Skip to content

Passwordless Authentication for Virtual Desktops & Applications: A Complete Guide with Thinfinity Workspace 8

Introduction to Passwordless Authentication

Passwordless authentication is rapidly becoming essential, replacing traditional passwords with stronger, user-friendly methods like biometrics and cryptographic keys. This guide explores passwordless authentication, its advantages for virtual environments, and how Thinfinity Workspace 8 supports its secure, seamless implementation.

By understanding and adopting passwordless authentication, organizations can enhance security, reduce operational costs, and improve user experiences across virtual desktops, applications, and web apps.

Table of Contents

  1. Why Passwordless Authentication is Essential
  2. Key Technologies in Passwordless Authentication
  3. How Thinfinity Workspace 8 Supports Passwordless Access
  4. Benefits of Passwordless Authentication for Businesses
  5. Industry Use Cases of Passwordless Authentication
  6. Best Practices for Implementation
  7. Addressing Common Passwordless Challenges
  8. Future Trends in Passwordless Authentication
  9. Frequently Asked Questions (FAQs)

1. Why Passwordless Authentication is Essential

The Risks of Passwords in Digital Security: Passwords have long been the primary access control, but they are prone to issues like phishing, brute-force attacks, and credential stuffing. According to Gartner, passwords are the most common source of breaches, making it essential for companies to find safer alternatives.
The Evolution Towards Passwordless: Passwordless authentication addresses these security challenges by eliminating passwords from the login process altogether, relying instead on secure, user-friendly methods such as biometrics and hardware keys. Gartner projects that by 2027, more than 75% of workforce transactions will be passwordless, showcasing a significant shift toward more secure authentication methods

Comparison of traditional passwords vs passwordless authentication, showing benefits like reduced IT costs and security.

2. Key Technologies in Passwordless Authentication

Passwordless authentication utilizes several advanced technologies to secure access, each designed to provide high-assurance, user-friendly options.

Identity Provider (IDP) Integration with SAML and OAuth

Most modern identity and access management systems use SAML (Security Assertion Markup Language) and OAuth 2.0 to facilitate secure, Single Sign-On (SSO) experiences. With Thinfinity Workspace 8, users can leverage popular IDPs, such as Microsoft Entra, Okta, Ping Identity, and Google Workspace, for unified access across applications without passwords.

FIDO2 Authentication

FIDO2 is an advanced, phishing-resistant standard developed by the FIDO Alliance, enabling secure, passwordless authentication via public-key cryptography. Thinfinity Workspace 8’s integration with FIDO2 ensures secure access to virtual desktops, applications, and web apps using biometrics, such as fingerprints and facial recognition, or hardware security keys.

Smart Cards and PKI (Public Key Infrastructure)

Smart cards and PKI certificates offer secure, cryptographic authentication for users, often required in highly regulated industries. Thinfinity Workspace 8’s support for smart cards and PKI-based certificates provides a robust authentication method for accessing sensitive applications, meeting compliance needs for finance, healthcare, and government organizations.

Windows Hello and Device-Based Biometrics (TPM)

Thinfinity Workspace 8 also integrates with Windows Hello, allowing users to authenticate through face recognition, fingerprint scans, or PINs. These biometrics are stored on the device’s Trusted Platform Module (TPM), making it a strong choice for Windows-based environments that prioritize both security and user convenience.

3. How Thinfinity Workspace 8 Supports Passwordless Access

Passwordless Authentication options: FIDO2, Smart Cards and PKI, Windows Hello, and IDP Integration, each with unique security benefits

Thinfinity Workspace 8 is a secure platform built to support the future of authentication. By enabling seamless passwordless access through FIDO2, smart cards, SAML/OAuth-based IDP integration, and Windows Hello, Thinfinity ensures that users can securely access their virtual desktops, applications, and web apps without the need for passwords.
Thinfinity’s passwordless methods align with zero-trust principles, which emphasize continuous verification and least-privilege access to safeguard organizational assets. By supporting diverse authentication methods, Thinfinity Workspace 8 caters to enterprise security needs, user preferences, and regulatory compliance.

Venn diagram illustrating Zero Trust Security as the intersection of Authentication Methods and Role-Based Access Control (RBAC)

4. Benefits of Passwordless Authentication for Businesses

1. Strong Phishing Resistance

Passwordless authentication methods such as FIDO2 and PKI certificates are inherently resistant to phishing and other social engineering attacks. By removing passwords from the equation, organizations reduce their vulnerability to credential-based breaches, protecting user data and enhancing trust.

2. Improved User Experience and Efficiency

Passwordless access enables quick, frictionless authentication, allowing users to access their work with ease. By integrating biometrics and hardware keys, Thinfinity Workspace 8 eliminates the need for complex passwords, reducing login times and enhancing productivity.

3. Reduced IT Costs and Overhead

Password resets account for a significant portion of helpdesk requests. By adopting passwordless authentication, organizations can significantly reduce these support requests, lower IT costs, and free up resources for more strategic initiatives.

