Skip to content

Validating Internal Network Policies: Access Control and Encryption

With segmentation and core services covered, the focus now shifts to enforcing policies on usage, user behavior, and encryption to maintain visibility and ensure compliance across all layers of your network. These controls are critical for mitigating internal risks and upholding your secure communication standards.

GREYCORTEX Mendel supports this effort by providing you with clear insights, alerting you about violations, and helping your teams validate whether your policies are being followed in practice.

Missed the beginning? 
🔗 Read Part 1 to explore how Mendel helps you enforce segmentation and control your core network services.

 

User Access Policies and Behavioral Violations

Even trusted users and systems can introduce risk if policies are not clearly enforced. Monitoring what is allowed and what is not helps you uncover subtle violations that could otherwise go unnoticed.

Policy violation: Forbidden protocols or apps (RDP, TeamViewer, Dropbox, etc.)

Relevant for NIS2

Some organizations prohibit remote-access tools or file-sharing apps to reduce risk and maintain control over their IT environments. When unauthorized protocols are used, they may introduce new attack vectors or enable remote exploitation.

Validation with Mendel

Mendel directly detects the use of unauthorized applications. Your analysts can filter for specific protocols to confirm whether a session occurred and if it was successful, including details about session duration, data transfer volumes, and communication content. This helps you verify whether users violated your internal policies, and allows you to add legitimate usage to an exception list to avoid future alerts.

In our case, Mendel has identified and flagged multiple devices that have downloaded and used TeamViewer. Analysts can then investigate whether these hosts were authorized and, if appropriate, whitelist the IPs to prevent future alerts.

In another example, Mendel has captured a potential RDP (Remote Desktop Protocol) session. By drilling down into the event, analysts can identify the user involved and review the session duration.

Policy violation: Communication to forbidden destinations or services

Relevant for NIS2

Certain destinations, such as foreign countries, blacklisted IPs, or unauthorized services, are often restricted to reduce risks. Detecting such traffic reveals overlooked exceptions or malicious tools trying to evade controls.

Validation with Mendel

Mendel detects and alerts you about communication with blacklisted IPs. Your analysts can use predefined or custom filters to review connections by source and destination IPs, traffic volume, and packet counts. The Network Analysis tab provides you with extensive filtering and search options, enabling your teams to conduct deep investigations across the entire network.

As an example, Mendel detected a TeamViewer DNS request originating from host mx (192.168.2.42). By drilling down, analysts confirmed that a connection was successfully established, indicating a potential policy violation or unauthorized remote access.

Mendel allows your analysts to identify which user is behind suspicious traffic. This helps you verify whether access to forbidden destinations or tools was legitimate or a policy violation.

Policy violation: Excessive peer communication

Certain devices, like controllers in manufacturing or internal phone servers (PBXs), are expected to communicate with a limited set of peers. New or unusual connections may signal misconfiguration or unauthorized activity.

Validation with Mendel

Mendel enables your analysts to define peer count limits for individual hosts or entire subnets, helping you to enforce expected communication boundaries.

For example, if a PBX server communicates with more peers than its known SIP trunks and internal phones while inbound Internet traffic is restricted, Mendel will flag it for review.

Policy violation: Unauthorized communication with honeypots

Honeypots are intentionally exposed systems used to detect suspicious activity inside the network. Typically, only predefined systems such as admin tools or security scanners should communicate with them. Any other connection attempt may indicate lateral movement or internal scanning.

Validation with Mendel

Mendel allows your teams to define which systems are authorized to communicate with honeypots and alerts your analysts to any unauthorized attempts.

In the example below, only the management PC is allowed to communicate with the honeypot at 192.168.2.36. When another device (192.168.2.28) initiates a connection, Mendel triggers an alert.

The peer graph confirms and visualizes that the honeypot was accessed by both permitted and unauthorized devices.

Encryption Standards and TLS Usage

Cryptographic standards are a foundational layer of secure communication. Monitoring certificate validity and protocol versions helps you identify weak encryption before it becomes a vulnerability.

