Skip to content

Using runZero to verify network segmentation

What is network segmentation?

Network segmentation, in its simplest form, is the act or practice of dividing a computer network into smaller parts, subnetworks, or network segments. In recent years,it has evolved into a foundational enterprise control to improve network performance and security. However, without effective verification strategies like Cyber Asset Attack Surface Management (CAASM), network segmentation can be easily undermined by misconfigurations and multi-homed machines.

Let’s explore a practical comparison to network segmentation – a house with an open floor plan. This design ensures ease of movement and makes the space feel larger, but presents a challenge for achieving privacy and security. You likely don’t want everyone that enters your home to have unfettered access to all areas. Adding walls and changing the architecture of a home is much harder after it’s been built; however, doors and locks can help add security controls while maintaining the original functionality. For example, if a contractor is scheduled to work on the garage, doors and locks add a level of segmentation that ensures access is only granted for the area where the work needs to be done. Lateral movement into the house is unlikely and garage repair alone does not merit access to other areas. Essentially, network segmentation is akin to a house with defined areas of access to make safe and secure spaces when needed.

A simple example of network segmentation
A simple example of network segmentation

What are the benefits of network segmentation?

  • Better operational performance Segmentation reduces network traffic congestion.

  • Improved security:

    • Limit the damage done by cyber attacks: Segmentation improves cybersecurity postures by limiting how far an attack can spread by reducing lateral movement. For example, segmentation keeps a malware outbreak in one segment from spreading to systems in another.

    • Protect vulnerable devices: Segmentation can prevent harmful traffic from reaching devices that are unable to protect themselves. For example, on a factory floor that contains OT/ICS devices that were not designed with advanced security defenses, segmentation can stop harmful Internet traffic from reaching them.

  • Containing network problems: Segmentation minimizes the impact of local failures on other parts of the network. When localized problems arise, network segmentation helps to minimize production downtime and decrease corporate latency due to misconfigurations.

  • Controlling access: Access can be controlled by creating VLANs to segregate the network. For example, visitors can access a “guest network”, so they can access the Internet, but not the corporate network itself. Another example is separating networks during a corporate divestiture, so that employees only have access to the corporate network of their company and not the other.

  • Meet industry compliance standards Regulations are a driving factor in network segmentation. For example, businesses subject to Payment Card Industry Data Security Standard (PCI DSS) requirements must validate cardholder data environment (CDE) segmentation during the security audit process. The PCI guidance on scoping and segmentation describes a common CDE administration model.

How do you verify network segmentation is implemented correctly?

Verifying that segmentation is working correctly can be challenging, especially across large and complex environments. Common techniques to validate segmentation, such as reviewing firewall rules and spot testing from individual systems can only go so far, and comprehensive testing, such as running full network scans from every segment to every segment, can be time intensive and are rarely performed on a regular basis.

Verifying safe network segmentation with CAASM

Network bridge detection

Network bridge detection is a useful tool when validating the effectiveness of network segmentation and testing whether an attacker can reach a sensitive network from an untrusted network or asset. Examples of this include laptops plugged into the internal corporate network that are also connected to a guest wireless segment, or systems connected to an untrusted network, such as a coffee shop’s wireless network that also have an active VPN connection to the corporate network.

The runZero Platform detects network bridges by looking for extra IP addresses in responses to common network probes (NetBIOS, SNMP, MDNS, UPnP, and others) and only reports bridges when there is at least one asset identified with multiple IP addresses. Typical hardening steps, such as desktop firewalls and disabled network services are limiting factors that will usually prevent multi-homed assets from being detected by runZero; however, the click-through demo below shows how to use network bridge detection to search for multi-homed assets in the runZero inventory.

