Skip to content

Stronger Together: Enclave and SafeDNS Advance Zero Trust with DNS-Level Security

In the modern cybersecurity landscape, organizations need more than just isolated tools – they need tightly integrated solutions that work hand-in-hand to deliver scalable protection, simplicity, and visibility across every layer of their digital infrastructure. That’s why we’re excited to announce a strategic partnership between SafeDNS and Enclave, a leading provider of zero-trust network access.

Secure Connectivity + Smart DNS Protection

Both SafeDNS and Enclave are built on a foundation of proactive defense. With Enclave, you can eliminate network attack surfaces and create encrypted connection that restrict access to only trusted, authenticated users. At the same time, SafeDNS protects your users at the DNS layer – preventing threats before they reach your infrastructure.

Together, these solutions form a powerful security stack: SafeDNS fortifies DNS resolution and content access, while Enclave governs encrypted communications between trusted endpoints. By integrating these layers, organizations can block malicious domains and unauthorized communications in a single motion – whether users are remote, hybrid, or on-prem.

What makes SafeDNS even more aligned with today’s compliance-driven security frameworks is its 3R Concept – Reveal, React, Resist:

– Reveal: Gain full visibility into DNS activity across your network, uncovering hidden threats, suspicious behavior, and usage anomalies in real time.
– React: Instantly apply policies or blocklists to respond to new or emerging threats as they arise.
– Resist: Harden your infrastructure against future attacks through intelligent filtering, dynamic AI-based threat detection, and DNS-layer access control.

This model directly supports compliance with NIST Cybersecurity Framework (CSF) functions: Identify, Protect, Detect, Respond, and Recover, by extending protection and visibility into the foundational layer of internet communication: DNS.

By using SafeDNS as the primary DNS resolver inside the Enclave environment, organizations can align their operations with NIST best practices while benefiting from two solutions that are truly complementary by design.

Joint Value: Why It Matters

The real value emerges in the synergy between SafeDNS and Enclave. Here’s how:

– Zero Trust Meets DNS Security: Enclave creates encrypted overlays and strict access policies, SafeDNS ensures no one in that overlay is reaching out to risky or unknown destinations.
– Seamless Policy Enforcement: With SafeDNS set as the primary DNS resolver inside Enclave, admins can apply DNS filtering, block lists, threat detection, and regulatory compliance rules globally, without complex routing or hardware.
– Visibility & Control Across the Stack: Security teams can enforce and monitor DNS policies even across dynamic Enclave-created overlays. That means granular visibility into both who is connecting and what they’re resolving, which is critical for detecting lateral movement, data exfiltration, or insider threats.

Use Case: Secure, Compliant, and Easy

Imagine a distributed team using Enclave for secure access to internal systems. With SafeDNS embedded as the DNS resolver in their Enclave environment, the same team benefits from:

Automatic blocking of malware, phishing, and DNS tunneling attempts
Protection from dynamic DNS Threats (DNS Spoofing, DNS Hijacking, DNS Injection and more)
CIPA, ISO, SOC, HIPAA, and KCSIE compliance at the DNS level
Smart categorization of over 116M domains and 2B+ URLs with real-time updates
One-click DNS-based content filtering for productivity, legal compliance, and security

Why This Matters to You

Whether you’re an MSP, a security-conscious enterprise, or a growing remote-first company, by implementing Enclave + SafeDNS solutions, you can deploy Zero Trust access and DNS-layer protection as a unified experience. It’s easier, more powerful, and doesn’t require rip-and-replace changes.

To activate SafeDNS within your Enclave network:

1) Select SafeDNS as your primary DNS resolver in the Enclave setup.
2) Apply your DNS filtering policy via the SafeDNS dashboard.
3) Enjoy a clean, threat-resistant, and regulation-compliant DNS layer across your infrastructure.

Still have questions or want to see how it works in your environment? Our team is ready to help, just book a demo using the form below.

 

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Portnox Named Cloud-Based Solution of the Year Runner-Up at 2025 Network Computing Awards

Portnox was also a finalist for Innovation of the Year.