Policy violation: Expired TLS certificates in use

Relevant for NIS2

TLS certificates are a critical part of trusted communication. If a certificate has expired, systems may reject the connection, users may be exposed to spoofed services, or sensitive data may be transmitted without adequate encryption.

Validation with Mendel

Mendel alerts you when expired certificates are detected or when a certificate is approaching its expiration date.

For example, Mendel has found one internal system using a certificate that expired in May 2021.

In another case, Mendel has flagged an upcoming expiration several days in advance, giving administrators time to respond before any disruption occurs.

Policy violation: Outdated TLS versions and cipher suites

Relevant for NIS2

Obsolete TLS versions and weak cipher suites expose your encrypted traffic to known vulnerabilities. Regulatory frameworks like NIS2 urge organizations like yours to stop using TLS versions below 1.2 to reduce attack surfaces and ensure strong encryption standards.

Validation with Mendel

Mendel allows you to configure alerts when outdated TLS versions are used. To ensure secure communication, it is recommended to use TLS 1.2 or 1.3. Achieving this typically involves updating the operating system, browser, or other client software.

For example, an event has shown that one device was still communicating using TLSv1.0.

Strong Policies Require Strong Evidence

Security policies do more than reduce risk. They help you demonstrate accountability to regulators, customers, and internal stakeholders alike. As expectations rise under frameworks like NIS2, proving that internal rules are applied consistently becomes a core part of modern cybersecurity governance. It is no longer enough to assume policies are being followed. You need clarity and verifiable evidence.

Mendel helps organizations like yours move from assumption to evidence. It continuously validates how policies are enforced across the network, from encryption to identity controls, giving your team the visibility to act with clarity and confidence.

Need a second opinion on your enforcement? Request a security audit with Mendel.

 

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Veeam Alternative

While Veeam is a dominant force in the backup and recovery market, there are several reasons why an administrator or business owner might choose Storware Backup and Recovery as an alternative. Storware often appeals to organizations with specific technical environments, budget considerations, or a preference for certain licensing models.

Here are some potential reasons to choose Storware over Veeam:

  • Agentless Approach: Storware’s agentless backup offers significant advantages over agent-based solutions primarily due to its simplified deployment, reduced overhead, and enhanced security. Without the need to install and manage agents on individual virtual machines or servers, agentless systems minimize resource consumption on production machines, eliminate the complexities of agent compatibility issues and upgrades, and reduce potential attack vectors. This streamlined approach leads to faster deployment, easier scalability, and a lower total cost of ownership, making it a more efficient and less intrusive method for protecting diverse IT environments. However it’s worth to mention that Storware also offers agent for file-level backup for Linux, Windows and MacOS.
  • Strong Support for Open-Source and Diverse Hypervisors: Storware has a strong focus on supporting a wide range of open-source and less common hypervisors, including Red Hat Virtualization (oVirt/RHV), Oracle Linux Virtualization Manager (OLVM), Proxmox VE, OpenStack, and Citrix XenServer, in addition to VMware and Hyper-V. If an organization heavily relies on these platforms, Storware might offer more comprehensive and integrated protection compared to Veeam, which traditionally has had a stronger focus on VMware and Hyper-V.
  • Flexible and Potentially More Cost-Effective Licensing: Storware offers various licensing models, including per VM, per Terabyte, and a universal license. This flexibility can be particularly attractive to businesses that need to tailor their licensing based on their specific infrastructure and growth patterns. While Veeam also offers different editions and licensing options, some organizations might find Storware’s models more cost-effective, especially in environments with a mix of platforms or specific scaling needs.
  • Focus on Specific Niches and Workloads: Storware has developed expertise in protecting specific workloads and environments, such as certain databases, containers (Kubernetes, OpenShift), and cloud platforms (AWS EC2, Google Cloud Platform, Azure Cloud, Microsoft 365). For businesses with a significant focus on these particular areas, Storware’s specialized features and integrations might provide a more optimized backup and recovery solution.
  • Potential for Simplicity in Certain Environments: While Veeam is known for its feature richness, its extensive capabilities can sometimes lead to complexity in deployment and management, particularly for smaller IT teams. Depending on the specific infrastructure and the required feature set, some administrators might find Storware’s interface and architecture more straightforward and easier to manage.
  • Vendor Lock-in Avoidance: For organizations committed to open-source technologies and avoiding vendor lock-in, Storware, with its strong support for open platforms, aligns better with this strategy.

