How many devices are you managing in your network?

That’s not a rhetorical question. A study found that 47% of companies allow employees to access their resources on unmanaged devices.

But how can you protect those unmanaged devices if you don’t even know who has access to them? Another important thought to consider is who accepts blame in the event of a breach. Hopefully, it’s not you or your team.

We’re going to discuss a strategy that makes each individual fully accountable for their actions. This is known as a user-centric approach. We’ll explore how this method works and how you can successfully implement it to strengthen your overall cybersecurity posture.

The Need for a User-Centric Approach

The rules have changed since COVID-19 introduced the WFH model. Literally, access was once granted freely without strict verification processes.

BYOD became the norm, with employees using personal devices to access confidential documents and communicate via private company Slack channels, often from a cafe or other public hotspot, without approval from IT. Yes, indeed, the cringe was quite real.

Employees and third parties enjoyed open access to the corporate network from any location and any device. This led to many security incidents and breaches, which forced organizations and IT departments to rethink how access should be granted.

This meant that any threat actor within proximity could potentially intercept all traffic and use it to launch a man-in-the-middle attack, exfiltrate data, or compromise user credentials.

Today, every device, user, and identity must be verified before accessing the corporate network. No exceptions. A user-centric approach connects the security dots back to a specific user in the organization and ensures accountability for every action taken.

A user-centric approach enables MSPs to deploy more effective BYOD policies and tighten access controls by focusing on the specific roles and needs of each user within the organization.

This involves isolating devices and implementing least privilege access, ensuring that users are granted only the minimum permissions necessary to perform their day-to-day tasks. For example, a third party providing outsourced services should not have access to financial transactions or payroll systems.

A user-centric approach greatly reduces the risk of unauthorized access or accidental data exposure that can lead to a breach. And why take that risk? Seriously.

4 Ways a User-Centric Approach Works for MSPs

Proactive threat monitoring: Suspicious user behavior, such as unusual login times or login attempts, might signal a threat actor in your network. A Managed Detection and Response (MDR) helps by continuously monitoring user activity and network traffic to detect and mitigate potential threats in real-time. An unknown user who tried to access your network from an unfamiliar location or unusual hour would be flagged by the MDR service, triggering automated alerts for further investigation.

Accountability: This refers to the ability to trace actions back to specific users. If a user attempts to access a system or application they’re not authorized to, an automated alert is sent out, notifying the security team that suspicious activity has been recorded and traced back to the individual user. Details such as the user’s identity, time of access attempt, geolocation, device type, and the resource in question all help security teams assess the situation and enforce internal policies before anything escalates.

Improved access controls: Does the junior analyst have access to financial slide decks or sensitive data unrelated to their role? A user-centric approach ensures they don’t. Instead, access is tightly controlled based on the principle of least privilege.

Multi-factor authentication (MFA) also helps improve access controls by requiring users to verify their identity through a second factor, linking all actions to verified identities and ultimately to the root cause or culprit of the potential threat.

Increased endpoint security: It’s one thing to keep track of how many endpoints are in your organization, and even that’s difficult, but imagine trying to do so for an enterprise with over 5,000 employees and a ton of unvetted third parties. If that’s not challenging enough, how about the number of identities continuously being created, updated, or removed across the organization? Is your head spinning yet?

Endpoint security is a constant battle without the right tools and strategies.

A user-centric approach focuses on securing devices by connecting them directly to the identities of the users who operate them. Whether it’s on a personal laptop, iPhone, or a corporate-issued desktop, every device is treated as an extension of the user’s identity.

Every last digital step can be traced back to an individual user, providing a clear audit trail of actions taken on that device. Did that user login from a secured gateway? Did they enable MFA? Was the device running the latest Windows OS updates before they shared a sensitive file?

A user-centric approach takes the guesswork out and helps address these critical questions from the endpoint, where most security breaches begin.

Guardz ensures that company-managed devices are fully protected and monitored from malicious threats. Guardz detects outdated operating systems and vulnerable software so you can take immediate action.

