tracylamv2，作者 Version 2

Ensure compliance with DORA’s ICT risk framework using runZero

Uncover the unmanaged and unknown to meet hidden risk requirements

With the Digital Operational Resilience Act (DORA) set to take effect on January 17th, 2025, financial institutions across the European Union must prepare to meet stringent regulatory requirements. At its core, DORA mandates resilience in Information and Communication Technology (ICT) systems, covering five primary pillars:

ICT risk management
Incident reporting
Resilience testing
Third-party risk management
Information sharing

While these pillars seem straightforward, the implementation has a hidden complexity in meeting standards: unmanaged and unknown assets. These devices—ranging from decentralized IT assets to unconventional (but highly-interconnected ) IoT and OT devices—are notoriously hard to identify and secure.

Why are these unmanaged and unknown devices such a critical focus of DORA? The answer lies in their profound impact on the regulatory pillars. These assets, often hidden in the shadows of your environment, don’t just represent gaps in visibility—they create vulnerabilities that ripple through every aspect of operational resilience.

Consider this: over 60% of connected devices are invisible to defenders, and unmanaged assets were linked to 7 out of 10 breaches last year. To truly grasp the gravity of this problem, let’s explore how these blind spots hinder compliance across DORA’s relevant pillars—and what it takes to close those gaps effectively.

DORA chapter requirement	Downstream effect of unmanaged and unknown assets
ICT risk management Develop and implement comprehensive frameworks to identify, assess, and mitigate information and communication technology (ICT) risks, ensuring robust protection against potential threats.	How can you protect something you don’t know exists? Unmanaged assets create gaps in your risk management framework, making it impossible to fully identify, assess, and mitigate vulnerabilities. Without a clear picture of your entire environment, staying compliant with DORA’s ICT risk management standards becomes a major challenge.
Incident reporting Establish mechanisms for the timely detection and reporting of significant ICT-related incidents to regulatory authorities, facilitating prompt response and mitigation.	Unmanaged assets are often where problems start—and if they’re exploited, you might not even know an incident happened. That means delays in detection, reporting, and response, putting you at risk of missing DORA’s strict incident reporting timelines.
Resilience testing Conduct regular testing of ICT systems to evaluate and enhance their resilience against disruptions, ensuring continuous and secure operations.	Resilience testing is about ensuring your ICT systems can handle disruptions. But if unknown assets aren’t included, you’re testing only part of your environment, leaving hidden risks unchecked. That’s a compliance issue waiting to happen.
Third-party risk management Implement stringent oversight and management of third-party ICT service providers to ensure they adhere to security and resilience standards, thereby safeguarding the institution’s operations.	Shadow IT and forgotten vendor integrations often bring unmanaged assets into the mix. If you don’t have visibility into these, there’s no way to verify that your third-party providers are meeting DORA’s security and resilience standards.

To truly meet DORA’s requirements, you need complete visibility into your environment. Unmanaged and unknown assets are like puzzle pieces left out of the box; they make it impossible to see the full picture. Discovery and management of all your assets are the true foundation of compliance and resilience. Relying solely on traditional discovery and vulnerability management tools often leaves critical gaps, potentially putting you at risk of non-compliance—or worse, exposing your organization to security threats.

That’s where runZero comes in. Unlike traditional tools, runZero uncovers the unmanaged, unknown, and shadow IT assets that others miss using novel discovery and scanning techniques. In fact, enterprises on average find 25% more assets with runZero than they were previously aware of. Our objective is to provide you with unparalleled visibility across IT, OT, IoT, including those assets that aren’t actively managed. By layering in-depth fingerprinting data and detailed insights into vulnerabilities and exposures, runZero helps you to close those gaps, meet DORA’s requirements with confidence, and build a stronger, more resilient ICT environment.

DORA chapters	runZero alignment
ICT risk management	With runZero, you gain the tools to create and maintain robust ICT risk management frameworks. Complete asset discovery, continuous monitoring of IT, OT, IoT, and unmanaged devices, and identification of vulnerabilities and protection gaps across your critical operational assets ensure you have a complete view of your environment. This eliminates blind spots, supports thorough risk assessments, and empowers you to proactively mitigate ICT risks before they become problems.
Incident reporting	runZero provides detailed data on all assets, asset ownership, and associated exposures, helping you accurately assess the potential impact of incidents. You can easily map affected areas of the network and use runZero’s insights to classify and prioritize incidents effectively. With this level of clarity, you can respond rapidly to incidents, minimizing disruption and staying aligned with DORA’s reporting requirements.
Resilience testing	When it’s time to test your ICT systems’ resilience, runZero ensures your assessments cover the entire environment, both internally and externally. By providing visibility into system configurations, vulnerabilities, and sensitive areas, as well as leveraging external scanning to validate exposures on the edge, runZero helps you prioritize critical assets for testing. It maps out network structures and highlights exposures, so your testing efforts are targeted, accurate, and effective, ultimately strengthening your operational readiness.
Third-party risk management	If third-party ICT service providers are connected to your environment, runZero helps you keep them in check. It provides visibility into third-party managed assets, their network interactions, and any configuration changes that might introduce risks. With runZero, you can map dependencies, uncover vulnerabilities, and assess the impact of third-party services, enabling you to mitigate risks proactively and maintain a secure and resilient ICT ecosystem.

The high-level overview of how runZero aligns with DORA’s pillars demonstrates its powerful capabilities. However, to truly appreciate its impact, let’s explore how runZero directly maps to specific DORA articles, such as Articles 6, 7, 8, and 9. These articles outline the actionable steps required for ICT risk management, resilience, and collaboration. The section below also illustrates how runZero goes beyond compliance to deliver operational excellence.

Article 6: ICT risk management framework

What DORA requires:

Develop a framework to identify, assess, and mitigate ICT risks.
Address risks tied to internal systems, third-party services, and external threats.