4. Compliance with Industry Standards

Passwordless methods supported by Thinfinity Workspace 8, like FIDO2 and PKI certificates, meet compliance standards for multi-factor authentication (MFA) in regulated sectors, providing a secure, compliant solution for accessing sensitive data and applications.

Benefits of passwordless authentication: Phishing resistance, improved user experience, IT cost reduction, compliance, enhancing security and efficiency.

5. Industry Use Cases of Passwordless Authentication

Passwordless authentication is increasingly essential across industries where secure, compliant access is a priority. Thinfinity Workspace 8’s advanced capabilities make it an ideal solution for sectors with stringent security and regulatory requirements.

Healthcare

In healthcare, where every second counts, passwordless authentication allows for fast, secure access to sensitive patient information. Thinfinity Workspace 8’s support for biometric authentication and smart cards ensures that healthcare providers can access records instantly without compromising data security. By adhering to data privacy regulations like HIPAA, Thinfinity helps healthcare institutions maintain compliance while protecting patient data from unauthorized access.

Finance

Financial institutions are prime targets for cyber threats, given the sensitive customer data and financial assets they manage. Passwordless authentication reduces the risk of credential theft, ensuring secure, compliant access to financial applications. Thinfinity Workspace 8’s integration with FIDO2 and smart cards provides phishing-resistant, high-assurance authentication for finance professionals, meeting rigorous compliance standards such as PCI DSS and protecting sensitive information from unauthorized access.

Government

Government agencies often handle classified information and are therefore subject to stringent security and compliance requirements. Thinfinity Workspace 8 supports PKI certificates and smart card authentication, making it an ideal solution for government organizations. With passwordless methods, government employees can securely access classified information while complying with regulatory standards, ensuring that sensitive data remains protected from unauthorized access.

Oil and Gas

The oil and gas industry faces unique security challenges, including the need to secure remote and distributed assets. With Thinfinity Workspace 8, oil and gas companies can implement passwordless authentication to control access to critical infrastructure and data, protecting operational systems from unauthorized access. Biometric and smart card authentication methods reduce security risks, especially in high-stakes environments like oil rigs or remote data centers, where physical security is often limited. Thinfinity also supports compliance with industry-specific regulations, such as NERC CIP, ensuring that digital assets are safeguarded against both physical and cyber threats.

Banking

In the banking sector, where financial transactions and customer data must be rigorously protected, passwordless authentication minimizes the risk of credential-based attacks, such as phishing and credential stuffing. Thinfinity Workspace 8’s FIDO2 and smart card support enables banks to offer customers and employees secure, frictionless access to banking applications. Passwordless methods also help meet compliance requirements, such as GDPR and FFIEC regulations, while enhancing user experience. By implementing passwordless authentication, banks can secure sensitive financial information, build customer trust, and streamline the login experience for employees and clients.

Defense

The defense industry is a high-security sector that requires robust measures to protect classified information and critical systems. Thinfinity Workspace 8’s PKI and smart card integrations allow defense organizations to implement passwordless, multi-factor authentication for secure access to sensitive data. Biometric authentication further enhances security, ensuring that only authorized personnel can access classified information and mission-critical systems. Compliance with standards such as CMMC and ITAR is essential in defense, and Thinfinity’s passwordless capabilities help defense organizations meet these strict requirements while safeguarding national security assets.

Main industries for passwordless authentication: Healthcare, Finance, Government, Oil and Gas, Banking, Defense

6. Best Practices for Implementing Passwordless Authentication

Successful implementation of passwordless authentication requires careful planning and a focus on user experience:

  • User Training and Onboarding: Provide comprehensive training to help users understand and adopt passwordless methods. Self-service onboarding through SSO integrations with popular IDPs can further ease the transition.
  • Credential Management and Recovery: Implement strong credential management policies, including clear guidelines for credential recovery and secure self-service options.
  • Compliance and Security Monitoring: Leverage Thinfinity’s logging and monitoring features to track login attempts, access patterns, and unauthorized attempts. Monitoring ensures compliance and helps proactively address potential security issues.

7. Addressing Common Passwordless Challenges

Despite its benefits, passwordless authentication presents challenges that organizations should consider:

  • Device and Technology Compatibility: Ensure that the devices used by employees support passwordless methods like biometrics or hardware tokens.
  • User Resistance: Passwordless authentication is a paradigm shift. Offering training and emphasizing the benefits of streamlined, secure access can help drive adoption.
  • Recovery Options for Lost Credentials: Have policies in place for managing lost credentials, such as hardware tokens, to avoid disruption in access.

8. Future Trends in Passwordless Authentication

Passwordless authentication is evolving quickly, with several exciting trends on the horizon:

  • Expansion of FIDO2 and Biometrics: FIDO2 and device-based biometrics are becoming the standard for passwordless access, providing highly secure, user-friendly options.
  • Cross-Device Authentication: Solutions that allow users to authenticate across multiple devices, such as Apple’s and Google’s passkey support, are on the rise, creating a more seamless authentication experience.
  • Zero-Trust Security Alignment: Passwordless authentication is central to zero-trust security frameworks, focusing on continuous verification rather than static credentials.