Amplify Threat Detection and Response with The Ultimate Cybersecurity Plan

Introducing a new user-centric approach to unified detection and response. The Ultimate Cybersecurity Plan for MSPs.

The Ultimate Cybersecurity Plan builds on the Guardz platform’s holistic, user-centric approach to security by incorporating managed SentinelOne EDR capabilities with Guardz MDR. Guardz empowers MSPs to monitor and resolve incidents from a single interface.

Guardz MDR aggregates signals from multiple layers of security identities, endpoints, email, cloud, and data into a user-centric analysis that detects complex indicators of compromise (IOCs) and automatically responds to them.

Enhance incident response times and go beyond endpoint protection with The Ultimate Cybersecurity Plan. Get automated detection and response today.

Speak with one of our experts

Key Takeaways:

• Valentine’s Day is a prime time for cybercriminals, with phishing scams disguised as giveaways, rewards, and romantic promotions.
• Exclusive Guardz Research Findings: The Guardz platform detected, quarantined, and prevented phishing scams impersonating Costco, Walmart, Rituals, and many more, which attempted to lure recipients into malicious links.
• Small businesses are at high risk, as employees may unknowingly click on fraudulent links, compromising sensitive data.
• MSPs play a critical role in protecting SMBs by protecting identities, emails, devices, and data.
  Guardz empowers MSPs with real-time unified detection & response, helping them defend their clients against evolving cyber threats.

Cybercriminals Love Valentine’s Day: Exclusive Guardz Findings

Holidays create the perfect cover for cybercriminals, and Valentine’s Day is no exception. In the weeks leading up to the holiday, cyber scammers intensify their attacks, leveraging themes of love, urgency, and exclusive offers to deceive victims.

While people are celebrating love, cybercriminals are crafting deceptive Valentine’s Day scams to steal credentials, personal information, and financial data. Holidays create a sense of urgency, making users more susceptible to clicking on fraudulent links disguised as “exclusive offers” and “limited-time rewards.”

This year, the Guardz platform detected and quarantined multiple phishing campaigns targeting small businesses—all disguised as Valentine’s Day promotions from well-known brands.

The Guardz Research Unit has uncovered a wave of phishing emails impersonating major brands in the weeks leading up to Valentine’s Day. Here’s what we found:

1. Fake “Costco Valentine Basket” Email (Phishing Scam)

Subject: “Last Chance to Win a Costco Valentine Basket!”
Sender: “Costco Wholesale” (spoofed email address)

This email falsely claims to be from Costco, urging recipients to claim a Valentine’s Day gift basket before it’s “too late.” Clicking the link leads to a fraudulent website designed to steal login credentials and payment information.

Guardz Research Findings: After analyzing the URL, the Guardz Research Unit confirmed that the link leads to a malicious phishing site—not an official Costco promotion.

Guardz Platform Action: This attack was automatically detected, quarantined, and blocked before it could reach recipients’ inboxes, preventing small businesses from falling victim.

2. Fake “Walmart Valentine Rewards” Email 

Subject: “You’ve Won a Walmart Valentine Basket!”
Sender: “Walmart Valentine Rewards” (spoofed email address)

This phishing attempt exploits Walmart’s brand by luring recipients into clicking a fake link to claim a non-existent reward. Employees in small businesses may assume this is a corporate giveaway or customer reward program and unknowingly compromise company credentials.

Guardz Research Findings: The Guardz Research Unit confirmed that this email was not sent by Walmart, and the fraudulent link redirects to a credential-harvesting site.

Guardz Platform Action: The Guardz platform identified the fraudulent sender, analyzed the link, and quarantined the email, ensuring that no end users were exposed to the scam.

3. Fake “Rituals Valentine Package” Email 

Subject: “Congratulations! Your Rituals Valentine Package Is Here!”
Sender: “Rituals” (spoofed email address)

This email pretends to be from Rituals, announcing a Valentine’s gift for the recipient and urging them to click a link to “claim” their prize.