Key challenges:

ICT risk management frameworks often rely on incomplete inventories.
Without identification of all assets and understanding device interdependencies, assessing impact and mitigation strategies is guesswork.

How runZero helps:

runZero supports the creation and maintenance of ICT risk management frameworks by delivering advanced asset discovery, continuous monitoring of IT, OT, IoT, and unmanaged devices, and identifying vulnerabilities and security control gaps.

Complete asset discovery:
- Identifies all IT, OT, IoT, and unmanaged devices using active scanning, passive scanning, and integrations.
- Incorporates external scanning to identify assets and monitor risks on the edge, ensuring comprehensive visibility across both internal and external attack surfaces.
- Accurately and precisely fingerprints assets providing deeper insights for more accurate risk assessment and mitigations.
- Detects shadow IT and rogue devices not visible to traditional tools.
Risk interdependency mapping:
- Maps relationships between assets, revealing critical dependencies.
- Identifies single points of failure, such as connections between essential systems and vulnerable third-party services.
Risk monitoring:
- Identifies issues beyond CVEs, such as misconfigurations, segmentation weaknesses, insecure services, EoL, policy violations, etc.
- Monitors for emerging risks and zero-day vulnerabilities through the Rapid Response Program, enabling swift identification of vulnerable assets without the need for rescanning.
- Tracks changes in device configurations and interdependencies.
- Uses safe scanning to identify fragile devices without the risk of disrupting operations.
- Alerts on deviations, such as newly connected devices or unexpected configuration changes, that introduce new risks.
Enriched risk context:
- Integrates with a broad range of existing security solutions in your stack to provide enriched asset data, improving risk analysis and prioritization.

Outcome:
runZero ensures that your ICT risk management framework is underpinned by a complete and up-to-date view of all assets, enabling precise risk assessment, mitigation, and operational resilience.

Article 7: ICT systems, protocols, and tools

What DORA requires:

Implement secure ICT systems and tools designed to safeguard the organization’s digital infrastructure from unauthorized access and cyber threats.
Maintain a complete and continuously updated inventory of ICT assets.
Conduct regular resilience testing through vulnerability assessments and security audits.

Key challenges:

Legacy discovery tools fail to capture non-traditional protocols or devices outside standard IT ecosystems.
Inventory updates are often manual, leading to outdated or incomplete data.
Testing often overlooks unmanaged or obscure devices, leaving blind spots.

How runZero helps:

With runZero, you gain visibility into your IT, OT, and IoT assets, ensuring every device in your environment is tracked and accounted for. This gives you the deep insight needed to uncover vulnerabilities, misconfigurations, and insecure protocols while mapping interdependencies to reveal hidden security gaps. By spotlighting all assets and exposures, runZero helps you ensure nothing is overlooked, empowering you to make more accurate assessments and build stronger defenses.

Complete, up-to-date inventory management:
- Provides comprehensive visibility into both internal and external assets, including IT, OT, and IoT devices to ensure all systems are tracked.
- Regularly updates asset data through continuous monitoring, maintaining up-to-date visibility into the network’s infrastructure.
- Discovers unknown and unmanaged devices that may not have been previously tracked, ensuring that all assets are accounted for.
- Updates inventories continuously through automated scanning, ensuring accuracy.
Informs security of ICT systems, protocols, and tools:
- Identifies CVEs and non-traditional vulnerabilities, such as insecure services and segmentation weaknesses, that compromise infrastructure.
- Continuously monitors for new or unexpected devices, ensuring prompt response to unauthorized access attempts.
- Detects outdated or misconfigured protocols like SMBv1, Telnet, or unencrypted HTTP.
- Maps interdependencies between systems, helping organizations understand how internal and external assets interact including gaps or deficiencies in security controls and segmentation weaknesses
Resilience testing optimization:
- Ensures that all assets, including hidden and rogue devices, are included in vulnerability assessments and threat-based testing procedures.
- Supports more accurate threat assessments by continuously updating data on internal and external attack surfaces, even as they change.
- Provides detailed context for each device, such as OS versions, open ports, and known vulnerabilities (CVEs), to prioritize testing efforts.
Third-party tool integration:
- Integrates with vulnerability management and endpoint security tools to enhance testing scopes and ensure no assets are missed.

Outcome
runZero delivers detailed asset visibility, empowering your teams to secure ICT systems and conduct comprehensive resilience testing with confidence.

Article 8: Identification of critical assets

What DORA requires:

Identify and prioritize critical ICT assets and services.
Map interdependencies between systems to understand potential cascading failures.
Continuously monitor critical assets for emerging risks.

Key challenges:

Identifying critical assets isn’t just about visibility; it requires understanding each device’s function, connectivity, and risk profile.
Interdependency mapping is complex, particularly when third-party services or legacy systems are involved.
Monitoring is often siloed, missing broader network impacts.

How runZero helps:

runZero gives you full visibility into your critical IT, OT, and IoT assets, maps out how they’re connected, and spots risks like vulnerabilities or misconfigurations. By continuously keeping an eye on everything, it helps you stay ahead of threats and keep your most important systems secure.

Critical asset discovery:
- Identifies critical devices and services through advanced fingerprinting techniques.
- Highlights assets critical to business operations based on their roles and interdependencies.
Comprehensive risk mapping:
- Maps interdependencies across IT, OT, IoT, and third-party systems.
- Visualizes network connections and highlights cascading risks from single points of failure.
- Combines detailed internal fingerprinting with external data sources to uncover hidden risks such as shared cryptographic keys, cloned assets, and overlooked misconfigurations that EASM tools miss.
- Highlights network segmentation issues.
Risk prioritization:
- Assesses vulnerabilities in critical systems, including software versions, configuration issues, and exposure levels.
- Monitors for emerging risks and zero-day vulnerabilities through the Rapid Response Program, enabling swift identification of vulnerable assets and timely remediation.
- Assesses and prioritizes externally facing assets as critical, highlighting high-risk targets with vulnerabilities or misconfigurations that could expose the organization to external threats.
- Flags critical assets with high-risk vulnerabilities or misconfigurations.
Continuous monitoring:
- Tracks changes in critical systems, such as new software vulnerabilities or configuration deviations.
- Monitors for emerging threats, such as exploits targeting specific device types.

