission (FTC) IDTheft web site to help raise awareness to the growing spyware and identity theft problems in the marketplace. Click on the Alliances link for more information. Also, visit our Research page to see our site threat lists, whitepapers, and products that are currently available.

Finally, we recommend that users contact the Internet Crime Complaint Center (IC3) for their latest information about protecting your PII and means of lodging complaints against malicious websites. IC3 can be contacted at the following link;

This Web site is designed to work best when using version 3.0 or higher of Mozilla Firefox or version 6.0 or higher of Microsoft's® Internet Explorer. nGran, LLC believes that the information posted on this website is accurate as of its publication date; such information is subject to change without notice. nGran is not responsible for any inadvertent errors. All trademarks and registered trademarks are property of their respective owners. Copyright 2002-2018, nGran, LLC. All rights reserved.