As passwordless technology matures, organizations that implement it now will be better positioned to adopt these advancements with minimal disruption.

9. Frequently Asked Questions (FAQs)

What is passwordless authentication?

Passwordless authentication removes the need for traditional passwords, using secure methods such as biometrics, cryptographic keys, and hardware tokens instead.

Why is passwordless authentication more secure than traditional passwords?

Passwordless methods reduce risks like phishing and brute-force attacks by using non-reusable, phishing-resistant credentials that are difficult to replicate or steal.

How does Thinfinity Workspace 8 support passwordless authentication?

Thinfinity Workspace 8 supports FIDO2, smart cards, SAML/OAuth-based IDP integration, and Windows Hello, providing robust, secure options for virtual desktops, applications, and web apps.

Can passwordless authentication help with compliance?

Yes, passwordless methods such as PKI and FIDO2 meet compliance standards for MFA, making them suitable for regulated industries like finance, healthcare, and government.

Conclusion

Passwordless authentication is redefining digital security, providing organizations with a secure, efficient, and user-friendly alternative to traditional passwords. Thinfinity Workspace 8 is a powerful tool in this transition, offering robust support for FIDO2, smart cards, and biometric methods to secure virtual desktops, applications, and web apps.
For organizations looking to reduce operational costs, enhance user experiences, and stay ahead in cybersecurity, adopting passwordless authentication with Thinfinity Workspace 8 is a strategic step forward. Embrace the future of authentication with Thinfinity, and secure your organization’s digital landscape with a passwordless approach.

About Cybele Software Inc.
We help organizations extend the life and value of their software. Whether they are looking to improve and empower remote work or turn their business-critical legacy apps into modern SaaS, our software enables customers to focus on what’s most important: expanding and evolving their business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Ensure compliance with DORA’s ICT risk framework using runZero

Uncover the unmanaged and unknown to meet hidden risk requirements

With the Digital Operational Resilience Act (DORA) set to take effect on January 17th, 2025, financial institutions across the European Union must prepare to meet stringent regulatory requirements. At its core, DORA mandates resilience in Information and Communication Technology (ICT) systems, covering five primary pillars:

  1. ICT risk management

  2. Incident reporting

  3. Resilience testing

  4. Third-party risk management

  5. Information sharing

While these pillars seem straightforward, the implementation has a hidden complexity in meeting standards: unmanaged and unknown assets. These devices—ranging from decentralized IT assets to unconventional (but highly-interconnected ) IoT and OT devices—are notoriously hard to identify and secure.

Why are these unmanaged and unknown devices such a critical focus of DORA? The answer lies in their profound impact on the regulatory pillars. These assets, often hidden in the shadows of your environment, don’t just represent gaps in visibility—they create vulnerabilities that ripple through every aspect of operational resilience.

Consider this: over 60% of connected devices are invisible to defenders, and unmanaged assets were linked to 7 out of 10 breaches last year. To truly grasp the gravity of this problem, let’s explore how these blind spots hinder compliance across DORA’s relevant pillars—and what it takes to close those gaps effectively.

DORA chapter requirement

Downstream effect of unmanaged and unknown assets

ICT risk management

Develop and implement comprehensive frameworks to identify, assess, and mitigate information and communication technology (ICT) risks, ensuring robust protection against potential threats.

How can you protect something you don’t know exists? Unmanaged assets create gaps in your risk management framework, making it impossible to fully identify, assess, and mitigate vulnerabilities. Without a clear picture of your entire environment, staying compliant with DORA’s ICT risk management standards becomes a major challenge.

Incident reporting

Establish mechanisms for the timely detection and reporting of significant ICT-related incidents to regulatory authorities, facilitating prompt response and mitigation.

Unmanaged assets are often where problems start—and if they’re exploited, you might not even know an incident happened. That means delays in detection, reporting, and response, putting you at risk of missing DORA’s strict incident reporting timelines.

Resilience testing

Conduct regular testing of ICT systems to evaluate and enhance their resilience against disruptions, ensuring continuous and secure operations.

Resilience testing is about ensuring your ICT systems can handle disruptions. But if unknown assets aren’t included, you’re testing only part of your environment, leaving hidden risks unchecked. That’s a compliance issue waiting to happen.

Third-party risk management

Implement stringent oversight and management of third-party ICT service providers to ensure they adhere to security and resilience standards, thereby safeguarding the institution’s operations.

Shadow IT and forgotten vendor integrations often bring unmanaged assets into the mix. If you don’t have visibility into these, there’s no way to verify that your third-party providers are meeting DORA’s security and resilience standards.

To truly meet DORA’s requirements, you need complete visibility into your environment. Unmanaged and unknown assets are like puzzle pieces left out of the box; they make it impossible to see the full picture. Discovery and management of all your assets are the true foundation of compliance and resilience. Relying solely on traditional discovery and vulnerability management tools often leaves critical gaps, potentially putting you at risk of non-compliance—or worse, exposing your organization to security threats.