Outcome:
runZero provides a detailed, dynamic understanding of critical assets, their risks, and their interdependencies, enabling your team to make more informed decision-making and proactive risk mitigation.

Article 9: Protection & prevention

What DORA requires:

Regularly update software and apply security patches.
Address vulnerabilities promptly to minimize risks across systems.

Key challenges:

Legacy systems and IoT devices often have unique patching challenges, such as vendor-specific firmware updates.
Traditional vulnerability management tools struggle to identify end-of-life (EOL) systems or devices with no official CVEs.

How runZero helps:

With runZero, you get actionable insights to identify vulnerabilities, enforce security policies, monitor patch status, and stay ahead of emerging risks—ensuring your protection and prevention measures, from IT to IoT, are secure and compliant.

Vulnerability identification:
- Monitors for emerging risks and zero-day vulnerabilities through the Rapid Response Program, enabling swift identification of vulnerable assets without the need for rescanning.
- Detects outdated software and unpatched systems across all device types, including OT and IoT.
- Highlights vulnerabilities in non-traditional assets, such as smart cameras or building management systems.
Policy enforcement:
- Flags misconfigurations, insecure protocols, and policy violations on a continuous basis.
- Identifies segmentation weaknesses that expose critical systems to lateral movement attacks.
Patch monitoring:
- Tracks patch status for all devices, ensuring critical systems are prioritized.
- Identifies EOL systems, providing actionable recommendations for replacements or compensating controls.
Time-sensitive risk updates:
- Monitors the external attack surface for vulnerabilities in known or unknown assets exposed on the network edge, ensuring timely detection and mitigation of risks.
- Continuously monitors for new vulnerabilities or exploits targeting devices in your environment.
- Alerts on deviations from secure configurations, such as weakened encryption protocols.

Outcome:
runZero empowers your team to proactively manage patching and configuration efforts, ensuring no vulnerabilities are left unchecked—even in unconventional or legacy systems.

runZero: Your Partner in DORA Compliance

Compliance with DORA is a monumental challenge that requires comprehensive asset visibility and continuous exposure management. runZero’s capabilities go beyond traditional solutions, offering financial institutions a unified solution to:

Discover all assets, including IT, OT, IoT, and unmanaged devices.
Monitor continuously for new vulnerabilities, changes, and risks across your completed attack surface..
Provide detailed data to enrich security and compliance workflows.

With runZero, you can bridge the gaps that traditional tools leave behind, ensuring not just compliance, but true resilience against today’s evolving cyber threats.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

runZero 2024

AIOps: Boosting IT operations with machine learning

The rise of artificial intelligence and big data has paved the way for a new approach to IT operations: AIOps (artificial intelligence in IT operations). By using machine learning, AIOps enables increased automation, deeper insights, and most importantly for NordVPN—less downtime.

What is AIOps?

The global scope of NordVPN generates an avalanche of variable data that affects our user experience. With such a huge volume, our data analytics team is always on the lookout for ways to automate incident response protocols. These protocols involve diagnosing issues, resolving them, and then performing root cause analysis to avoid them happening again.

An AIOps model processes data points from all kinds of systems and processes – syslog, SNMP, configuration changes – and looks for specific issues they’ve been trained on. It then automatically feeds back intelligence, diagnostics, and recommended actions to our IT team, enhancing accuracy and reliability in their operations.

Let’s look at the various approaches to incident response (IR) management.

IR maintenance protocols overview

Most incident management steps are performed by system administrators, site reliability engineers, and similar personnel, depending on the issue. Alerting is usually based on simple rules (“if X increases, Y will decrease and we should alert Z”) when in reality the relationships between hundreds of parameters and dimensions in our system are anything but simple. We’re typically reacting to results rather than accurately predicting things because so many situations are not perceptibly related or logically connected.

IR maintenance protocols can be broadly divided into two main groups, reactive (reacting after an incident occurs) and proactive (acting before the incident occurs). To be precise, let’s drill down into these main groups’ more specific subcategories.

Reactive

Palliative: Fix the issue and assume it won’t occur again. No further actions taken.
Curative: Fix the issue, assume it won’t occur again, but perform root cause analysis to be sure.

Proactive

Planned: Intentionally break our own systems to identify and fix potential issues.
Conditional: Select a threshold (usually on a parameter value) that might cause an issue. Once the threshold is reached, we send an alert and prevent the problem.

Predictive and prescriptive categories are the most efficient IR protocols, but this comes at a cost: they’re also the most difficult to implement. With AIOps, however, they become more viable.

Predictive: Utilize machine learning or big data analysis to predict and fix a potential issue before it occurs.
Prescriptive: The ‘holy grail’ of AIOps. The system does everything automatically.

Now that we have an overview of IR protocols, we can explore how AIOps can enhance each phase, from perception to action.

The spectrum from reactive to proactive maintenance protocols. AIOps is about being as proactive as possible.