Guardz Research Findings: The Guardz Research Unit determined that the link leads to a malicious site designed to steal credentials.

Important Note: Guardz maintains strict confidentiality for all detected threats, ensuring no customer details are published or shared.

How MSPs Can Protect Small Businesses from Valentine’s Day Cyber Threats

1. AI-Powered Email Security: Preventing Threats Before They Reach Users

Most phishing emails bypass traditional spam filters, relying on brand impersonation and psychological manipulation. MSPs must deploy advanced AI-driven email security to:
– Detect and block phishing attempts before they reach inboxes.
– Analyze and quarantine suspicious emails in real-time to prevent credential theft.
– Automatically prevent malicious links from being accessed.

Guardz provides MSPs with AI-powered email security, allowing them to automatically stop phishing campaigns before they impact businesses.

Guardz helps MSPs prevent account compromise by securing email, detecting phishing attempts, and monitoring for credential leaks—before they turn into full-blown breaches.

2. Phishing Simulations: Strengthening Employee Awareness

Even with advanced security, human error remains the top cybersecurity risk. The best way to ensure employees recognize phishing threats? Simulated phishing tests.

Guardz provides MSPs with automated phishing simulations, helping SMB employees:
– Recognize phishing attempts in real time.
– Practice identifying fraudulent emails safely.
– Improve their cybersecurity habits through ongoing training.

With real-time reporting, MSPs can track employee performance, identify vulnerabilities, and reinforce training where needed.

3. Cyber Awareness Training: Reducing Human Error Risks

Cybercriminals rely on untrained employees clicking malicious links. Ongoing cybersecurity training is the key to prevention.

Guardz Cyber Awareness Training Helps MSPs:
✔ Deliver automated, ongoing security training for SMB employees.
✔ Test employees with real-world cyber threats to improve response rates.
✔ Monitor training effectiveness to ensure businesses stay secure.

How Guardz Helps MSPs to Secure Small Businesses

At Guardz, we provide MSPs with a comprehensive cybersecurity platform to detect and prevent threats before they reach SMB clients. Recently, We’ve launched our “Ultimate Plan”– AI-Powered Unified Detection & Response across identities, endpoints, email, cloud, and data, featuring embedded SentinelOne EDR –  Guardz ensures MSPs can proactively defend small businesses from evolving cyber threats.

Why MSPs Choose Guardz:

AI-Powered Threat Detection – Stops phishing and email-based attacks before they impact businesses.
Automated Phishing Simulations & Cyber Awareness Training – Prepares employees to recognize and avoid cyber threats.
Dark Web Monitoring & Compliance Tools – Helps MSPs stay ahead of evolving threats.

Final Thoughts: Cybersecurity Must Be a Priority—Not a Valentine’s Afterthought

Cybercriminals exploit human emotion and trust, and Valentine’s Day scams are no exception. This year, phishing campaigns are more sophisticated than ever, using brand impersonation and fake rewards to trick victims into handing over sensitive information.

For MSPs, proactive cybersecurity is the only way to keep small businesses safe. That means:
✔ Blocking phishing attempts before they reach inboxes
✔ Training employees to recognize scams through phishing simulations
✔ Using real-time threat intelligence to stay ahead of cybercriminals

By partnering with Guardz, MSPs can deliver enterprise-grade security to small businesses without complexity or high costs.

Want to protect your SMB clients from phishing threats? Check out Guardz’s Ultimate Cybersecurity Plan for MSPs today!

A new hacking group called Belsen Group has dumped data containing IP addresses, firewall configurations, and plaintext VPN credentials from over 15,000 FortiGate firewalls. This breach is particularly alarming for MSPs and IT professionals who rely on FortiGate firewalls to secure client environments.

Key Takeaways:

• Over 54% of the compromised firewalls are still online and accessible as of January 2025.
• The breach is linked to CVE-2022–40684, a critical authentication bypass vulnerability that attackers exploited to steal firewall configurations.

