2025-05-13 - Version 2

Puppet Enterprise Advanced embeds security remediation into the heart of infrastructure automation unlocking seamless DevSecOps collaboration.

MINNEAPOLIS, APRIL 22, 2025 — Perforce Software, the DevOps company for global teams seeking AI innovation at scale, today announced the release of its latest platform update for Puppet Enterprise Advanced, designed to streamline DevSecOps practices and fortify enterprise security postures. This release incorporates more advanced and proactive remediation options, allowing organizations to accelerate their response to security vulnerabilities by fostering greater collaboration between platform and security teams.

Today’s threat landscape is evolving rapidly in both agility and sophistication thanks in part to the misdirected power of AI. However, the divide between infrastructure management and security operations creates a critical bottleneck to a swift response. A 2024 study by Statista reported that the average age of cyber vulnerabilities is 229 days leaving companies and their customers vulnerable to security breaches and being found to be non-compliant. Still, companies trying to solve this problem are being challenged by rapid scaling of infrastructure, inefficient operational practices, and an ongoing global cyber skills shortage.

Puppet’s latest platform update enables enterprises to rapidly address known vulnerabilities by integrating security remediation within core infrastructure workflows to accelerate responsiveness to identified threats. Embedding this capability into established processes gives operations and security teams a shared understanding of their security posture and automates critical remediation tasks to eliminate inefficient cross-functional handoffs.

“Vulnerabilities continue to increase, with around 40,000 known vulnerabilities in 2024. Because of this explosion in vulnerabilities, the mean time to remediate continues to increase, leaving companies extremely vulnerable to attacks. Enterprises must combat this by integrating security with infrastructure automation to shorten the vulnerability remediation cycle,” said Tzvika Shahaf, Vice President of Product Management at Perforce. “Our new release empowers organizations to unlock a collaborative DevSecOps environment by shrinking the opportunity window for attackers. In future Puppet releases, the pace will quicken further with human-in-the-loop, AI-driven automation.”

Puppet enables the platform team to support security initiatives to improve resiliency and reduce the MTTR (mean time to remediate). Lowering risk, improving efficiency, and reducing cost is accomplished by providing:

Remediation of known vulnerabilities is streamlined by integration with leading security scanners. Tenable Nessus is included out-of-the box and other popular scanners are available via an extensible architecture and open API framework. Self-service workflows and cross-functional visibility break down siloes to eliminate efficiency bottlenecks and accelerate resolution.
Patching workflows are managed directly in Puppet and benefit from an intuitive GUI interface. Support for maintenance and blackout windows ensures less business interruption while dynamic patching groups provide the operational efficiency necessary when managing extensive hybrid estates.
Desired state enforcement ensures configurations remain continuously aligned with security policies. Remediation is automatic when discrepancies are identified along with the generation of documentation needed by auditors.
Automatic alignment with popular security baselines via pre-built, reusable policy as code (PaC) modules ensuring the latest best practices are always being applied.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

OpenLogic 2025

Summary: MediBillMD specializes in revenue cycle management for healthcare providers. Their teams work from South Asia, yet they must securely access PHI based in the U.S.

MediBillMD is a service-based company that provides end-to-end revenue cycle management for clinics and healthcare providers. They manage the billing of claims and the reimbursement process. They also handle:

Credentialing — verifying providers’ qualifications and enrolling them with payer
Authorization scrubbing — checking claims for errors before submission, reducing rejections and delays

Here’s a simplified version of the revenue cycle they manage:

A patient visits a clinic and sees a doctor
The doctor generates a claim and sends it to the insurance payer
The insurance payer processes the claim and reimburses the doctor

MediBillMD handles the billing and collection tasks, so clinics can focus on patient care. They are experts at ensuring providers get paid for services rendered.

The challenge: secure remote access to PHI

Alex Walker, Assistant VP Business Development and Sales, explains:

“We work with protected health information, so we must comply with HIPAA guidelines. We also need secure remote access to electronic medical records (EMRs) for our providers. We can’t do this without a dedicated U.S. IP address, and that’s where NordLayer helps us run operations smoothly.”

MediBillMD’s main office is in Dallas, Texas. Their operations team works primarily overseas. They needed:

A Server with a dedicated IP to provide a fixed U.S. IP address.
A secure VPN solution that enforces HIPAA compliance.

They turned to NordLayer to fulfill these requirements.

Step 1. Deploy NordLayer in 3 minutes

MediBillMD had tried another solution that didn’t work well. They switched to NordLayer because of user-friendly management, strong support, and familiarity with Nord’s products.