How AIOps can improve our incident response

Perception: With AIOps, we’re not limited to one layer of data as with most standard IT maintenance protocols. Instead, all data layers and telemetry are simultaneously integrated – technical (servers, RAM), application (events), functional (network traffic, API endpoint results), and business (product metrics, KPIs). A comprehensive approach like this, which leverages real-time as well as historical data, is risky but offers significant upside potential.
Why the risk? With machine learning, it’s difficult to evaluate whether the model has properly calculated the relationships between data across layers. We can lose transparency during decision-making, and some decisions might seem illogical from a human perspective. This is important to keep in mind when using AIOps.
Prevention: The ideal AIOps stack spots vulnerabilities and potential failures before they occur. For example, if a server is reaching a critical CPU limit, the platform automatically directs the API to stop recommending that server to newly joining users. New users are spared a sluggish connection while those already connected don’t experience any downtime. While load balancing is a common strategy, AIOps can elevate the process and adapt to long-term trends like seasonal fluctuations, dynamically adjusting server limits to ensure a smooth user experience.
Detection: AIOps models excel at spotting anomalies in established trends and patterns. Anomalies can pop up from anywhere and are often caused by external factors or faulty monitoring, which can be detected by an AIOps system hooked up to outside data feeds and APIs. Automatically detecting system slowdowns, errors, and security vulnerabilities enables us to avoid downtime and ensure a stable service for our customers.
Location: In-depth analysis of the root cause and location of the issue. AIOps will point out a specific set of components and variables that might have triggered an incident. Again, this will not be limited to internal factors only, but also consider external factors (e.g. network conditions, number of users and their behavior, and similar).
Interaction: Prioritizes and triages incidents, suggests corrective actions, and flags issues that require human input. Our team prioritizes issues based on the number of users that would be affected or at risk if a certain fault is not prevented. Additionally, AIOps can utilize prepared responses to specific situations based on historical data and incident resolution patterns.

Okay, this all sounds great! So why haven’t we done this yet?

AIOps implementation checklist

Need: First off, evaluate whether you actually need to leverage AIOps. If your operations team is typically facing more incidents than they can comfortably handle, it might be time to change. In our case at NordVPN, with an ever-expanding customer base, server requirements, area coverage, and platform offering, AIOps was a necessary optimization.
Team: An effective AIOps team requires a diverse set of roles, including data engineers and scientists to build and refine the AI models, and data analysts to extract useful insights. Engineering across DevOps, site reliability, and full stack ensures seamless integration, process automation, and system performance/scaling. Security specialists and project managers oversee the security and overall workflow of the project.
Hardware: Appropriate processing power, a decent amount of storage, and high-speed networking capability.
Software: Big data platforms (detailed below), ETL tooling, selected ML and AI tools, CI/CD tools, containerization platforms (Docker/Kubernetes), and monitoring tools.
Data: The data management platform generally has to be built from the ground up and include all relevant ingest data, such as event logs, traces, incident reports, etc.
Building a platform for that kind of scale is a huge job. There are third-party AIOps platforms out there, but they still require a major effort to align with your specific needs and often necessitate a data lake to centralize your data. You’ll also need the appropriate APIs.
Trust: It takes a mindset shift in your team or company to trust models over humans to diagnose incidents correctly. Don’t pass over this one—it’s key to successfully adopting new IT approaches like AIOps. You could start by gradually incorporating models in low-risk scenarios or incident patterns. Your team can experience the advantages of AIOps firsthand, which will build confidence and trust in this new approach.
Quality data: So important that we have to say it twice. Anything we want to achieve with data science or artificial intelligence relies on a strong data foundation. I’ll explore this topic in greater detail in my next blog, so follow us on LinkedIn or Instagram to be notified when it’s out.

To wrap up, we’ve found that a well-implemented AIOps system is an efficient way of bringing excellent service to customers. Equipped with deeper insights and increased automation, our IT team was able to shift focus to priority incidents and innovation with AIOps.

Explore data roles at Nord Security.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Understanding Modern Management: The Next Era of Windows Device Management

The way we work and the tools we use have transformed over the past few decades. Not long ago, the office was defined by stationary, bulky desktop computers and a working model confined to physical office spaces. Data was stored on local servers, and access to information was often a slow, cumbersome process. Today, the scene is different: desktops have given way to portable laptops, physical offices are no longer the sole hub of productivity, and cloud storage has completely replaced the need for on-premise servers. This shift towards a mobile, agile workforce, and cloud-based infrastructure—has made it clear: the tools that organizations once relied on for device and data management are no longer sufficient. As businesses embrace this new way of working, the need for modern device management has never been more pressing.

In this next era, managing a diverse range of devices, ensuring seamless access, and maintaining robust security requires a strategy that is adaptable, cloud-driven, and built for the dynamic needs of the modern workforce. As the boundaries between work and home continue to blur, and the devices we rely on become increasingly diverse and complex, managing them with traditional methods is no longer sufficient—it’s now a necessity. This blog will explore how Modern Device Management for Windows addresses these challenges and how Scalefusion UEM’s advanced capabilities empower you to efficiently manage and secure your Windows digital assets in today’s dynamic work environment.

The Shift from Traditional to Modern Device Management: Why?

IT and device management has experienced a profound transformation in recent years. The traditional model of managing devices—where IT teams manually configure and oversee each device, often in isolated silos—is no longer sufficient. This model simply cannot accommodate the dynamic nature of the modern workforce, where employees use various devices, and security concerns are more complex than ever. Traditional device management, which relied heavily on on-premise solutions, was designed for a different era. It centered around managing desktops and laptops within the confines of the office network. This static approach did not anticipate the complexities of remote work, the widespread adoption of mobile devices, and the exponential rise in cyber threats. The limitations of this approach are becoming more apparent:

Limited Flexibility: Traditional management tools were often rigid and designed for specific hardware or software configurations. As businesses adopt diverse devices—from laptops and tablets to smartphones and IoT devices—traditional systems struggle to maintain consistency and control. This lack of flexibility creates inefficiencies and heightens the risk of security gaps.

Manual Processes and High Overhead: Device management was once a labor-intensive process. IT teams had to manually install updates, patch systems, and enforce policies. This approach was not only time-consuming but also prone to human error. Today’s organizations need more agile solutions that minimize manual intervention and reduce operational costs.

Security Risks: In the past, IT teams had full control over the devices within a physical office network. However, with the emergence of remote and hybrid work, employees access company data from personal devices and public networks.