Identifying Potentially Risky Network Bridges

This runZero network bridge report is an interactive view of possible paths that can be taken through the network by traversing multi-homed assets. When detected, single IP addresses are omitted to keep the graph practical and actionable for defenders.

runZero enables you to click through asset and subnet details within the external (red) and internal (green) networks. Clicking a bridged node once will highlight the networks it is connected to and show a link which leads to the full asset details for that node. Alternatively, clicking a network once will highlight the connections to bridged nodes and show a link to the Asset Inventory page with a CIDR-based inventory search.

This report helps you see where segmentation may be broken, and can cut down on the number of surprises encountered in a future security audit.

The Asset Route Pathing Report

The runZero Platform also enables you to visualize potential network paths between any two assets in an organization by creating the asset route pathing report. This unique methodology identifies surprising and unexpected paths between assets that may not be accounted for by existing security controls or reviews.

The report generates a graph of multiple potential paths by analyzing IPv4 and IPv6 traceroute data in combination with subnet analysis of detected multi-homed assets – without requiring access to the hosts or network equipment.

With a view of potential paths between assets, security professionals can verify whether a low-trust asset, such as a machine on a wireless guest network, can reach a high-value target, such as a database server within a cardholder data environment (CDE). Another example would be an OT asset (such as an engineering workstation) being able to access the IT network. This feature highlights potential network segmentation violations and opportunities for an attacker to move laterally from one segment to another.

Summary

In summary, there are many benefits of network segmentation, and fact checking proper implementation can be a difficult, arduous task. runZero is here to help by reducing the burden of misconfigurations and/or improperly defined network boundaries, subnets and VLANS.

Not a runZero customer? Download a free trial today and achieve comprehensive asset inventory and attack surface visibility in minutes.

If you would like to read more about network segmentation and what runZero has found in the wild, check out Chapter 4 of the runZero Research Report that talks about the decay of segmentation.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Guardz collects $18M to expand its AI-based security platform for SMBs

Thanks to advances in AI, small and medium businesses have become a significant target in the world of cybercrime, accounting for roughly half of all breaches worldwide by some estimates. Now, one of the companies building security tools for SMBs has raised a round of funding to expand its business, underscoring the demand in the market for better defenses. 

Guardz, an Israeli startup that has built an all-in-one security and cyber insurance service for small and medium businesses, has raised another $18 million in a Series A round of funding.

 

The company emerged from stealth less than a year ago (at the end of January 2023), and since then it has had a bit of a pivot. It’s no longer selling directly to SMBs but is working with managed service providers that in turn sell and manage IT services for SMBs. MSPs, it found, were the primary route to getting their product to get used by SMBs (meaning direct business was not taking off). Now those MSPs are able to build their own offerings “powered” by Guardz.

“This is the journey. It’s a blended solution, powered by Guardz but with the logo of the MSP out in front,” said Dor Eisner, the CEO, in an interview.

The plan will be to use the funding to hire more engineering talent to continue evolving the Guardz product, which has been selling primarily to customers in the U.S., U.K. and Australia. It has around 200 MSPs on its books currently, which in turn are working with some 3,000 SMBs, which in turn represent some 36,000 seats overall using Guardz’s products. Security remains the main revenue driver, with cyber insurance an option add-on.

Glilot+, the early growth fund of Glilot Capital Partners, is leading the round, with ClearSky and previous backers Hanaco Ventures, iAngels and GKFF Ventures also participating.

The company is not disclosing its valuation, but Eisner — who co-founded the company with Alon Lavi — said that the figure has tripled since its last fundraise, a $10 million seed round that coincided with Guardz coming out of stealth mode.

 
 

 

To give some more context: The startup has now raised $28 million and alongside securing around 36,000 “seats” it is growing fast, within an interesting opportunity for more customers since there are around 150,000 MSPs globally serving the SMB market, Eisner said. That likely puts Guardz’s valuation comfortably above $100 million.

The gap in the market that Guardz is targeting is a big and urgent one. In the past, SMBs were overlooked by cybercriminals largely for the same reasons that they were mostly ignored by the most cutting-edge B2B technology developers: SMBs are too fragmented as a group, and they typically do not represent lucrative ROI compared to large enterprises.