That’s where runZero comes in. Unlike traditional tools, runZero uncovers the unmanaged, unknown, and shadow IT assets that others miss using novel discovery and scanning techniques. In fact, enterprises on average find 25% more assets with runZero than they were previously aware of. Our objective is to provide you with unparalleled visibility across IT, OT, IoT, including those assets that aren’t actively managed. By layering in-depth fingerprinting data and detailed insights into vulnerabilities and exposures, runZero helps you to close those gaps, meet DORA’s requirements with confidence, and build a stronger, more resilient ICT environment.

DORA chapters

runZero alignment

ICT risk management

With runZero, you gain the tools to create and maintain robust ICT risk management frameworks. Complete asset discovery, continuous monitoring of IT, OT, IoT, and unmanaged devices, and identification of vulnerabilities and protection gaps across your critical operational assets ensure you have a complete view of your environment. This eliminates blind spots, supports thorough risk assessments, and empowers you to proactively mitigate ICT risks before they become problems.

Incident reporting

runZero provides detailed data on all assets, asset ownership, and associated exposures, helping you accurately assess the potential impact of incidents. You can easily map affected areas of the network and use runZero’s insights to classify and prioritize incidents effectively. With this level of clarity, you can respond rapidly to incidents, minimizing disruption and staying aligned with DORA’s reporting requirements.

Resilience testing

When it’s time to test your ICT systems’ resilience, runZero ensures your assessments cover the entire environment, both internally and externally. By providing visibility into system configurations, vulnerabilities, and sensitive areas, as well as leveraging external scanning to validate exposures on the edge, runZero helps you prioritize critical assets for testing. It maps out network structures and highlights exposures, so your testing efforts are targeted, accurate, and effective, ultimately strengthening your operational readiness.

Third-party risk management

If third-party ICT service providers are connected to your environment, runZero helps you keep them in check. It provides visibility into third-party managed assets, their network interactions, and any configuration changes that might introduce risks. With runZero, you can map dependencies, uncover vulnerabilities, and assess the impact of third-party services, enabling you to mitigate risks proactively and maintain a secure and resilient ICT ecosystem.

The high-level overview of how runZero aligns with DORA’s pillars demonstrates its powerful capabilities. However, to truly appreciate its impact, let’s explore how runZero directly maps to specific DORA articles, such as Articles 6, 7, 8, and 9. These articles outline the actionable steps required for ICT risk management, resilience, and collaboration. The section below also illustrates how runZero goes beyond compliance to deliver operational excellence.

 

Article 6: ICT risk management framework

What DORA requires:

  • Develop a framework to identify, assess, and mitigate ICT risks.

  • Address risks tied to internal systems, third-party services, and external threats.

 

Key challenges:

  • ICT risk management frameworks often rely on incomplete inventories.

  • Without identification of all assets and understanding device interdependencies, assessing impact and mitigation strategies is guesswork.

 

How runZero helps:

runZero supports the creation and maintenance of ICT risk management frameworks by delivering advanced asset discovery, continuous monitoring of IT, OT, IoT, and unmanaged devices, and identifying vulnerabilities and security control gaps.

  1. Complete asset discovery:

    • Identifies all IT, OT, IoT, and unmanaged devices using active scanning, passive scanning, and integrations.

    • Incorporates external scanning to identify assets and monitor risks on the edge, ensuring comprehensive visibility across both internal and external attack surfaces.

    • Accurately and precisely fingerprints assets providing deeper insights for more accurate risk assessment and mitigations.

    • Detects shadow IT and rogue devices not visible to traditional tools.

  2. Risk interdependency mapping:

    • Maps relationships between assets, revealing critical dependencies.

    • Identifies single points of failure, such as connections between essential systems and vulnerable third-party services.

  3. Risk monitoring:

    • Identifies issues beyond CVEs, such as misconfigurations, segmentation weaknesses, insecure services, EoL, policy violations, etc.

    • Monitors for emerging risks and zero-day vulnerabilities through the Rapid Response Program, enabling swift identification of vulnerable assets without the need for rescanning.

    • Tracks changes in device configurations and interdependencies.

    • Uses safe scanning to identify fragile devices without the risk of disrupting operations.

    • Alerts on deviations, such as newly connected devices or unexpected configuration changes, that introduce new risks.

  4. Enriched risk context:

    • Integrates with a broad range of existing security solutions in your stack to provide enriched asset data, improving risk analysis and prioritization.

Outcome:
runZero ensures that your ICT risk management framework is underpinned by a complete and up-to-date view of all assets, enabling precise risk assessment, mitigation, and operational resilience.

 

Article 7: ICT systems, protocols, and tools

What DORA requires:

  • Implement secure ICT systems and tools designed to safeguard the organization’s digital infrastructure from unauthorized access and cyber threats.

  • Maintain a complete and continuously updated inventory of ICT assets.

  • Conduct regular resilience testing through vulnerability assessments and security audits.