According to recent reports, a total of 10,626 confirmed data breaches were recorded in 2024, nearly double the previous year (5,199).^[1] This high number reflects both attackers’ growing capabilities and organizations’ expanding digital footprints. Traditional management systems cannot effectively secure these devices across diverse locations, making them vulnerable to threats like data breaches and ransomware.

Inability to Scale: As organizations grow, so does the complexity of device management. Traditional systems often struggle to keep up with the needs of large, diverse workforces. Scaling device management efforts in a traditional setup requires significant investment in infrastructure, manpower, and time—resources that could otherwise be allocated to innovation and growth.

In light of these challenges, the need for modern device management is undeniable. Modern device management solutions offer a dynamic approach, addressing both the security and operational complexities of today’s workforce. These solutions are cloud-based, allowing IT teams to manage devices from anywhere, at any time. They provide real-time visibility into device activity and compliance, automating updates and patches, and offering granular security controls that protect sensitive company data across a variety of devices. As businesses undergo digital transformation, especially in environments relying heavily on Windows-based systems, the shift to modern management becomes an essential component of securing and supporting today’s hybrid workforce. The evolution is clear: businesses need scalable, secure, and flexible solutions that meet the demands of an increasingly mobile, remote, and diverse workforce, particularly in a Windows-centric environment.

Modern Management: The Next-Era of Windows Device Management

Modern management is a key aspect of cloud-based, comprehensive endpoint management solutions, blending secure device management with an optimal user experience. For organizations using Windows devices, modern management simplifies device enrollment, configuration, and security at scale. With cloud-based solutions like Scalefusion UEM, businesses can efficiently deploy updates, enforce security policies, and manage applications. This helps them gain complete visibility into the status of every device—without the constraints of on-premise infrastructure. Features like Windows Autopilot streamline the provisioning process for new devices, while built-in security frameworks like Windows Defender protect against advanced threats. By integrating device management and security, modern management supports on-premise, hybrid, remote, and Bring Your Own Device (BYOD) environments. Today, modern management enhances unified endpoint management (UEM) by offering agile, cloud-based control over all Windows OS devices and endpoints. This ensures consistent security policy enforcement across all devices, regardless of location. Organizations gain the control they need, while users enjoy the seamless access and flexibility they expect—making this model an essential asset for the modern workforce.

What should IT admins expect from a Modern Management solution for Windows?

Modern management solutions promise to streamline operations, enhance security, and ultimately transform how businesses manage their devices in current workplaces. However, organizations must understand what modern management for Windows entails:

1. Zero-Touch Provisioning

According to a study by Gartner, companies implementing zero-touch deployment can reduce device provisioning time by up to 90%.^[2] Modern device management solutions for Windows leverage cloud-based tools, such as Windows Autopilot, to facilitate zero-touch provisioning. With Autopilot, organizations can preconfigure devices before they are even shipped to users. When an employee receives a new device, they simply connect it to the internet and sign in with their corporate credentials. The device is pre-configured with the security policies, allowing employees to use the business-ready device for work. For IT administrators, zero-touch provisioning significantly reduces the time and effort required for device deployment, allowing them to focus on more strategic initiatives. This automation also minimizes user disruption and enhances the overall onboarding experience for new employees.

2. Balanced Security and User Productivity

Organizations must prioritize security to protect sensitive data as network threats become more sophisticated. However, stringent security measures can frustrate users and hinder their ability to efficiently perform their tasks. The modern device management model integrates robust security features with user-friendly functionalities. This includes implementing conditional access policies that allow users to authenticate based on their context, such as work email, location, or device health. Additionally, features like data encryption, secure application management, and endpoint protection ensure that sensitive information remains secure without impeding user workflows. By balancing security and productivity, IT administrators can create an environment where users feel empowered to work while safeguarding organizational assets. This not only enhances overall productivity but also reduces the likelihood of security breaches, thereby preserving the organization’s reputation and operational integrity.

3. Automation

As organizations scale, the volume of tasks required to manage devices can become overwhelming. Manual management processes are time-consuming and prone to human error, which can lead to inconsistencies and compliance issues. Modern device management frameworks leverage automation to streamline routine tasks such as software updates, policy enforcement, and compliance audits. Automation tools can schedule updates during off-hours to minimize disruption, ensure that devices are consistently maintained, and automatically report compliance statuses. For instance, IT teams can set up automated alerts for devices that fall out of compliance, allowing for swift corrective actions. This automation reduces the administrative burden on IT staff, enabling them to concentrate on higher-value tasks, such as strategic planning and improving user experience. With automation in place, organizations can achieve higher operational efficiency while maintaining a consistent security posture.

4. Cost-Optimization

With increasing pressures on budgets, organizations must find ways to optimize costs associated with device management while maintaining high performance and security standards. Modern device management solutions focus on cost optimization through efficient resource allocation and visibility into device utilization. Organizations can lower operational costs associated with IT support and management by automating processes, reducing manual intervention, and enabling device sharing. Additionally, analytics tools provide insights into device, software, and application performance and usage patterns, enabling organizations to make informed decisions about hardware and software investments and licensing.

Modern Windows Device Management with Scalefusion UEM

Organizations leverage the following modern device management capabilities for WindowsOS-based devices with Scalefusion UEM:

1. Windows Autopilot-Based Provisioning

Scalefusion UEM supports modern device management with zero-touch provisioning by integrating Windows Autopilot. With Windows Autopilot, you can configure new Windows 10 and above devices to automatically join Microsoft Entra ID and seamlessly enroll into Scalefusion UEM upon first boot. Once Windows Autopilot is configured through Scalefusion, newly procured Windows devices can be shipped directly to end users with the assurance that they will automatically enroll in Scalefusion on the first boot. Windows Autopilot-based provisioning ensures secure and standardized setup and management without requiring manual intervention, aligning with the core principles of efficient and modern device management.