However, developments in AI have made it very easy for malicious actors to develop, execute and scale campaigns exploiting vulnerabilities. That’s been an alarming development, because typically SMBs have lacked the in-house expertise, and the right tools, to defend against that.

Guardz’s aim has been to create a security platform for these customers that is just as robust as what larger organizations might use. The platform is provided as a managed service — meaning the customer does little to manage it directly — but within that managed service, there is a lot of AI-based automation built in: Guardz’s tools automatically detect malicious activity, provide remediation against it and write up activity reports that can be further triaged by the MSP. The MSP can also use Guardz to create security breach simulations — customized to the specific activity of the SMB in question — which can be used to help train the employees at their customers.

Part of the funding will be used to continue expanding the tools that its own team has at hand to match the increasing sophistication of bad actors.

 

“Every day we find a new method used by hackers,” Eisner said. A recent discovery, he said, involved a method to create automated forwarding rules for those using Microsoft 365, giving malicious actors a way to collect emails “in a silent way.”

“We found that people were talking about this attack on the dark web, so we decided to develop detection and remediation around it,” he said, adding that a technique like this would likely be used as part of a multivector attack, alongside phishing, for example.

SMBs have become a sharper target for tech companies building enterprise services not just because innovations in cloud services and AI have improved the unit economics. It’s also because they are a huge market segment, estimated at over 99% of all businesses globally. And that can mean big business in a variety of verticals. Payments and fintech business SumUp, which also targets SMBs, earlier this week announced more than $300 million in funding to expand its platform and grow its customer base. Guardz is also not the only one in the area of building cybersecurity for SMBs. Others in the long list of direct competitors include CyberSmart out of the U.K. as well as bigger players like CrowdStrike and Check Point.

“When we met the exceptional team at Guardz, which combines cybersecurity leaders with small business go-to-market experts, it became evident that they had built the ultimate solution for small business cybersecurity – a longstanding and rapidly growing market need we’ve been monitoring at Glilot for a while,” stated Lior Litwak, who is the managing partner heading up Glilot+, in a statement. “Guardz has developed an impressive, holistic, and user-friendly cybersecurity and cyber insurance risk-assessment platform that is cleverly tailored to MSPs, who serve the often-overlooked long-tail small business market. We are excited to lead this funding round and join the Guardz team on their journey to secure the digital world for those who today need it most.”

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Searching for a password manager? Discover the best review sites

 

Contents:

Suppose you were Stefan Thomas, a San Francisco-based German programmer who is left with two guesses to figure out a decade-old password to access his $321M fortune. In that case, you’d probably be banging your head against the wall trying to figure out why you didn’t use a password manager back then.

These days password managers are an everyday essential. Choosing the right one for you — out of all available options — can be tricky, especially if you have no experience with password managers. And that’s when we often turn to review sites.

This post is your shortcut to understanding how to use review and comparison sites to your advantage so you can make the best possible decision.

What makes a reliable password manager comparison site?

Transparency of evaluation and methodology

The cornerstone of any reliable review site is openness about its editorial integrity and review criteria. Such sites should be transparent about what they value in a password manager or any other app in terms of features or functionalities. This also includes being frank about their evaluation methodologies and review timelines.

Up-to-date information

Any reputable comparison site should update its reviews to reflect how a product or service has changed. The reviewers should look to include the latest features or any other disclosures that may determine the user’s choice in either buying or avoiding the product.

Disclosure of conflicts of interest

A comparison site that wants to be taken seriously or considered as trustworthy should be open about its connections and relationships with various developers. Ultimately, the site stands more to gain than lose when it comes to disclosure of conflict of interest.

Key password manager features to consider

Not all password managers are created equal. When choosing the best fit for your needs, here are the essential features you should consider.