 

Key challenges:

  • Legacy discovery tools fail to capture non-traditional protocols or devices outside standard IT ecosystems.

  • Inventory updates are often manual, leading to outdated or incomplete data.

  • Testing often overlooks unmanaged or obscure devices, leaving blind spots.

 

How runZero helps:

With runZero, you gain visibility into your IT, OT, and IoT assets, ensuring every device in your environment is tracked and accounted for. This gives you the deep insight needed to uncover vulnerabilities, misconfigurations, and insecure protocols while mapping interdependencies to reveal hidden security gaps. By spotlighting all assets and exposures, runZero helps you ensure nothing is overlooked, empowering you to make more accurate assessments and build stronger defenses.

  1. Complete, up-to-date inventory management:

    • Provides comprehensive visibility into both internal and external assets, including IT, OT, and IoT devices to ensure all systems are tracked.

    • Regularly updates asset data through continuous monitoring, maintaining up-to-date visibility into the network’s infrastructure.

    • Discovers unknown and unmanaged devices that may not have been previously tracked, ensuring that all assets are accounted for.

    • Updates inventories continuously through automated scanning, ensuring accuracy.

  2. Informs security of ICT systems, protocols, and tools:

    • Identifies CVEs and non-traditional vulnerabilities, such as insecure services and segmentation weaknesses, that compromise infrastructure.

    • Continuously monitors for new or unexpected devices, ensuring prompt response to unauthorized access attempts.

    • Detects outdated or misconfigured protocols like SMBv1, Telnet, or unencrypted HTTP.

    • Maps interdependencies between systems, helping organizations understand how internal and external assets interact including gaps or deficiencies in security controls and segmentation weaknesses

  3. Resilience testing optimization:

    • Ensures that all assets, including hidden and rogue devices, are included in vulnerability assessments and threat-based testing procedures.

    • Supports more accurate threat assessments by continuously updating data on internal and external attack surfaces, even as they change.

    • Provides detailed context for each device, such as OS versions, open ports, and known vulnerabilities (CVEs), to prioritize testing efforts.

  4. Third-party tool integration:

    • Integrates with vulnerability management and endpoint security tools to enhance testing scopes and ensure no assets are missed.

Outcome
runZero delivers detailed asset visibility, empowering your teams to secure ICT systems and conduct comprehensive resilience testing with confidence.

 

Article 8: Identification of critical assets

What DORA requires:

  • Identify and prioritize critical ICT assets and services.

  • Map interdependencies between systems to understand potential cascading failures.

  • Continuously monitor critical assets for emerging risks.

 

Key challenges:

  • Identifying critical assets isn’t just about visibility; it requires understanding each device’s function, connectivity, and risk profile.

  • Interdependency mapping is complex, particularly when third-party services or legacy systems are involved.

  • Monitoring is often siloed, missing broader network impacts.

 

How runZero helps:

runZero gives you full visibility into your critical IT, OT, and IoT assets, maps out how they’re connected, and spots risks like vulnerabilities or misconfigurations. By continuously keeping an eye on everything, it helps you stay ahead of threats and keep your most important systems secure.

  1. Critical asset discovery:

    • Identifies critical devices and services through advanced fingerprinting techniques.

    • Highlights assets critical to business operations based on their roles and interdependencies.

  2. Comprehensive risk mapping:

    • Maps interdependencies across IT, OT, IoT, and third-party systems.

    • Visualizes network connections and highlights cascading risks from single points of failure.

    • Combines detailed internal fingerprinting with external data sources to uncover hidden risks such as shared cryptographic keys, cloned assets, and overlooked misconfigurations that EASM tools miss.

    • Highlights network segmentation issues.

  3. Risk prioritization:

    • Assesses vulnerabilities in critical systems, including software versions, configuration issues, and exposure levels.

    • Monitors for emerging risks and zero-day vulnerabilities through the Rapid Response Program, enabling swift identification of vulnerable assets and timely remediation.

    • Assesses and prioritizes externally facing assets as critical, highlighting high-risk targets with vulnerabilities or misconfigurations that could expose the organization to external threats.

    • Flags critical assets with high-risk vulnerabilities or misconfigurations.

  4. Continuous monitoring:

    • Tracks changes in critical systems, such as new software vulnerabilities or configuration deviations.

    • Monitors for emerging threats, such as exploits targeting specific device types.

Outcome:
runZero provides a detailed, dynamic understanding of critical assets, their risks, and their interdependencies, enabling your team to make more informed decision-making and proactive risk mitigation.

 

Article 9: Protection & prevention

What DORA requires:

  • Regularly update software and apply security patches.

  • Address vulnerabilities promptly to minimize risks across systems.

 

Key challenges:

  • Legacy systems and IoT devices often have unique patching challenges, such as vendor-specific firmware updates.

  • Traditional vulnerability management tools struggle to identify end-of-life (EOL) systems or devices with no official CVEs.

 

How runZero helps:

With runZero, you get actionable insights to identify vulnerabilities, enforce security policies, monitor patch status, and stay ahead of emerging risks—ensuring your protection and prevention measures, from IT to IoT, are secure and compliant.