Here’s a closer look at what happened, the risks involved, and how MSPs and IT professionals can protect their networks.

Background and Timeline

Who is the Belsen Group?

A relatively new cybercriminal group recently leaked 1.6GB of FortiGate firewall configurations, organized by country and IP address.

How Was the Data Obtained?

Cybersecurity researcher Kevin Beaumont linked this attack to CVE-2022–40684, a critical authentication bypass zero-day vulnerability disclosed by Fortinet in October 2022. Attackers exploited this flaw to extract configuration files and steal credentials.

Why Does It Matter Now?

Even though this data dates back to 2022, firewall configurations often remain unchanged unless an organization has actively responded to a known breach / rotated login credentials. This means that credentials and firewall rules from 2022 could still be valid.

Scope of Exposure

Major Findings:

• 54% of the leaked IPs remain online and reachable (as of January 2025).
• 33% of these IPs still expose FortiGate login interfaces
• A community-driven GitHub repository is tracking the leaked IPs:
  🔗 Leaked IP List

How to Check If You’re Affected

1. Compare Your IP Addresses

Check your IP inventory against the leaked IP list:
🔗 Leaked IP List

2. Guardz Trial Users Get a Free Check

Guardz offers a free vulnerability assessment during its trial period. We’ll check if your organization appears in the leaked data and provide Dark Web monitoring to detect other breaches.

Recommended Remediations

1. Patch & Update Immediately

• For FortiOS 7.0.x → Update to 7.0.16+
• For FortiOS 7.2.x → Update to 7.2.12+
• For CVE-2024-55591 → Follow Fortinet’s guidance to upgrade to 7.0.17+ or 7.2.13+

2. Rotate Credentials

• Immediately change all FortiGate passwords.
• Enforce multi-factor authentication (MFA) on all remote-access VPNs and admin portals.

3. Remove Public-Facing Admin Pages

• Restrict management interfaces to internal networks or secure VPN connections.
• Exposing admin interfaces to the public internet makes them easy targets for brute-force attacks and zero-day exploits.

4. Monitor for Unauthorized Activity

• Review firewall logs for suspicious logins or configuration changes.
• Track inbound connections from unknown or suspicious IP addresses.

How Guardz Supports You

1. Free Leak & Dark Web Checks

During our trial, we scan for any leaked IPs or credentials associated with your organization. We also provide Dark Web monitoring to stay ahead of new threats.

2. Actionable Insights

Our platform offers step-by-step remediation guidance, including:

• Enforced password resets.
• Security configuration suggestions, such as MFA enforcement.

Conclusion

This FortiGate firewall breach highlights the urgent need for proactive cybersecurity measures. Even though this stolen data is from 2022, many organizations haven’t refreshed credentials or firewall settings, leaving them exposed.

If you suspect your FortiGate devices have been compromised—or if you want expert guidance on securing your infrastructure—reach out to Guardz.

We’re here to help you navigate this breach, protect your assets, and keep your clients’ networks secure.

We are excited to announce the release of the Ultimate Plan, which combines SentinelOne’s industry-leading Endpoint Detection and Response (EDR) technology with the Guardz unified platform and adds Managed Detection and Response (MDR) for MSPs. This launch marks a significant milestone as we broaden our value proposition, offering a holistic, AI-powered, and user-centric managed cybersecurity service.

What Makes the Ultimate Plan a Game-Changer?

The Ultimate Plan builds on the Guardz platform’s holistic, user-centric approach to security by incorporating managed SentinelOne capabilities with Guardz MDR (Managed Detection and Response) services. Here’s what MSPs can expect:

1. Platform Configuration and Management

Guardz MDR simplifies the complexities of managing SentinelOne by taking on the day-to-day configuration and maintenance tasks:

• Monitoring Endpoint Health: Proactively ensuring devices are secure and operational.
• Policy Updates: Managing block and allow lists across global customer bases.
• Controlled Updates: Keeping SentinelOne agents up-to-date with controlled rollouts to maintain reliability.