Encryption

The foundation of any password manager worth its salt is encryption. Put simply, encryption scrambles data into a code that only the correct key can decode. Strong encryption means that the likelihood of hackers accessing your passwords in the password manager’s vault is essentially zero.

Device sync

We live in a multi-device world, where switching between smartphones, tablets, and computers is a fact of life. A password manager that is worth your buck should offer seamless sync across devices and platforms.

Password generation

Weak passwords are the leading cause of unauthorized access. It’s no secret that we—humans are terrible at password creation. Machines, on the other hand, usually excel there. When considering a password manager, look for a built-in password generator.

Extra features

Password managers come packed with a variety of advanced security features. To get the best bang for your buck, look for a password manager that offers email mask creation, allows you to add emergency contact, and notifies you if your data ever appears in a data breach.

Secure sharing

There are times when you need to share a password with a family member or colleague. There’s no way around it. So be sure to look for a password manager that provides a secure way to share passwords and other sensitive information that you might keep in its encrypted vault.

Built-in Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is another feature that you might want to look for in a password manager because it adds an extra layer of security. You likely already know what MFA is, but just to recap, it’s a security method that requires users to present multiple proofs of identity. So with MFA enabled along with a master password you’d need to enter an additional code that might be sent to you via text, email, or an authentication app.

User-friendly interface

Security tools are most effective when used consistently. And so that’s exactly where a clean, intuitive user interface can make or break a product—a good user interface will not dissuade you from using the app.

Top review sites for password managers

Here, we’ve presented you with some of what we consider leading review sites. Each of them offers unique insights that can help you decide on a password manager:

  • TechRadar is known for its balanced approach, offering detailed comparisons and honest takes on products that caters to both tech enthusiasts and everyday users. They focus on usability, security features, and the overall value.

  • CyberNews focuses more on cybersecurity. They tend to test encryption strength and privacy protections. It is an ideal comparison site for those who are more into the technical details of what’s going on behind the hood.

  • Forbes Advisor as the brand name suggests, blends financial and tech insights, assessing password managers through the lens of security and cost-effectiveness.

  • VPNOverview seems to emphasize user experience, ease of use, compatibility, and daily application. Their reviews offer readers straightforward, practical advice on choosing a password manager for their daily online routines.

  • All About Cookies focuses more on privacy and data protection. It also tends to explore how password managers handle and secure user data. Its reviews cater for the privacy-conscious.

  • The Wall Street Journal provides in-depth analysis of software utility with a consumer electronics spin to it. Their thorough reviews and comparisons are meant for readers seeking expert opinions.

  • How-To Geek is known for making technology accessible. They break down the features and functionalities of password managers and so many other apps into easy-to-understand reads. Their approach is perfect for those new to password manager or those looking for a down-to-earth explanation.

  • Engadget provides a variety of reviews, offering a broad overview of password managers on the market. Their generalist approach is ideal for readers starting their search and looking for a list of available options.

  • FrAndroid provides detailed reviews for the French-speaking audience, focusing on the user interface, features, and language support. Their reviews and comparisons are invaluable for French users seeking a password manager that meets their specific needs.

  • Tom’s Hardware Italia offers comprehensive coverage tailored to Italian users. Their reviews are meticulously crafted to address the unique things Italians value in password security.

Wrapping up

Choosing a password manager that’s right for you can be tricky. With so many options and opinions out there, we hope this article made it a little bit easier for you to make an informed choice on which reviews sites to consider.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Vault doesn’t cut it: why you need a backup solution for Google Workspace

For organizations looking for an affordable, scalable productivity suite, Google Workspace is a great option. Designed with security in mind, it also has several features that promise to keep your organization’s most valuable asset – your data – safe.  

Your data is under constant threat – and the consequences can be costly

The safety of your data is under attack from many directions: cybercriminals as well as disgruntled users, accidental human error, programmatic errors and more pose a threat.  Cyberattacks especially are an ever growing challenge: incidents have doubled in some sectors due to the advances in AI enabling criminals to conduct increasingly sophisticated attacks. 