It’s important to note that the best choice between Storware and Veeam depends heavily on an organization’s specific requirements, existing infrastructure, budget, technical expertise, and long-term data protection strategy. Veeam remains a leading solution with a broad feature set, strong market presence, and extensive support for common platforms. However, Storware presents a compelling alternative, particularly for businesses with diverse hypervisor environments, specific workload protection needs, or a preference for flexible licensing and open-source compatibility.

 

Feature / FunctionalityStorware Backup and RecoveryVeeam Data PlatformNotes for Admins and Business Owners
Supported Platforms (Hypervisors)Strong support for a wide range including VMware vSphere, Microsoft Hyper-V, Nutanix AHV, Red Hat Virtualization (RHV/oVirt), Oracle Linux Virtualization Manager (OLVM), Proxmox VE, OpenStack, XCP-ng, Virtuozzo, Zadara, VergeOS, and more.Broad support including VMware vSphere, Microsoft Hyper-V, Nutanix AHV, Red Hat Virtualization, Oracle Linux VM, and Proxmox.Storware often has a deeper or earlier support for a wider array of open-source and less common hypervisors, which is key for organizations using these platforms. Veeam has comprehensive support for the major players.
Supported Platforms (Cloud)Supports backup of instances in Amazon EC2, Google Cloud Platform, Azure Cloud, and Microsoft 365.Extensive support for AWS, Azure, and Google Cloud Platform VMs, databases (RDS, SQL Database, Cloud SQL), object storage, and Microsoft 365/Salesforce data protection.Both offer cloud backup capabilities, but Veeam generally has broader and deeper integration with major public cloud providers and SaaS applications like Salesforce.
Supported Platforms (Physical)Supports Windows, MacOS and Linux physical servers and endpoints (laptops/desktops).Supports Windows, Linux, macOS, Unix physical servers, and NAS devices.Both cover essential physical server backups. Veeam’s support for Unix, as well as comprehensive NAS backup, might be a differentiator for some environments.
Supported Platforms (Applications)Offers application-consistent backups with scripting options and potentially more direct support for certain open-source databases or applications depending on integrations (Microsoft Exchange, SharePoint, Active Directory, SQL Server, Oracle, PostgreSQL, MongoDB, and more).Provides application-aware processing for Microsoft Exchange, SharePoint, Active Directory, SQL Server, Oracle, SAP HANA, PostgreSQL, MongoDB, ensuring transactional consistency.Both vendors have an extensive list of supported business-critical applications with dedicated recovery options. Storware’s approach might be more flexible for less common applications via scripting.
Backup TypesSupports Full, Incremental, Synthetic Full, and Incremental Forever backups.Supports Full, Incremental, Reverse Incremental, and Synthetic Full backups, along with backup copy jobs.Both offer standard backup types. The choice often depends on the preferred backup strategy and storage targets.
Recovery OptionsOffers Full VM restore, File-Level Restore (via mounting backups), Instant Restore (for supported hypervisors), Individual Disk Recovery, and Recovery Plans for automated DR.Provides Instant VM Recovery, Granular file-level recovery, Application item recovery (Exchange, SharePoint, AD, SQL), Full system restore, Bare Metal Recovery, and Orchestrated Recovery Plans.Both provide essential recovery options. Veeam’s application-item recovery is a significant strength. Storware’s ability to mount backups for file-level restore is also a valuable feature.
Replication CapabilitiesSupports disaster recovery scenarios often leveraging replicated file systems or built-in backup provider mechanisms for offsite copies and recovery in a secondary datacenter. Does not typically offer native hypervisor-level replication like Veeam.Offers image-based VM replication to an offsite location or cloud, creating ready-to-use VM replicas for fast failover with configurable failover points.Veeam has a strong native replication capability for hypervisors, which is a key component of many DR strategies. Storware focuses more on using backup copies at a secondary site for recovery.
Deduplication and CompressionProvides built-in data deduplication (often using technologies like VDO) and compression to reduce storage consumption. Can also leverage deduplication features of backup destinations (e.g., Dell EMC Data Domain).Offers built-in data deduplication and compression. Has strong integration with leading deduplicating storage appliances for enhanced data reduction ratios.Both solutions offer data reduction techniques. The effectiveness can depend on the data type and the integration with specific storage hardware.
Immutability / Ransomware ProtectionOffers immutable backups to protect against ransomware by making backup data unchangeable, often leveraging WORM (Write Once, Read Many) storage and integrates with secure cloud storage options.Provides multiple options for immutable backups, including leveraging object storage immutability features and dedicated immutable backup repositories, as a key part of their cyber resilience strategy.Both vendors recognize the importance of immutability for ransomware protection and offer ways to achieve this, often using cloud or specific storage features.
Centralized ManagementProvides a web-based central management portal (HTML5) for managing backups across supported environments. Offers a CLI and Open API for automation and integration.Offers a web-based management console (Veeam Backup Enterprise Manager) for centralized management of multiple Veeam Backup & Replication installations, especially for distributed environments.Both offer centralized management interfaces. The best fit depends on the scale and complexity of the environment and the need for multi-site management.
Cloud Integration (Backup Target)Supports storing backups directly to various object storage providers compatible with S3, Google Cloud Storage, Microsoft Azure Blob Storage, and OpenStack Swift.Supports using cloud object storage (AWS S3, Azure Blob, Google Cloud Storage) as backup repositories, including features like the Capacity Tier and Archive Tier for cost-effective long-term retention.Both allow using cloud object storage as a backup target, which is a common and cost-effective approach for offsite copies and archiving.
Ease of UseOften described as having an intuitive interface, particularly for managing the platforms it specializes in.Generally considered easy to deploy and use, with a user-friendly interface, although its extensive features can introduce complexity in larger deployments.Perceived ease of use can be subjective and depend on the administrator’s familiarity with the specific platforms being protected. Storware might be simpler in its niche areas.