 

AUSTIN, TX – May 28, 2025 – Portnox, a leading provider of cloud-native, zero trust access control solutions, today announced that Portnox Cloud was named runner-up for Cloud-Based Solution of the Year for the second year in a row at the 2025 Network Computing Awards. Portnox was also a finalist for Innovation of the Year.

“Cyber threats aren’t just increasing—they’re evolving faster than most security teams can keep up,” said Denny LeCompte, CEO of Portnox. “That’s why we’re helping organizations worldwide ditch passwords and legacy infrastructure in favor of a smarter approach: cloud-native that scales with them. Our unified platform takes the friction out of going passwordless and building a zero trust architecture—without the baggage of traditional on-prem deployments. It’s security that just works, wherever your users and data live.”

Portnox delivers a unified access control platform – the Portnox Cloud – that brings together passwordless authentication, authorization, risk mitigation, and compliance enforcement for enterprise networks, applications, and infrastructure. Purpose-built for distributed organizations with complex IT environments, Portnox Cloud is 100% cloud-native and offers unparalleled ease of use coupled with the robust security capabilities needed to protect against increasingly sophisticated attacks.

This recognition from the Network Computing Awards follows Portnox Cloud being awarded a 2025 Product of the Year Award by Cloud Computing Magazine. The Cloud Computing Product of the Year Awards honor vendors with the most innovative, useful, and beneficial cloud products and services available to deploy within the past year.

 

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

How Stasmayer uses NordLayer to secure legal and medical clients

Summary: Stasmayer, an MSP and MSSP, secured remote work for around 50 small-business clients. NordLayer enabled fast setup, zero disruptions, and easy management.

Stasmayer and NordLayer Results at a glance

Stasmayer is a managed service provider (MSP) and a managed security service provider (MSSP). They have served small businesses since 2003, with deep expertise in legal and healthcare IT. They believe secure connectivity should be accessible and affordable for everyone. This aim led them to NordLayer.

Here is how they used NordLayer to improve day-to-day security for 50 clients. Their process and lessons can help your organization strengthen its defenses, too.

Profile of Stasmayer

The challenge: ensuring secure connectivity for regulated clients

Small businesses need strong but simple protection. Stasmayer serves organizations in legal, medical, and other professional services. Many of these sectors require strict security standards. They also rely heavily on remote access.

“We wanted a solution that’s easy for our clients to use,” says Haris Michael, CIO, Stasmayer’s first employee and a key person in managing IT security for their customers. “Enterprise-level solutions can be complex to maintain. Small businesses want a smooth and quick setup.”

Legal and medical clients face a wide range of regulatory demands. Law firms follow American Bar Association guidance on data privacy. Healthcare practices must comply with HIPAA. Most of them must keep client information confidential and transmit it in a secure manner. That means:

  1. Protecting sensitive files wherever employees work
  2. Adapting to hybrid environments, with servers in the cloud or on-premise
  3. Maintaining compliance with industry regulations
  4. Managing user identities without extra overhead
  5. Ensuring remote connectivity is never complicated
Breakdown of Stasmayer’s client segments

Addressing these needs was Stasmayer’s top priority. They wanted to find a provider that integrated seamlessly with their day-to-day operations. They also wanted technology that would be simple to roll out, even for small firms with limited resources.

“Many of our clients want to work from anywhere,” Haris explains. “They want to be free to open case files or patient charts on the go. But they don’t want to risk a data leak.”

This demand required Stasmayer to find a flexible, cloud-based security platform. The tool had to integrate with existing workflows and allow granular control over user access. That is where NordLayer became a key partner.

Reason 1: Reliable connectivity

Stasmayer needed a straightforward solution. They wanted a single pane of glass for managing all client VPN deployments. That includes everything from traveling attorneys to remote healthcare workers.

NordLayer offered exactly that. They could deploy a virtual private gateway for clients, then spin up or remove user access as needed. This saved a lot of time, especially for small organizations.

What Stasmayer did:

  • Created secure gateways for clients
  • Set up flexible site-to-site VPNs, bridging on-premise and cloud resources
  • Used a single cloud management panel to monitor all users

“We love that our clients can get their data from any device,” says Haris. “All they do is log in through NordLayer. It protects them from risky networks and keeps a record of everything.”