2. Customizable Device Profile

With Scalefusion UEM, you can create tailored device profiles according to your use case. Scalefusion’s Windows Device Profile enables you to configure applications, websites, and browsers on managed Windows devices. Once configured, these device profiles can be applied to different devices and user groups or individual devices. This provides you a granular, context-based control over your Windows device inventory.

3. Application Delivery and Management

Scalefusion UEM’s Windows application management allows you to allow and block applications on Windows devices used for work. For seamless application delivery, Scalefusion enables you to install and publish applications from the Windows Business Store. You can also push the Win32 application on the managed Windows devices. For organizations who want to push their private applications, Scalefusion offers Enterprise Store. Through this store, you can push their private applications via Universal Windows Apps (UWP), Windows Enterprise Installer, PowerShell script, and EXE for legacy applications. Additionally, to create a cohesive secure device environment, Scalefusion offers proprietary apps such as FileDock for secured file sharing, Remote Support for remote troubleshooting, and ProSurf browser for controlled and limited access to websites. This eliminates the need for IT admins to integrate additional third-party software for the above functionalities.

4. Browser Configuration

Scalefusion’s browser configuration feature allows precise control over Chrome, Edge, and Firefox browsers. You can set specific parameters, including homepage, browsing history, extensions, and printing options. Additionally, you can manage pop-ups, Flash plugins, YouTube access, and geolocation settings for enhanced security. These configurations help maintain a secure and controlled browsing experience across managed devices

5. Kiosk Mode

Scalefusion’s Windows kiosk mode enables you to transform Windows devices into dedicated kiosks by configuring them in Single-App or Multi-App Kiosk Mode based on your needs. Single-App Kiosk Mode restricts the device to a single application, ideal for use cases like self-service kiosks, POS systems, or digital signage, where focused functionality is essential. This mode enhances security by limiting user access to only the intended app. Multi-App Kiosk Mode allows access to multiple pre-approved applications, offering flexibility in environments where users need a few essential tools. This setup is useful for shared devices in sectors like retail and healthcare, where controlled, multi-app access is necessary. Once configured, these kiosk modes can be applied across devices, user groups, or individually, ensuring secure, context-based device management.

6. Over-the-air Software and OS Update

With Scalefusion, you can set up and manage OS update policies for Windows 10 devices, allowing precise control over update rollouts. You can choose to automate updates for essential components while selecting other updates for manual approval, tailoring the update process to organizational needs. For updates that require approval, Scalefusion provides tools to check and apply pending updates at both the individual device level and across device groups. This ensures that updates are managed efficiently, keeping devices up-to-date without impacting user productivity.

7. Efficient Patch Management

Scalefusion MDM offers a robust Windows Patch Management solution that streamlines asset management and ensures devices remain secure and compliant. Scalefusion acts as an automated patch management tool. It simplifies the process by allowing you to remotely manage and apply patches to Windows systems enabled with Windows Server Update Services (WSUS). With Scalefusion’s Workflows, you can reduce repetitive tasks, lowering cognitive IT load and ensuring timely patch rollouts. The Windows Patch Management feature allows you to set specific schedules for deploying OS updates and third-party application patches, whether on specific days, times, or at regular intervals. Through its Windows Agent-based Update & Patch Management, Scalefusion automates the assessment, deployment, and updating of third-party applications, providing a proactive approach to security and compliance across managed Windows devices.

8. Remote Monitoring and Management

Scalefusion UEM doubles up as a Remote Monitoring and Management software. This is beneficial for organizations with a large Windows device inventory. As an RMM software, Scalefusion streamlines remote management and helps you proactively monitor and manage employee devices and client endpoints to ensure their best health.

9. Ability to Configure Windows Defender

With Scalefusion MDM, you can easily configure and push Windows Defender policies across all your managed Windows devices, ensuring they are protected from malware and other cyber threats. You can set policies for real-time monitoring, automatic signature updates, and advanced features like cloud protection, allowing you to manage device security seamlessly without manual intervention. This helps to maintain up-to-date protection across your fleet, ensuring your devices are always secured against the latest threats. By using Scalefusion’s integration with Windows Defender, you gain the ability to enforce consistent security policies across your organization, regardless of the location of your workforce. Whether your team is remote, hybrid, or on-site, you can ensure that all devices adhere to the same security standards, giving you peace of mind and simplifying compliance with security regulations. This centralized approach not only enhances security but also improves operational efficiency.

10. Detailed Device Reports and Automated Workflows

Comprehensive reporting and workflow automation are key to effective Windows laptop and desktop management. With Scalefusion’s Reports feature, you can generate detailed reports that provide insights into device health, security incidents, application usage, and compliance status. These reports help identify issues early and ensure devices stay secure and compliant. Windows MDM also offers robust workflow automation, allowing administrators to set up automated actions triggered by specific events. For example, devices exhibiting suspicious behavior can be automatically quarantined, while alerts can be sent for compliance violations, such as outdated software. This ensures timely responses to potential issues. By automating routine tasks, IT admins can focus on more strategic objectives while improving security and operational efficiency. Workflow automation helps mitigate risks by addressing incidents quickly and ensuring devices remain compliant without constant manual oversight.

11. Strong Network Security

With Scalefusion’s Network Security feature, you can ensure that your managed devices only connect to authorized and secure networks. By configuring Wi-Fi and VPN settings, you can enforce secure connections that protect corporate data and resources. For Wi-Fi, you can control user access to Wi-Fi settings within specific apps, as well as enable or disable manual connections to networks. Distributing Wi-Fi profiles allows you to define which networks devices can connect to, ensuring that only secure, approved networks are used for accessing corporate resources. For VPN, you can configure VPN profiles with predefined settings such as server addresses, protocols, and authentication methods. You can also select which apps will operate over the VPN, ensuring that data transfers are securely encrypted. This configuration provides comprehensive security for all connections to corporate networks, safeguarding your organization’s infrastructure.