 

Before making a decision, administrators and business owners should carefully evaluate their needs, compare the features and capabilities of both solutions in the context of their environment, consider the total cost of ownership (including licensing, support, and management), and ideally, test both solutions to determine which one best fits their requirements.

 

Storware Backup and Recovery emerges as a leading solution that bridges both concepts, offering comprehensive backup capabilities that ensure reliable data recoverability while simultaneously helping businesses establish true data resilience. Through its advanced features such as immutable backups that prevent tampering from ransomware attacks, instant recovery capabilities that minimize downtime, deduplication and compression technologies that optimize storage efficiency, and multi-cloud support that eliminates single points of failure, Storware enables organizations to not only recover from data loss incidents but also maintain business continuity even in the face of cyber threats, hardware failures, or natural disasters.

Additionally, its automated backup scheduling, point-in-time recovery options, and enterprise-grade encryption ensure that businesses can operate with confidence knowing their critical information assets are both protected and readily accessible when needed, transforming data protection from a reactive recovery process into a proactive resilience strategy.

Final Thoughts: Recovery Saves Data. Resilience Saves Businesses.

Here’s the bottom line:

  • Data recovery still plays a vital role in everyday organizations, but it’s not enough.
  • When disaster strikes, data resilience is what keeps you functioning, trustworthy, and safe.
  • Together, they form the foundation of modern business continuity.