  1. Vulnerability identification:

    • Monitors for emerging risks and zero-day vulnerabilities through the Rapid Response Program, enabling swift identification of vulnerable assets without the need for rescanning.

    • Detects outdated software and unpatched systems across all device types, including OT and IoT.

    • Highlights vulnerabilities in non-traditional assets, such as smart cameras or building management systems.

  2. Policy enforcement:

    • Flags misconfigurations, insecure protocols, and policy violations on a continuous basis.

    • Identifies segmentation weaknesses that expose critical systems to lateral movement attacks.

  3. Patch monitoring:

    • Tracks patch status for all devices, ensuring critical systems are prioritized.

    • Identifies EOL systems, providing actionable recommendations for replacements or compensating controls.

  4. Time-sensitive risk updates:

    • Monitors the external attack surface for vulnerabilities in known or unknown assets exposed on the network edge, ensuring timely detection and mitigation of risks.

    • Continuously monitors for new vulnerabilities or exploits targeting devices in your environment.

    • Alerts on deviations from secure configurations, such as weakened encryption protocols.

Outcome:
runZero empowers your team to proactively manage patching and configuration efforts, ensuring no vulnerabilities are left unchecked—even in unconventional or legacy systems.

 

runZero: Your Partner in DORA Compliance

Compliance with DORA is a monumental challenge that requires comprehensive asset visibility and continuous exposure management. runZero’s capabilities go beyond traditional solutions, offering financial institutions a unified solution to:

  • Discover all assets, including IT, OT, IoT, and unmanaged devices.

  • Monitor continuously for new vulnerabilities, changes, and risks across your completed attack surface..

  • Provide detailed data to enrich security and compliance workflows.

With runZero, you can bridge the gaps that traditional tools leave behind, ensuring not just compliance, but true resilience against today’s evolving cyber threats.

 

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

AIOps: Boosting IT operations with machine learning

The rise of artificial intelligence and big data has paved the way for a new approach to IT operations: AIOps (artificial intelligence in IT operations). By using machine learning, AIOps enables increased automation, deeper insights, and most importantly for NordVPN—less downtime.

What is AIOps?

The global scope of NordVPN generates an avalanche of variable data that affects our user experience. With such a huge volume, our data analytics team is always on the lookout for ways to automate incident response protocols. These protocols involve diagnosing issues, resolving them, and then performing root cause analysis to avoid them happening again.

An AIOps model processes data points from all kinds of systems and processes – syslog, SNMP, configuration changes – and looks for specific issues they’ve been trained on. It then automatically feeds back intelligence, diagnostics, and recommended actions to our IT team, enhancing accuracy and reliability in their operations.

Let’s look at the various approaches to incident response (IR) management.

IR maintenance protocols overview

Most incident management steps are performed by system administrators, site reliability engineers, and similar personnel, depending on the issue. Alerting is usually based on simple rules (“if X increases, Y will decrease and we should alert Z”) when in reality the relationships between hundreds of parameters and dimensions in our system are anything but simple. We’re typically reacting to results rather than accurately predicting things because so many situations are not perceptibly related or logically connected.

IR maintenance protocols can be broadly divided into two main groups, reactive (reacting after an incident occurs) and proactive (acting before the incident occurs). To be precise, let’s drill down into these main groups’ more specific subcategories.

Reactive

  • Palliative: Fix the issue and assume it won’t occur again. No further actions taken.

  • Curative: Fix the issue, assume it won’t occur again, but perform root cause analysis to be sure.

Proactive

  • Planned: Intentionally break our own systems to identify and fix potential issues.

  • Conditional: Select a threshold (usually on a parameter value) that might cause an issue. Once the threshold is reached, we send an alert and prevent the problem.

Predictive and prescriptive categories are the most efficient IR protocols, but this comes at a cost: they’re also the most difficult to implement. With AIOps, however, they become more viable.

  • Predictive: Utilize machine learning or big data analysis to predict and fix a potential issue before it occurs.

  • Prescriptive: The ‘holy grail’ of AIOps. The system does everything automatically.

Now that we have an overview of IR protocols, we can explore how AIOps can enhance each phase, from perception to action.

The spectrum from reactive to proactive maintenance protocols. AIOps is about being as proactive as possible.

How AIOps can improve our incident response

  1. Perception: With AIOps, we’re not limited to one layer of data as with most standard IT maintenance protocols. Instead, all data layers and telemetry are simultaneously integrated – technical (servers, RAM), application (events), functional (network traffic, API endpoint results), and business (product metrics, KPIs). A comprehensive approach like this, which leverages real-time as well as historical data, is risky but offers significant upside potential.

    Why the risk? With machine learning, it’s difficult to evaluate whether the model has properly calculated the relationships between data across layers. We can lose transparency during decision-making, and some decisions might seem illogical from a human perspective. This is important to keep in mind when using AIOps.