2. Alert Triage

By leveraging AI, Guardz MDR manages and prioritizes alerts, removing the burden of false positives and reducing noise:

• Real-Time Alert Management: Ensures MSPs see only the most critical threats.
• Streamlined Workflows: Saves MSPs time by automating responses to routine notifications.

3. Incident Analysis

Guardz MDR goes beyond managing individual alerts by providing a comprehensive analysis of security incidents:

• Global Insights: Looks across organizations to understand the broader impact of threats.
• User-Centric Connections: Links endpoint activity with other security layers, such as cloud behavior, phishing patterns, and email activity, for a complete view of threats.

4. Incident Support

Guardz MDR offers direct, real-time engagement with a team of security analysts:

• Actionable Responses: Includes quarantining endpoints, blocking threats, and isolating risky users.
• Direct MSP Communication: Updates are delivered via phone, email, or the Guardz platform for seamless collaboration during incidents.

Tailor-Made for MSPs

The Ultimate Plan is designed specifically to meet the needs of MSPs, offering them the tools and support they need to succeed:

• Simplified Management: A single platform that consolidates tools and eliminates the need for multiple dashboards.
• Scalable Security: AI-driven automation and managed services enable MSPs to grow without adding headcount.
• Cost-Effective Offering: Advanced enterprise-level protection made affordable and practical for MSPs and their SMB clients.

Contact us today to learn more about how the Guardz Ultimate Plan can transform your security strategy!

Bringing Top-Level Security to SMBs

For SMBs, the Ultimate Plan delivers the kind of protection typically reserved for large enterprises—without the complexity or cost. By embedding SentinelOne’s capabilities into the Guardz platform and enhancing them with AI-powered management, Guardz ensures:

• Robust Security: SMBs gain access to enterprise-grade EDR, MDR, and a unified security approach.
• Ease of Use: Guardz takes on the heavy lifting so SMBs can focus on their business.
• Scalable Solutions: Security that grows with their business needs without requiring in-house expertise.

Why Choose the Guardz Ultimate Plan?

The Guardz Ultimate Plan empowers MSPs to deliver enterprise-grade security with unmatched ease and efficiency. Security is only as effective as an MSP’s ability to implement and manage it effectively. While SentinelOne’s best-in-class technology provides cutting-edge threat detection and remediation, its full potential can only be realized when paired with seamless management and real-time responsiveness. That’s where Guardz excels.

The Ultimate Plan combines SentinelOne’s powerful EDR capabilities with a unified platform designed to simplify provisioning, deployment, and ongoing management. On top of that, we layer a robust Managed Detection and Response (MDR) service to ensure MSPs can confidently deliver 24/7 protection against ransomware, account compromise, and other advanced threats.

Key benefits include:

• 24/7 Security Services: Empower your clients with always-on protection without adding to your team’s workload.
• Focus on Growth: Guardz handles the complexities of security management, freeing you to scale your business.

With Guardz, MSPs can provide world-class security services that are scalable, easy to manage, and designed to meet the demands of modern cybersecurity.

Empowering Small Businesses with World-Class Protection

The Ultimate Plan ensures SMBs receive the level of protection previously reserved for large enterprises:

• Cost-Effective Security: Delivers powerful protection without requiring in-house expertise or infrastructure.
• Scalable Solutions: Allows MSPs to offer 24/7 security services to SMBs without increasing headcount.
• Simplified Management: Reduces the complexity of managing multiple tools, freeing MSPs to focus on growing their businesses.

Final Thoughts

The Guardz Ultimate Plan represents a transformative shift in cybersecurity for MSPs and SMBs. By combining SentinelOne’s enterprise-grade technology with the Guardz unified detection & response, we’re empowering MSPs to deliver unmatched value to their clients while simplifying operations and improving scalability.

Contact us today to learn more about how the Guardz Ultimate Plan can transform your security strategy!