The worst time to test your data strategy is after disaster hits. So, don’t choose between recovery and resilience. Accept both and create a system that can not only endure but also thrive in the face of any disturbance.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Storware
Storware is a backup software producer with over 10 years of experience in the backup world. Storware Backup and Recovery is an enterprise-grade, agent-less solution that caters to various data environments. It supports virtual machines, containers, storage providers, Microsoft 365, and applications running on-premises or in the cloud. Thanks to its small footprint, seamless integration into your existing IT infrastructure, storage, or enterprise backup providers is effortless.

Identity Security Intelligence: From Insight to Attack Prevention

What to Expect in this Blog:

In Part 2 of the Identity Security Intelligence series, we move beyond discovery to the real objective: prevention. You’ll learn how to operationalize identity intelligence through dynamic, automated controls enforcing least privilege, governing privileged access, and detecting risky behavior to proactively reduce your identity attack surface.

In Part 1 of this series of blogs on Identity Security Intelligence, we explored why Identity Discovery is the critical first step in understanding and managing your organization’s modern attack surface. But discovery alone isn’t enough. Knowing which identities exist and what they can access sets the stage. The real impact comes when you act on that intelligence—by putting the right security controls in place to govern identities, enforce least privilege, and proactively reduce identity-related risk.

Welcome to the enforcement phase of Identity Security Intelligence (ISI).

From Discovery to Defense: Why Controls Are the Next Frontier

Once you’ve surfaced every human, non-human (NHI), machine, and service identity,: and mapped their entitlements across environments, – the next question becomes: what do you do with that knowledge?

This is where many organizations hit a wall. The gap between insight and action is often bridged manually, with fragmented processes and point-in-time audits. But attackers don’t wait for your next quarterly review.

To operationalize identity intelligence, organizations need a controls framework that isare:

  • Dynamic – Adapts to changing roles, environments, and behaviors.
  • Automated – Scales with cloud-native architectures and ephemeral workloads.
  • Context-aware – Informed by the risk posture of each identity and privilege.

Key Pillars of Identity Security Controls

To make identity intelligence actionable, enforcement must span five key areas:

1. Least Privilege Enforcement

Why it matters: Excessive access is one of the most common and dangerous identity risks. Most breaches involve over-permissioned users, stale admin rights, or standing access that attackers can weaponize.

What to do:

  • Automatically compare actual entitlements against job functions.
  • Use identity risk scoring to prioritize over-privileged identities.
  • Remove or downgrade unused, outdated, or unnecessary permissions.
  • Leverage just-in-time (JIT) access for privileged tasks to eliminate standing access.

Example: A DevOps engineer with permanent Admin access to all production accounts is a liability. With JIT access, they can request privilege temporarily, with approval and auditing built in.

2. Privileged Access Governance

Why it matters: Privileged accounts—human and machine—are high-value targets. If compromised, they can grant unrestricted access to sensitive data or systems.

What to do:

  • Centralize control through PAM platforms or privileged access workflows.
  • Monitor privileged sessions in real time, (including service account behaviors).
  • Use multi-factor authentication (MFA) and conditional access for all privileged identities.
  • Rotate secrets and credentials frequently—automate where possible.

Example: A service account running backups across multiple databases should be scoped tightly, monitored continuously, and have keys rotated regularly to reduce risk.

3. Access Lifecycle Management

Why it matters: Identities evolve—people change roles, leave organizations, or take on temporary projects. Without lifecycle management, access persists far beyond necessity.

What to do:

  • Integrate with HR systems or identity lifecycle tools to automatically adjust access based on joiner-mover-leaver events.
  • Define role-based access control (RBAC) and enforce provisioning rules.
  • Regularly review and re-certify access for high-risk roles and sensitive systems.

Example: A finance intern who transfers to marketing should not retain access to payroll and financial reporting tools. Automating revocation helps prevent avoids lingering access.