Data loss often comes with severe consequences for your business. The time and effort required to recover from the event and get critical operations running safely again can be significant. Being able to demonstrate business continuity in the event of a cyberattack is a legal requirement of regulations such as the Digital Operational Resilience Act (DORA) and the upcoming NIS 2 directive, and fines for non-compliance are hefty. Lastly, your reputation is on the line, too, especially when it is found that data security protection was lacking.

Google’s protection is not enough

Google’s safety mechanisms include end-to-end encryption and two factor authentication. However, Google’s built-in backup and recovery solution is insufficient, leaving you and your data at risk. There are two main reasons for this: 

  • Google’s built-in backup functionality provides only temporary and limited protection

Google constantly backs up your data to meet their service level agreements (SLA) in the event of a major service outage on their part. Your data is “sharded” (partitioned horizontally) and split between multiple regions and data centers so that in the event of a catastrophic failure or cyber attack on a single data center, your “live” data will still be available to you when you open up Google Workspace.

However, there are no automatic backups beyond 25 days, and only limited protection against accidental deletion and malicious users. 

  • Google Vault is not a backup solution

Some organizations use Google Vault, a protective layer to provide data retention and eDiscovery for compliance purposes, to backup their data, however Vault is not designed as a backup tool. It only stores the latest versions of your data and is not designed for recovery.

In fact, you are responsible if your data is lost or changed in many common circumstances such as:

  1. A user has modified content and you need to restore it back to a previous state.
  2. A malicious user has been able to modify and delete data because you have given them access to it through sharing and delegation policies.
  3. An admin has incorrectly set a policy or process (such as a Vault retention policy) leading to unwanted changes to your data such as pre-emptive deletion

Google Workspace and Google Vault lack basic backup functionality

Further limitations that disqualify Google Workspace and Google Vault as effective backup and recovery methods include:

  1. No mass restoration process – Google does not provide an easy, direct and effective method of restoring data in bulk. 
  2. Data restored may not be in the format required – For example, Google Vault will only allow you to restore emails in MBOX format with no label preservation.
  3. Limited time and no version control when restoring from Google Workspace Trash – Whilst you can retrieve deleted items from Trash, you only have a limited amount of time to do so (25 – 30 days) before it is permanently deleted. You will only be able to restore the latest version of the file or email with no granular version control.

How can you protect your data from the consequences of data loss?

In summary, relying on Google and Google Vault for backup and recovery exposes your organization to significant risk from data loss. Noncompliance, reputational damage and ultimately the cost of restoring your data and recovering from the loss further strengthen the case for implementing a robust backup and recovery solution.

CloudM Backup a simple yet powerful backup and recovery solution for Google Workspace that protects your data against accidental deletion and malicious users whilst providing quick and easy mass restoration should data loss occur.

Find out how CloudM backup can protect your organisation.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

Enabling Passwordless Authentication with Portnox Cloud PKI

Traditional password-based authentication methods have become a significant liability due to their susceptibility to breaches, phishing attacks, and human error. To address these challenges, Portnox’s cloud Public Key Infrastructure (PKI) offers a robust solution by enabling certificate-based passwordless authentication. This innovative approach not only strengthens security but also simplifies user experience and management for IT administrators.

Understanding Portnox’s Cloud PKI 

Portnox’s cloud PKI is a comprehensive platform that manages digital certificates to authenticate users and devices without relying on passwords. Public Key Infrastructure (PKI) uses pairs of cryptographic keys: a public key, which is shared openly, and a private key, which is kept secure. These keys work together to encrypt and decrypt information, ensuring secure communication and authentication.

With Portnox’s cloud PKI, digital certificates are issued to users and devices, replacing traditional passwords. These certificates are stored securely on the user’s device and used to authenticate access to enterprise networks and resources. This method eliminates the need for passwords, reducing the risk of unauthorized access and improving overall security.