12. Enhanced Remote Support

Scalefusion’s Remote IT Support offers powerful tools for efficient device management. With Remote Cast and Control, you can view and interact with device screens in real-time, troubleshoot, push or delete files, and capture screenshots or screen recordings—all remotely. This ensures quick resolutions without needing user involvement. The VoIP Calling feature allows you to communicate directly with end users during troubleshooting. It enhances support by letting you guide users through steps, gather issue details, and provide immediate feedback, speeding up issue resolution and improving support quality. Additionally, Remote Commands let you send instructions to devices, such as launching services or installing apps, allowing proactive maintenance. Scalefusion integrates with ITSM tools like Jira and Freshservice, creating support tickets with relevant device information, reducing administrative effort, and speeding up issue resolution.

Step Into The Next Era of Modern Windows Management with Scalefusion UEM

The shift from traditional to modern device management is essential for organizations adopting hybrid, mobile, and cloud-driven work environments. Traditional methods, built for static office networks, are not efficient enough to address the complexities of managing a diverse range of devices, ensuring robust security, and maintaining operational efficiency across remote and hybrid workforces. Modern Device Management solutions, like Scalefusion UEM, offer the agility, scalability, and security needed to manage Windows-based devices effectively in a dynamic digital landscape. By leveraging cloud-based solutions, zero-touch provisioning, automation, and advanced security features, organizations can streamline device management, reduce manual intervention, and enhance both user productivity and security. Scalefusion’s comprehensive Windows management capabilities empower IT admins to maintain full visibility and control over devices, ensuring that they are secure, compliant, and optimized for performance.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

About Version 2 Digital

2024 Scalefusion

The Future of Unified Detection and Response: Leveraging AI and Automation to Drive MSP Cybersecurity

As cyber threats grow increasingly sophisticated and relentless, managed service providers (MSPs) play a critical role in defending small and medium-sized businesses (SMBs) from a rising tide of digital dangers. Unified detection and response solutions, driven by advancements in artificial intelligence (AI) and automation, offer a powerful toolset for MSPs to secure their clients while optimizing their resources. This approach not only addresses SMBs’ urgent security needs but enables MSPs to grow their client base sustainably without overextending their resources. By adopting unified detection and response, MSPs can expand their reach, protect more clients effectively, and establish a reputation for resilient, high-quality service.

Key Points to Focus On:

Scalable Security Through AI and Automation: Unified detection and response equips MSPs with the ability to scale their services with efficiency. Automation of crucial threat detection and response functions means MSPs can protect a growing number of clients without increasing team size or risking service quality. With unified detection and response, MSPs can confidently scale operations, driving client growth and meeting increasing demand without compromising their capabilities.
Proactive Cyber Defense for Enhanced Protection: With AI-driven tools embedded in unified detection and response solutions, MSPs can monitor network activity around the clock, detecting and preventing emerging threats in real time. This proactive approach allows MSPs to offer a higher level of defense, ensuring their clients feel protected against the evolving threat landscape. Proactive protection strengthens client relationships and differentiates MSPs in a competitive market.
Cost-Effective Growth for MSPs: Unified detection and response enables MSPs to expand their businesses in a financially sustainable way. By reducing manual intervention, streamlining workflows, and optimizing resources, MSPs can enhance revenue without a proportional increase in overhead. This creates an affordable, enterprise-grade cybersecurity solution for SMBs while facilitating manageable growth for MSPs.

In an era where cyber threats are increasingly complex and immediate, unified detection and response offers MSPs the tools they need to protect their clients effectively. By integrating AI and automation, MSPs can deliver top-tier cybersecurity solutions at scale, allowing them to grow their businesses while keeping costs manageable. Here’s how AI-powered unified detection and response solutions are revolutionizing the MSP approach to cybersecurity and enabling sustainable growth.

Meeting the Scalability Needs of MSPs

For many MSPs, the ability to scale their business is crucial to staying competitive in today’s market. However, scaling often involves a trade-off between growth and resource availability, making it challenging for MSPs to maintain high-quality service as they take on more clients. Unified detection and response, combined with AI and automation, changes the equation by enabling MSPs to serve more clients without increasing team size or burdening existing resources.

AI and automation allow MSPs to streamline many routine tasks associated with cybersecurity, such as monitoring for suspicious activity, updating policies, and managing alerts. With unified detection and response, MSPs can centralize threat intelligence, which simplifies the response process by reducing the number of tools needed and enhancing efficiency. Instead of managing multiple, disconnected systems, teams can leverage a unified platform that enhances speed, reduces complexity, and improves focus. This holistic approach allows MSPs to expand their client rosters and serve each client’s security needs comprehensively and efficiently.

Building a Proactive Cyber Defense Framework

The modern cyber threat landscape is dynamic and highly adaptive, posing significant challenges for SMBs and MSPs alike. Traditional, reactive security measures struggle to keep up with the rapid pace of cyber threats, leaving businesses vulnerable to attack. Unified detection and response, powered by AI, introduces a proactive defense strategy that allows MSPs to identify and neutralize threats before they have a chance to impact client networks.

AI-driven tools in unified detection and response solutions continuously monitor client environments, assessing behavior patterns, identifying anomalies, and flagging potential threats as they arise. This real-time analysis enables MSPs to react quickly and precisely to emerging risks. Moreover, by learning from each incident, AI systems become better equipped to identify similar threats in the future, creating an adaptive layer of defense that evolves with the threat landscape. For MSPs, this proactive approach means they can reassure clients that they’re protected by a sophisticated, always-evolving security strategy, fostering long-term trust and partnership.

Cost-Effective Growth for MSPs

One of the most attractive benefits of unified detection and response for MSPs is the ability to grow their business without a proportional increase in operational costs. Typically, expanding a cybersecurity practice requires investments in additional personnel, technology, and infrastructure. However, with AI and automation-driven unified detection and response, MSPs can achieve this growth in a more cost-effective manner.