4. Identity Behavior Monitoring

Why it matters: Even well-configured identities can be compromised. Behavioral context is key to detecting misuse, anomalies, and early signs of intrusion.

What to do:

  • Establish baselines for normal identity behavior (logins, systems accessed, time of day, etc.).
  • Detect deviations—like sudden spikes in access, data exfiltration patterns, or privilege escalation.
  • Integrate with UEBA (User and Entity Behavior Analytics) tools and threat detection systems.

Example: If a service account that usually runs database jobs starts making API calls to billing systems at midnight, that should trigger investigation.

5. Policy and Automation-Driven Remediation

Why it matters: Manual cleanup of access and privileges doesn’t scale. Automation ensures consistency, speed, and resilience against human error.

What to do:

  • Define policies that trigger automatic actions—e.g., disable orphaned accounts after X days of inactivity.
  • Automate access reviews and alerts for high-risk privilege combinations.
  • Use policy-as-code for cloud entitlements and infrastructure roles (e.g., Terraform + OPA).

Example: If an AWS user gains permissions that violates a least privilege policy, automation should flag it immediately and, optionally, remove excess access.

Security Intelligence in Action: From Detection to Prevention

By enforcing identity controls aligned with intelligence, you shift from reactive to proactive defense. Examples include:

  • Proactively preventing privilege escalation by detecting lateral paths through identity graph analysis.
  • Blocking anomalous access from non-compliant locations or devices using conditional access policies.
  • Auto-revoking stale entitlements through risk-based automation tied to inactivity thresholds.
  • Identifying separation-of-duties violations (e.g., a user who can both initiate and approve financial transactions).

This isn’t just about better security—it’s better governance and reduced risk.

What Makes Identity Control Effective?

Identity Security Intelligence becomes powerful when insight leads to intervention. The most effective enforcement models share the following traits:

  • Visibility-driven: Based on complete, contextual discovery of identities and privileges.
  • Risk-prioritized: Driven by real-time scoring, not static role definitions.
  • Integrated: Connected interoperability between IAM, PAM, SIEM, and cloud security platforms.
  • Adaptive: Responds to changing conditions—cloud resource drift, org changes, identity posture shifts.
  • Auditable: Leaves a clear trail for compliance, incident investigation, and accountability.

Getting Started: Operationalizing Identity Security Controls

If you’ve already begun identity discovery, the next steps involve turning that visibility into action:

  1. Audit your current identity and privilege landscape for excess access and orphaned identities.
  2. Define your control framework—least privilege, privilege review, access lifecycle, monitoring, and remediation.
  3. Automate where possible—access revocation, risk scoring, and provisioning.
  4. Continuously monitor identity behaviors and privilege drift across environments.
  5. Integrate ISI into broader detection and response pipelines for holistic threat defense.

The Bottom Line

Discovery gives you awareness. Control gives you power.

Without enforcement, Identity Security Intelligence is just data. With the right controls, it becomes a force multiplier—reducing attack surface, stopping privilege abuse, and elevating your security maturity.

In today’s landscape, where identity is both the front door and the battleground, defenders need more than visibility. They need automated, adaptive, intelligence-informed control over every identity, privilege, and entitlement.

Because in the end, you don’t just want to know what’s out there. You want to secure it.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

runZero Accelerates European Growth Through Strategic Partnership with Aqaio

German Cybersecurity Specialist Appointed as Primary Distributor for runZero to Drive Expansion in the DACH-Region #

London, United Kingdom – July 24, 2025 – runZero, a leader in exposure management, today announced a strategic partnership with Aqaio, a German value-added distributor specializing in advanced IT security solutions. As runZero’s primary channel partner in Germany, Aqaio will spearhead regional growth efforts by delivering runZero’s expanded exposure management platform to organizations navigating today’s increasingly complex cyber threat landscape.

This alliance represents a significant milestone in runZero’s wider EMEA growth strategy. Leveraging Aqaio’s deep market expertise and established channel network, runZero can now accelerate its European expansion while offering localized support tailored to the specific needs of German organizations.