“Nord is well-known. The support is good, and the prices are competitive. I was already using NordVPN personally, so I recommended NordLayer. We want to become an enterprise soon, and NordLayer fits those plans.”

Deployment was straightforward:

Log in to NordLayer.
Send an invitation to each user.
The user clicks the link to download the NordLayer app.
The app installs automatically.
They’re ready to connect.

“Everything takes 2 or 3 minutes.”

Step 2. Set up a Server with a dedicated IP

MediBillMD’s teams must access U.S.-based websites and EMRs from other regions. Some websites block non-U.S. traffic. The dedicated U.S. IP solves that.

Secure EMR access via Dedicated IP & VPN

When employees begin work, they automatically connect to the NordLayer VPN to reach EMRs and billing websites. Without the VPN, they can’t access any resources at all.

MediBillMD also has a Business Associate Agreement (BAA) with each clinic. This ensures that PHI can be accessed without storing data locally. By using the dedicated IP, each clinic knows exactly where MediBillMD’s requests come from, and no PHI gets saved on local systems.

Step 3. Enable Always On VPN

MediBillMD enforces an Always On VPN policy:

Users’ devices start up with NordLayer connected.
If NordLayer disconnects, internet access is blocked.

“There’s an option that only allows the internet connection when the VPN is on.”

This approach eliminates accidental data exposure and keeps PHI protected at all times.

Step 4. Add extra security with DNS Filtering

MediBillMD blocks certain sites by using DNS filtering. They can tailor these policies to ensure employees don’t accidentally access risky domains.

“We can also explore other NordLayer solutions, like network segmentation, as we grow.”

Results: healthcare services enabled

All remote employees secured. The team can safely access the U.S.-based resources.
No bandwidth loss. The VPN runs smoothly without speed drops.
Always On VPN. Employees remain connected, ensuring continuous compliance.
EMRs remain in the U.S. No local data storage, aligning with HIPAA.
Easy scaling. Adding new users takes only a few clicks.

Why NordLayer works for MediBillMD

MediBillMD values an all-in-one cybersecurity solution. They don’t want multiple vendors for separate tasks. NordLayer meets those needs:

Scalability. New users can be added instantly.
Future expansion. As MediBillMD grows, they can adopt network segmentation and advanced analytics.
HIPAA-friendly. Combined with EMR-based security features (like two-factor authentication), NordLayer keeps PHI access locked down.

They plan to add more dashboards for HIPAA audits in the future. For now, they focus on a smaller volume of analytics. As they expand, they’ll integrate more features.

Pro cybersecurity tips

Organizations handling PHI must follow strict security rules to stay HIPAA-compliant. These practices help prevent breaches and block unauthorized access. While designed for healthcare, they also benefit other industries managing sensitive data.

Adopt a clear desk policy
Always lock your computer when leaving your workstation, even for a minute. This protects PHI from unauthorized access and helps meet privacy and security standards.
Protect data when sending attachments
Encrypt files with a password and email that password separately. Never include any patient identifiers (e.g., name, member ID, insurance details) in the email body. This reduces the risk of exposing sensitive information.
Enforce least privilege
Give access only to those who need it. Critical passwords stay with management, so unnecessary personnel can’t view or handle sensitive data. This keeps systems locked down and HIPAA-compliant.

Alex Walker, Assistant VP Business Development and Sales @MediBillMD

Conclusion: future-ready HIPAA compliance

MediBillMD needs a dedicated U.S. IP to serve their remote workforce and U.S. clients. Here’s what they did:

Deployed a Server with a dedicated IP so employees can access U.S. EMRs.
Enabled Always On VPN to keep data secure 24/7.
Used DNS Filtering to block risky or unneeded websites.
Applied least privilege principles, with network segmentation planned for the future.
Prepared for growth: Adding new users is simple, and everything else is built into NordLayer.

For healthcare companies like MediBillMD, an all-in-one solution helps maintain compliance, boost security, and simplify IT.

A Server with a dedicated IP starts at $40 per month. Other security features come in the Core NordLayer plan.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

About Version 2 Digital

The challenge: secure remote access to PHI

Step 1. Deploy NordLayer in 3 minutes

Step 2. Set up a Server with a dedicated IP

Step 3. Enable Always On VPN

Step 4. Add extra security with DNS Filtering

Results: healthcare services enabled

Why NordLayer works for MediBillMD

Pro cybersecurity tips

Conclusion: future-ready HIPAA compliance

About Version 2 Digital

Hello!