By automating time-consuming tasks and reducing manual intervention, unified detection and response minimizes overhead and allows MSPs to maintain profitability as they scale. This efficiency allows MSPs to offer comprehensive, enterprise-level security to their clients at a price point accessible to SMBs. As a result, MSPs can expand their client base and grow revenue streams while keeping costs low, creating a sustainable model that supports both business growth and high-quality service delivery.

The Impact of AI on Cybersecurity for MSPs

Artificial intelligence is transforming unified detection and response by making cybersecurity solutions smarter, faster, and more adaptable. AI systems can process massive amounts of data at high speed, analyzing network activity, detecting anomalies, and assessing risk factors in real time. By rapidly sifting through this data, AI can identify potential threats that human analysts might miss, offering a level of detail and precision that enhances MSPs’ security capabilities.

Additionally, AI’s ability to learn from each incident and adapt to new information creates an evolving security framework that stays relevant in an ever-changing threat landscape. This continuous learning process improves the accuracy of threat detection and response over time, making security more proactive and less reliant on manual input. For MSPs, AI-driven solutions reduce the need for constant oversight, allowing their teams to focus on strategic tasks rather than day-to-day threat management. By speeding up response times and improving detection accuracy, AI enables MSPs to offer clients a more robust security solution, bolstering their reputations as trusted cybersecurity partners.

Guardz: Committed to Empowering the MSP Community

At Guardz, we understand the unique challenges and opportunities that MSPs face in today’s cybersecurity landscape. Our mission is to empower MSPs by providing cutting-edge cybersecurity solutions tailored to their specific needs, and our close engagement with the MSP community allows us to stay attuned to the evolving requirements of this field. Guardz’s approach to unified detection and response integrates AI and automation to help MSPs deliver exceptional protection while managing their resources efficiently. Through continuous collaboration, dedicated support, and a deep commitment to innovation, Guardz is a trusted partner to MSPs, helping them grow their client bases, deliver unparalleled security, and drive lasting success in a fast-paced digital world.

Unified detection and response represents a transformative opportunity for MSPs to achieve scalable, effective cybersecurity that meets the demands of today’s threat landscape. By embracing AI and automation, MSPs can build proactive, adaptive defenses for their clients, expand their client base sustainably, and maintain cost-effective growth. Guardz stands ready to support the MSP community with the tools, insights, and expertise needed to turn these possibilities into realities, empowering MSPs to lead the future of cybersecurity.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

About Version 2 Digital

2024 Guardz

How to set up and manage passkeys for your PayPal account

First of all, what are passkeys?

Passkeys are a new, highly secure authentication method developed with the help of the FIDO Alliance. The goal is to help people log in to their accounts more safely and easily than with traditional passwords.

To achieve this, passkeys combine biometric verification (like your fingerprint) with cryptographic keys to provide a secure login option that can be activated with just a touch. Unlike passwords, passkeys can’t be guessed, making them resistant to phishing and brute-force attacks. That’s why they offer the perfect blend of security and convenience.

How to create a passkey for your PayPal account

Setting up a passkey for your PayPal account is a simple process that takes about 5 minutes. Here’s how to do it:

Go to PayPal’s Help Center, locate the section on passkeys, and open the link to the “Passkey Creation” page.
Log in to your PayPal account with your PayPal password.
Authenticate your device using your fingerprint, facial recognition, or device password.
Follow the on-screen instructions to complete the setup of your passkey.

How to log in to PayPal with a passkey

Once you create a passkey for your PayPal account, you can log in quickly and securely. Here’s how:

Launch the PayPal app and enter your email address on the login screen.
If you’re using the device you created the passkey on, it will automatically trigger the passkey login. If you’re on a different device, select “Other options,” then “Passkey from a nearby device,” and finally, scan the QR code displayed on your screen using the device with your passkey.
Unlock your device using your preferred biometric (Face ID, Touch ID), PIN, or password to complete the passkey login.

How to manage your PayPal account passkey

At any moment, you can review or remove the passkeys you’ve created for your PayPal account.

Review your passkey

You can easily review your passkeys by going to your account settings and opening the “Passkey Management” page. From there, you can disable, update, or remove any of the passkeys linked to your PayPal account.

Delete your passkey

To delete a passkey, follow these steps:

Go to the “Passkey Management” page.
Find the passkey you want to delete.
Click “Remove this passkey.”
Confirm the action.

Important: if you remove your passkey via PayPal settings, it won’t automatically be deleted from your device. So, to fully remove it, you’ll also need to go to your device settings and delete it there too.

Store and manage your passkeys with NordPass

If you’re looking to add even more security and convenience to your login experience, NordPass is the perfect tool to store and manage your passkeys. While it’s known as a password manager, NordPass also lets you create, store, and organize passkeys for all your online accounts, keeping everything safe in one place. You can even share your passkeys with others or use them alongside your current password for an added layer of protection with two-factor authentication (2FA).

Haven’t tried passkeys yet? Use NordPass to create your first ones and see just how easy and secure logging into your accounts can be.

Frequently Asked Questions (FAQ)

How do I know if a passkey is available for my PayPal account?

It’s easy to check if you can use passkeys with your PayPal account. Simply visit PayPal’s “Passkey Creation” page on your device and try to create a passkey. If the option isn’t available, you’ll be notified that passkeys are not currently available for use with your account.

How do I use my existing passkey for PayPal across all my devices?

If you’d like to log in with a passkey on a device other than the one where it’s stored, simply select the “Passkey from a nearby device” option during login and follow the prompts. However, to access your passkey across all your devices, you’ll need a solution like NordPass. It securely stores your passkeys in an encrypted storage, ensuring you can access them from any device.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

About Version 2 Digital

2024 Nord Security NordPass