Partnership highlights include:

  • Localized Expertise: Aqaio brings in-depth knowledge of the German cybersecurity market, enabling specialized customer engagement and faster time-to-value.
  • Expanded Channel Reach: A top-tier network of resellers and systems integrators gain access to runZero’s powerful exposure management platform, enabling them to offer comprehensive proactive cyber defense to their end customers.
  • Streamlined Distribution and Support: Aqaio will facilitate seamless implementation via dedicated consulting, logistics, and certified training services for partners and end users.

“This partnership with runZero is a strategic win for our channel ecosystem,” said Richard Hellmeier, CEO at Aqaio. “They are no longer selling just another product — they’re delivering a vital capability. runZero’s technology is fast to deploy, easy to integrate, and solves a foundational security challenge. It aligns perfectly with our mission to deliver holistic and forward-looking solutions to the market.”

“In today’s rapidly shifting threat landscape, partnerships like this are essential to delivering resilient, scalable cybersecurity,” said Joe Taborek, Chief Revenue Officer at runZero. “Aqaio’s proven expertise and reach across the German market empower us to extend access to the runZero Platform and strengthen cyber readiness from the ground up. Together, we’re helping build a safer, smarter digital future.”

About Aqaio

Aqaio partners with resellers, system integrators, and OEMs. We focus on new technological developments, which we supplement and expand with complementary solutions from market and technology leaders in the IT security field. We also provide 2nd level support and training for our partners and their end-customers. The product portfolio consists of high-end IT products that complement each other and can be combined to create integrated solutions. Additionally, Aqaio offers services such as consulting, marketing support, logistics, training, and technical support. For more information, visit: https://aqaio.com/

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Identity Security Intelligence: Why Identity Discovery is the Bedrock of Modern Risk Management

Blind spots in identity are today’s biggest security risk. Here’s how to fix them.

In today’s hyper-connected and threat-saturated digital landscape, one truth is rapidly becoming self-evident to defenders across every industry: identity is the new perimeter, and access is the new security. As traditional network boundaries dissolve in favor of hybrid and cloud-first infrastructures, adversaries are increasingly pivoting toward the exploitation of identities—privileged accounts, service identities, orphaned users, misconfigured roles—as the primary path to breach and move laterally within environments.

But here’s the catch: you can’t protect what you don’t know exists. This is where Identity Security Intelligence becomes not just useful but essential. And at the core of that intelligence lies a foundational capability: Identity Discovery.

What is Identity Security Intelligence?

Identity Security Intelligence (ISI) is the ability to aggregate, analyze, and act on data about identities, their associated roles, privileges, behaviors, and risks across the entirety of an organization’s infrastructure—from on-premises directories to SaaS applications and multi-cloud platforms.

Think of it as the intersection between Identity and Access Management (IAM), risk analytics, and threat detection. It’s not just about managing identities; it’s about understanding them deeply—who they are, what they can do, where they exist, and how they behave over time.

The Foundation: Identity Discovery

Before an organization can reason intelligently about identity risk, it must first discover all identities that exist across its environment. This includes:

  • Traditional/On-Prem Identities: Users in Active Directory, service accounts in legacy apps, local admin accounts on servers, etc.
  • Cloud Identities: Identities in Azure AD, AWS IAM users and roles, Google Workspace users, cloud-native service principals, API keys, containers, and ephemeral workloads.
  • Shadow and Orphaned Identities: Legacy accounts no longer linked to active users, leftover access from decommissioned applications, services, and mismanaged credentials hiding in infrastructure-as-code.

A robust Identity Discovery capability surfaces all these identities, —whether they’re centralized or scattered, active or dormant, human or non-human.

Why Identity Discovery is Challenging (Yet So Crucial)

The complexity arises from the fact that identity is now distributed. No longer tethered to one central directory, identities live in different silos across multiple environments and systems. Each cloud provider has its own model. Each SaaS app may define roles and entitlements differently. Each legacy system might still have its own local accounts.