This setup is crucial for small to mid-sized businesses that might have limited security budgets. Large enterprise VPNs are too heavy and complex. NordLayer focuses on ease of use, so it fits smaller infrastructures perfectly.

Reason 2: Streamlined zero-trust features and a cloud firewall

A cloud firewall can seem like an advanced feature. Many smaller clients don’t realize they need it. Stasmayer views it as a crucial element of a zero-trust framework.

What Stasmayer did:

  • Allowed remote workers to connect only to specific applications through the NordLayer Cloud Firewall
  • Filtered traffic so it never leaves a protected environment
  • Enforced Zero-Trust principles by checking each user and device before granting access

“We see a big benefit in having that ‘bubble of security,’” Haris explains. “For instance, if you’re home or at a coffee shop, your device still tunnels through NordLayer. That keeps data safe. It’s also easy to track connections inside the management console.”

This approach meets the demands of both legal clients and healthcare clinics. Law firms gain confidence that their files are never openly exposed online. Healthcare offices can ensure compliance with HIPAA by wrapping their telehealth visits in a safe environment.

“Security is never a one-time thing,” says Haris. “It’s ongoing, and the right tools help us keep pace.”

Reason 3: PSA integration

Stasmayer uses the NordLayer PSA integration to manage billing across multiple clients. Manual invoicing is time-consuming, especially if an organization has more than a handful of users. NordLayer’s integration with PSA automates that process.

What Stasmayer did:

  • Connected NordLayer to their PSA for automatic billing
  • Synced user counts and usage patterns without manual data entry
  • Gave clients simple, transparent invoices

“That integration cuts out a ton of repetitive steps,” Haris notes. “When we add a new user, our PSA sees it and adjusts billing. The same thing happens if someone leaves or a client’s requirements change.”

This efficiency reduces day-to-day administrative burdens. That is a big reason Stasmayer can manage so many small and mid-sized companies at once.

Reason 4: International travel support

Some of Stasmayer’s clients travel abroad for conferences or cross-border meetings. They need a quick, safe way to connect to company resources and email. Before NordLayer, Stasmayer had to unblock specific countries each time someone flew overseas. That was clunky, risky, and easy to forget.

Haris Michaels's quote

What they did:

  • Helped clients deploy NordLayer on phones, tablets, and laptops
  • Blocked all foreign logins at the email level except through NordLayer
  • Eliminated the need for manual country-by-country firewall changes

“People used to forget to tell us they were leaving the US,” says Haris. “They’d arrive, discover they couldn’t log into email, then call us in a panic. Now, we just say, ‘Open NordLayer.’ That’s it. They’re in.”

Users also feel more confident because they know their data is protected when they connect from the airport or a hotel Wi-Fi network. NordLayer’s cross-platform app runs quietly in the background, shielding users from suspicious traffic. This reduces the threat of eavesdropping attacks, which are common in public hotspots.

Reason 5: Powerful site-to-site VPN

Many Stasmayer clients run a hybrid infrastructure. Part of their data resides on a local server, while another part stays in the cloud. This setup demands a site-to-site VPN. But not every solution handles both environments gracefully.

NordLayer delivers seamless traffic routing. Users may not even realize whether they are connecting to an on-premise drive or a hosted application. They simply see their resources under one secure umbrella.

What they did:

  • Unified access to on-premise and cloud servers under NordLayer
  • Linked everything in a single environment
  • Blocked unauthorized data flows outside the secure perimeter

“Some clients only have a small server for specialized apps,” Haris mentions. “They also use Office 365 or Google Workspace. NordLayer ties that together. It’s like giving them a safe private highway that leads into both places.”

This feature resonates strongly with businesses that rely on multiple hosting locations. It helps them avoid the chaos of toggling between different VPNs and routes.