Advantages of Portnox’s Cloud PKI

1. Enhanced Security

The primary advantage of Portnox’s cloud PKI is its ability to provide robust security through certificate-based authentication. Passwords are often the weakest link in security systems, prone to being guessed, stolen, or compromised through phishing attacks. Certificates, on the other hand, are much harder to forge or steal. By leveraging cryptographic keys, Portnox’s cloud PKI ensures that only authorized users and devices can access the network, significantly reducing the risk of breaches.

2. Simplified User Experience

Certificate-based authentication streamlines the user experience by eliminating the need for passwords. Users no longer have to remember complex passwords or reset them frequently. Instead, authentication happens seamlessly in the background, enhancing productivity and reducing frustration. This simplicity is especially beneficial in environments with high user turnover or where users need to access multiple applications and systems.

3. Centralized Management

Portnox’s cloud PKI offers centralized management of digital certificates, making it easier for IT administrators to oversee and control access to enterprise resources. Administrators can issue, revoke, and renew certificates from a single dashboard, ensuring that access rights are always up-to-date. This centralization also facilitates compliance with regulatory requirements, as administrators can easily track and audit authentication activities.

4. Scalability

As enterprises grow, so do their security needs. Portnox’s cloud PKI is highly scalable, allowing organizations to manage thousands of certificates effortlessly. Whether onboarding new employees, integrating new devices, or expanding to new locations, Portnox’s solution can accommodate these changes without compromising security or performance.

5. Reduced IT Workload

Managing passwords can be a significant burden for IT departments, often leading to increased workload and operational costs. Password resets, account lockouts, and helpdesk calls consume valuable resources. By adopting certificate-based authentication, enterprises can reduce these issues, freeing up IT personnel to focus on more strategic initiatives.

Improving Security Posture by Ditching Passwords

1. Mitigating Phishing Attacks

Phishing attacks are a common method for cybercriminals to steal credentials. By eliminating passwords, enterprises can effectively neutralize this threat vector. Certificates cannot be easily phished, making it much harder for attackers to gain unauthorized access.

2. Preventing Credential Theft

Even with strong passwords, credential theft remains a significant risk. Attackers use various techniques, such as keylogging and brute-force attacks, to steal passwords. Certificate-based authentication removes this risk entirely, as there are no passwords to steal. The private keys used in PKI are stored securely on devices and never transmitted over the network, further enhancing security.

3. Enhancing Multi-Factor Authentication (MFA)

Portnox’s cloud PKI can be integrated with multi-factor authentication (MFA) solutions to provide an additional layer of security. Certificates can serve as one factor, while biometrics, hardware tokens, or other methods can serve as the second factor. This layered approach ensures that even if one factor is compromised, the overall security remains intact.

4. Ensuring Compliance

Regulatory compliance is a critical concern for many enterprises, especially those handling sensitive data. Portnox’s cloud PKI helps organizations meet compliance requirements by providing secure, auditable authentication mechanisms. The ability to track and manage certificate lifecycles ensures that access controls are always aligned with regulatory standards.

5. Future-Proofing Security

As technology evolves, so do cyber threats. Password-based systems are becoming increasingly outdated and vulnerable. By adopting certificate-based authentication through Portnox’s cloud PKI, enterprises can future-proof their security infrastructure. PKI is a proven technology that continues to evolve, offering long-term benefits and adaptability to emerging security challenges.

Conclusion

Portnox’s cloud PKI and certificate-based passwordless authentication represent a significant leap forward in enterprise security. By eliminating passwords, enterprises can mitigate common threats, streamline user experience, and reduce the burden on IT departments. This approach not only enhances security but also positions organizations to adapt to future challenges. As cyber threats continue to evolve, adopting advanced authentication methods like Portnox’s cloud PKI is essential for maintaining a robust and resilient security posture.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×