This fragmented landscape creates massive blind spots:

  • Privileged accounts in cloud environments that bypass central logging.
  • Orphaned identities with persistent access to sensitive data.
  • Service accounts with excessive, never-reviewed permissions.
  • Redundant roles due to M&A, org restructuring, or tool proliferation.

Without discovery, these blind spots can easily lead to compromised credentials.

Beyond Inventory: Discovering Roles, Privileges, and Entitlements

Discovery doesn’t stop at listing accounts. To enable true security intelligence, you must also map the roles, privileges, and entitlements tied to each identity.

This means answering questions like:

  • What can this identity do?
  • Where can it go?
  • What data can it access?
  • What systems does it control?
  • Are these privileges aligned with its purpose?

For example, discovering an AWS IAM user is useful. But understanding that the user has AdministratorAccess across multiple production accounts—and the account hasn’t logged in for 90 days—is critical.

Or take an identity in Microsoft 365 that has full mailbox access across HR, Finance, and Legal departments. Is that intended? Necessary? Or a remnant of an old project no one cleaned up?

Mapping these entitlements and privilege chains across your hybrid estate helps you:

  • Identify toxic combinations of access.
  • Enforce the principle of least privilege.
  • Detect privilege escalation paths.
  • Uncover misconfigurations before attackers do.

Identity Risk: The Unseen Attack Surface

The more fragmented and complex your identity environment, the greater your exposure. Attackers thrive in this chaos.

From techniques like Kerberoasting, Golden SAML, and token theft, to exploiting cloud misconfigurations and unused admin roles, modern adversaries are experts at chaining together identity weaknesses and misconfigurations.

By contrast, organizations that maintain a comprehensive view of identity risk across the board can:

  • Detect anomalous behavior in context (e.g., a service account accessing finance systems for the first time).
  • Shut down dormant or orphaned accounts.
  • Flag privilege drift over time.
  • Simulate attack paths based on current entitlements.
  • Proactively remediate risk without waiting for incidents.

What Makes Identity Security Intelligence Actionable?

Let’s be clear: data alone is not intelligence. Intelligence emerges when data is correlated, contextualized, and operationalized.

An effective Identity Security Intelligence program must provide:

  • Continuous Discovery: Real-time or near-real-time visibility into new, removed, or changed identities.
  • Entitlement Mapping: Deep visibility into fine-grained privileges across cloud and on-prem environments.
  • Risk Analytics: Automated scoring based on behavior, privilege level, and exposure.
  • Historical Context: Identity behavior over time—who did what, when, and whether it deviated from the norm.
  • Integrations: Feeds into SIEM, SOAR, and IAM/PAM platforms for proactive and reactive response.

This turns identity data into strategic insight—fuel for critical decisions in security operations, compliance, audits, and incident response.

Getting Started: Build Your Identity Intelligence Baseline

If your organization is just starting down this path, here’s a basic roadmap:

  1. Inventory all identities—human, service, machine—across on-prem and cloud.
  2. Map entitlements for each identity across applications, infrastructure, and data.
  3. Assess privilege levels and compare against business needs and least privilege standards.
  4. Identify toxic combinations—privilege escalations, cross-boundary access, unused high-risk roles.
  5. Establish continuous discovery and monitoring, not just point-in-time scans.
  6. Feed this intelligence into your risk models and threat detection systems.

The Bottom Line

In the same way that endpoint detection changed the game a decade ago, Identity Security Intelligence is becoming table stakes for defending against modern threats. Attackers know that identity is the weakest link in many organizations. Our job as defenders is to turn it into a strength.

By investing in identity discovery—including deep insight into roles, entitlements, and privileges—you build a clear, contextual picture of your true identity surface. Only then can you manage it, reduce it, and defend it with confidence.

In a world where credentials are more valuable than malware, identity intelligence isn’t just good hygiene—it’s your first line of defense.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×