Results: time-saving and hassle-free security

Stasmayer’s rollout of NordLayer delivered tangible benefits to both their internal team and their client base:

  • They scaled to 50 NordLayer clients without major infrastructure changes
  • They eliminated manual user provisioning when employees traveled internationally
  • They saw faster troubleshooting for external connectivity
  • They streamlined billing by syncing NordLayer and their PSA

“NordLayer has simplified everything related to secure remote access,” Haris says. “Our support ticket queue is smaller because employees can handle more tasks on their own.”

Stasmayer also points to improved client satisfaction. Their customers feel confident handling sensitive documents on any device. Legal teams appreciate the ability to manage case files on an iPhone or iPad. Healthcare clinics like how patient records are secured, whether someone is at home or at the office.

“Everyone wants to protect their data,” Haris adds. “But nobody wants to wrestle with complicated software. NordLayer checks both boxes for us.”

Why NordLayer works for Stasmayer

Stasmayer benefits from NordLayer’s easy deployment and versatile network security. They serve many clients in regulated industries. That means they need robust yet user-friendly tools. NordLayer’s blend of features solves that problem. It eliminates the overhead of multiple VPNs while layering in zero trust.

“This gives us enterprise-level tools in a package that’s easy for a small business to deploy and manage. As an MSP, we have one central pane of glass to view all our clients and ensure they meet our standards, rather than managing six different systems or having every client on its own separate system.”

These points highlight why NordLayer suits companies like Stasmayer:

  • One-click setup for remote access
  • Unified management console across many clients
  • Rapid scaling for businesses of any size
  • Cloud firewall that blocks malicious traffic and suspicious ports
  • Dedicated secure gateway that keeps data inside a “bubble”

“Deploying NordLayer on the backend is straightforward with enterprise-class features but without the enterprise complexity,” Haris says. “Most of the time, we spend training users on how to log in. That’s it. We’ve rarely seen a solution so intuitive.”

Pro cybersecurity tips from Stasmayer

Stasmayer has defended small businesses against cyber-attacks since 2003. They encourage everyone to focus on three core areas:

  1. Secure connectivity first
    Make sure your team has a safe path into company data. Don’t rely on public Wi-Fi or ad-hoc connections. Use a dedicated service like NordLayer or a similarly robust platform.
  2. Keep training users
    Emails and phishing attempts evolve constantly. Educate staff about threats at least once a month. Offer reminders, videos, or short tests that keep everyone aware.
  3. Invest in a Managed Security Program
    Don’t leave security to chance. Even the best security can be challenged by advanced attackers. With the proper Managed IT Security Program in place, we can monitor systems around the clock, reduce the likelihood of an attack, and detect intruders fast, before it’s too late.
Haris Michaels's quote

Why join the NordLayer Partner Program?

Stasmayer unified the process of securing remote workers, on-premise servers, and cloud resources using NordLayer. Their top features included:

You can do the same for your MSP. NordLayer scales with your budget and provides the management tools to keep data safe.

Contact NordLayer to learn more about pricing, deployment, or how to set up each feature. Make your clients stronger, reduce the risk of cyber-attacks, and keep operations running smoothly.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Password rotation: A practical overview

All these numbers tell the same story: Passwords stay valuable to attackers because organizations resume them or don’t change them often or intelligently enough. Companies therefore need a way to control the lifespan of any password an attacker might obtain. And that control comes with password rotation.

What is password rotation?

In cybersecurity, password rotation is the practice of regularly replacing a password with a fresh one in order to limit its usable lifespan and the time a bad actor has to exploit it, if compromised. The basic idea is simple: Change passwords regularly to minimize credential-related risks.

The rotation interval can be measured in days, weeks, or months, depending on the sensitivity of the account and company policies. A domain admin credential securing production servers might rotate every week, whereas an internal account might rotate every other month. Rotation schedules are frequently set inside a password rotation policy that specifies cadence as well as complexity requirements.

Regulatory frameworks such as NIST (SP 800‑63B) no longer mandate a fixed 90‑day reset for every account, but they do require event‑driven changes whenever a compromise or leak is suspected.

For most businesses, the challenge with regard to password rotation is executing it at scale without negatively affecting productivity or introducing new risks due to poor implementation.

Why is password rotation important?

Today, bad actors don’t rely as much on zero-day exploits or similar security gaps. Instead, they rely on stolen credentials. A systemic rotation policy can help companies deal with these risks.