  2. Prevention: The ideal AIOps stack spots vulnerabilities and potential failures before they occur. For example, if a server is reaching a critical CPU limit, the platform automatically directs the API to stop recommending that server to newly joining users. New users are spared a sluggish connection while those already connected don’t experience any downtime. While load balancing is a common strategy, AIOps can elevate the process and adapt to long-term trends like seasonal fluctuations, dynamically adjusting server limits to ensure a smooth user experience.

  3. Detection: AIOps models excel at spotting anomalies in established trends and patterns. Anomalies can pop up from anywhere and are often caused by external factors or faulty monitoring, which can be detected by an AIOps system hooked up to outside data feeds and APIs. Automatically detecting system slowdowns, errors, and security vulnerabilities enables us to avoid downtime and ensure a stable service for our customers.

  4. Location: In-depth analysis of the root cause and location of the issue. AIOps will point out a specific set of components and variables that might have triggered an incident. Again, this will not be limited to internal factors only, but also consider external factors (e.g. network conditions, number of users and their behavior, and similar).

  5. Interaction: Prioritizes and triages incidents, suggests corrective actions, and flags issues that require human input. Our team prioritizes issues based on the number of users that would be affected or at risk if a certain fault is not prevented. Additionally, AIOps can utilize prepared responses to specific situations based on historical data and incident resolution patterns.

Okay, this all sounds great! So why haven’t we done this yet?

AIOps implementation checklist

  1. Need: First off, evaluate whether you actually need to leverage AIOps. If your operations team is typically facing more incidents than they can comfortably handle, it might be time to change. In our case at NordVPN, with an ever-expanding customer base, server requirements, area coverage, and platform offering, AIOps was a necessary optimization.

  2. Team: An effective AIOps team requires a diverse set of roles, including data engineers and scientists to build and refine the AI models, and data analysts to extract useful insights. Engineering across DevOps, site reliability, and full stack ensures seamless integration, process automation, and system performance/scaling. Security specialists and project managers oversee the security and overall workflow of the project.

  3. Hardware: Appropriate processing power, a decent amount of storage, and high-speed networking capability.

  4. Software: Big data platforms (detailed below), ETL tooling, selected ML and AI tools, CI/CD tools, containerization platforms (Docker/Kubernetes), and monitoring tools.

  5. Data: The data management platform generally has to be built from the ground up and include all relevant ingest data, such as event logs, traces, incident reports, etc.

    Building a platform for that kind of scale is a huge job. There are third-party AIOps platforms out there, but they still require a major effort to align with your specific needs and often necessitate a data lake to centralize your data. You’ll also need the appropriate APIs.

  6. Trust: It takes a mindset shift in your team or company to trust models over humans to diagnose incidents correctly. Don’t pass over this one—it’s key to successfully adopting new IT approaches like AIOps. You could start by gradually incorporating models in low-risk scenarios or incident patterns. Your team can experience the advantages of AIOps firsthand, which will build confidence and trust in this new approach.

  7. Quality data: So important that we have to say it twice. Anything we want to achieve with data science or artificial intelligence relies on a strong data foundation. I’ll explore this topic in greater detail in my next blog, so follow us on LinkedIn or Instagram to be notified when it’s out.

To wrap up, we’ve found that a well-implemented AIOps system is an efficient way of bringing excellent service to customers. Equipped with deeper insights and increased automation, our IT team was able to shift focus to priority incidents and innovation with AIOps.

Explore data roles at Nord Security.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Tackling Insider Attacks

It’s hard to accept, but the facts don’t lie: organizations must face the reality that “the call may be coming from inside the house.” In other words, you have a bad actor on your team. 

Whether it’s malicious intent or simply human error, someone may be derailing your business security from the inside. 

What Is an Insider Threat?

An insider threat is a security risk posed by individuals within an organization who have access to its data, systems, or premises. These threats can originate from current or former employees, contractors, business partners, or anyone granted access to the organization’s infrastructure. 

They can be malicious, with the intent to cause harm, or unintentional, stemming from negligence or mishandling (such as falling victim to phishing attacks).

PAM vs. Your Insider Threats

Insider breaches can lead to severe financial losses and damage an organization’s reputation. Privileged Access Management (PAM) solutions, like those offered here at senhasegura, are essential in reducing these threats. 

A key concept in PAM is the Principle of the Least privilege (PoLP), which limits access rights to only what is necessary for users to perform their duties, reducing the risk of misuse or exploitation. By controlling and monitoring privileged access, senhasegura’s PAM solution minimizes the attack surface and ensures that potentially dangerous actions are detected and addressed.

senhasegura’s PAM solution provides continuous insider threat detection by monitoring and auditing all activities performed through privileged accounts. Its capabilities include detecting and addressing potentially harmful actions before they escalate, reducing the attack surface.

This allows organizations to identify insider threat indicators such as:

  • Unusual Access Patterns: Attempts to access systems outside of normal working hours or from unexpected locations.
  • Data Transfers: Unauthorized or unusually large transfers, uploads, or downloads of data.
  • Behavioral Deviations: Actions that significantly deviate from a user’s established behavior patterns.