First, a password rotation policy shrinks the attacker’s window. If a contractor’s password changes every quarter, a breached database discovered six months later lands too late. Second, such a policy cleans up dormant access. For example, when an employee leaves, the next scheduled rotation automatically invalidates the login in case HR forgot to disable or remove it. Third, it showcases due diligence to auditors and regulators and can ease your compliance journey whether it’s for – PCI DSS, ISO 27001, NIST, or SOC 2.

Password rotation pitfalls

While well intentioned, a password rotation policy can backfire when not executed properly.

Excessive rotation

When change frequency is set to an unrealistic cadence – say every seven days – users resort to shortcuts like sticky notes or simple and quick changes (“PasswordMay01!” becomes “PasswordMay08!”).

Repetitive password usage

If policy enforces rotation but not history checks, employees circle through a small set: Qwerty2024!, Qwerty2025!, Qwerty2026!. Remember – attackers who know yesterday’s formula can guess tomorrow’s.

Pattern‑based passwords

Humans are predictable, especially when it comes to password changes: Adding the next number, changing capitalization, or swapping summer for winter or vice versa are all very obvious.. Automated password‑spray tools can exploit these patterns with minimal variation.

Avoiding these pitfalls requires thoughtful policy design and the right automation settings.

 

Is password rotation enough?

Password rotation yields the best results when it’s a part of a broader security framework that adheres to modern security requirements. The latest NIST SP 800‑63B guidance no longer recommends forcible resets for ordinary users who have not exhibited signs of a compromise. Instead, it prescribes event‑ or risk‑driven rotation for privileged, shared, and high‑value accounts. It also requires multi‑factor authentication (MFA) as an extra layer of security.

MFA blocks most automated account takeovers even when the password remains unchanged, yet it is not a cure-all. Mobile MFA fatigue attacks and prompt bombing show that multi-factor authentication can – in fact – be phished. Rotation therefore works in tandem with MFA, ensuring an attacker cannot get their hands on the same credential months later after social engineering the one-time password.

Least‑privilege design is the third part of the equation: An attacker who compromises login details of someone in marketing should not automatically gain access to production databases. To reduce such risks, apply frequent rotation to the logins that can do real damage: admin, root, and any shared service accounts. In this case, the policy protects what matters without adding unnecessary burden to low-risk users.

A pragmatic rotation policy

An effective rotation policy must bridge security requirements with day‑to‑day practicality. It should give administrators a clear, verifiable checklist while sparing low‑risk users unnecessary friction and hassle.

  1. Group passwords by impact. Rank each password according to the damage it could cause if stolen.

  2. Match cadence to risk. Rotate high‑impact passwords, say, every 30 days or immediately after any security incident. Medium‑impact passwords could change every 90 days. Low‑impact credentials may update only when a role changes, a compromise is detected, or a regulation requires it.

  3. Automate every change. Use APIs, scripts, or a privileged‑access‑management (PAM) platform so passwords can be renewed automatically.

  4. Record the evidence. Send detailed rotation logs to your SIEM system. In case of an audit, auditors need to see exactly what changed, when it changed, and which user or system triggered the action.

How NordPass can help

NordPass provides password rotation tools that remove guesswork without adding busywork. Every password is stored in a zero‑knowledge vault encrypted on the user’s device, so neither NordPass nor attackers can read any of the vault’s data in transit or at rest.

Through the Admin Panel, security teams can set company‑wide rotation rules: which groups must change passwords, how often, and what length or character mix each new password must meet.

NordPass then reminds users when a change is due and records the update. In an instance when HR disables an account through Azure AD, SCIM, or Google Workspace, NordPass locks the vault at the same moment, cutting off access to shared passwords before they can be reused or leaked.

Rotation is faster when the right password is only a click away. NordPass comes with a free password generator that creates strong, unique strings of characters on the spot, so users never recycle old favorites.

To see how these controls fit into a larger security stack, visit NordPass Business and explore features like SSO, breach monitoring, and policy templates that support compliance frameworks such as ISO 27001 and NIS 2.

 

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×