The Power of Session Management

PAM solutions also offer session management capabilities, including monitoring and recording user activities during privileged sessions. If a user is detected possibly engaging in malicious or unauthorized actions, the PAM system will detect and flag these activities for immediate review. 

This level of monitoring ensures that even subtly suspicious behaviors are recorded and available for analysis.

The case of Edward Snowden is an infamous insider threat example. Snowden, an NSA contractor, used his authorized access to leak sensitive data. Although he had legitimate access, his actions in exfiltrating and disseminating data were unusual and could have been flagged by proper PAM monitoring.

Excessive or unchecked privileged access can be easily exploited by bad actors, resulting in data breaches and unauthorized actions. Misuse and exposure of sensitive data can lead to catastrophic outcomes, especially if an attacker gains access through compromised credentials.

To combat these risks, PAM solutions employ all sorts of measures, including the rotation of credentials and restriction of access, ensuring that even if a credential is compromised, it is of limited value to attackers.

People First: Insider Threat Training

While technical solutions are essential, providing insider threat training to your team is equally important. Organizations must educate employees on security best practices and establish a culture of vigilance. 

Human errors, whether due to carelessness or lack of awareness, can (and will) be exploited by attackers. Combining advanced PAM technology with regular training is vital for effective insider threat prevention.

Trust No One

Organizations should adopt a Zero Trust approach, which assumes that no one – regardless of rank or role – can be trusted by default. This framework recognizes that even well-meaning employees can make mistakes that lead to security incidents. 

This matters even more for upper management, whose accounts are highly targeted because of their elevated privileges. Effective insider threat management involves not only reactive measures but also proactive steps, such as analyzing user behavior, evaluating risk, and assessing access controls. 

These actions anticipate and prevent potential threats before they escalate.

Remote Work and Hybrid Environments

The ship has sailed. Days of closed systems and dedicated internal servers are gone. The rise of remote and hybrid work has created new challenges for insider threats in cyber security

Without traditional physical boundaries, it’s harder to monitor user activities—further compounded by high turnover and increased third-party access. PAM solutions offer centralized control and monitoring, ensuring secure management of both internal and external users – no matter where they work.

Broad Capabilities for Insider Threat Prevention

senhasegura offers a centralized platform to manage privileged accounts, enforce the principle of least privilege, monitor user activities, and provide insider threat detection through real-time alerts and session recordings

These solutions include credential rotation, detailed auditing, and management of third-party access, all of which are critical in managing risks and mitigating insider threats

By ensuring visibility, security, and compliance, senhasegura strengthens organizations against insider threats, reducing their impact and enhancing overall security posture.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Storware Backup and Recovery 7.1 Release

Enhanced cross-hypervisor restores, broadened storage options, and expanded OS support – Storware Backup and Recovery 7.1  introduces breakthrough functionality, empowering organizations with enhanced flexibility and efficiency in data recovery and migration across diverse virtual environments.

Storware Backup and Recovery 7.1 will be generally available on 01/01/2025.

Storware 7.1 – what’s new?

→ With 7.1, Storware introduces an advanced cross-hypervisor restoration capability, allowing for virtual machine (VM) restores between distinct hypervisor types, including VMware vCenter/ESXi and OpenStack/Virtuozzo. Additionally, users can now leverage a new VM-to-VM (V2V) migration feature, which enables seamless migration of vSphere VMs directly into OpenStack environments—providing a straightforward path to consolidate and optimize multi-cloud infrastructures.

 To support growing data retention and disaster recovery requirements, Storware Backup and Recovery 7.1 now includes secondary backup destination support for Ceph RBD and Nutanix Volume Groups. This addition ensures that critical data remains safe and accessible across various storage systems, offering users increased flexibility in storage management.

→ The new release extends the operating system agent (OSA) capabilities to macOS, enabling businesses to streamline their data protection strategy across a broader array of operating systems. Moreover, Storware Backup and Recovery 7.1 is fully compatible with Canonical Ubuntu 24, further strengthening its commitment to supporting a diverse and evolving IT ecosystem.

→ In response to user feedback, version 7.1 introduces a list of commonly used paths in Backup Policies, helping IT administrators save time by simplifying the configuration process. This feature includes default exclusions for Windows and Linux in Backup Policy settings, making policy setup more efficient. Furthermore, this release brings notable advancement: VM disk-level settings for Proxmox VE restoration.

→ Support for backup sources has also been expanded to include VergeOS, providing the ultimate protection for the ultra-converged infrastructure of this VMware alternative.

→ Storware Backup Appliance– With this release, we are introducing our first ever physical and virtual backup appliance to the market. It is the most versatile device in the world, equipped with all the reliable features and ZFS-based deduplication.

Storware 7.1 high level architecture:

Backup → Recover → Thrive

Storware Backup and Recovery ability to manage and protect vast amounts of data provides uninterrupted development and security against ransomware and other threats, leverages data resilience, and offers stability to businesses in today’s data-driven landscape.

About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×