Looking to increase staff and expand operations? Are you having a tough time selling your MSP services to potential clients or retaining existing ones? We’ve assembled a list of 12 inspirational TED Talks every MSP and IT professional should start watching to make better decisions and grow a successful business. Watch them all. We highly recommend it.
We begin with retention. If you want to scale business operations, you must retain your existing customer base. John Boccuzzi Jr. will show you the value of having exceptional customer service and why he considers it the greatest form of marketing a brand can have. John explains why so many businesses fail due to poor customer experiences. Don’t be one of them.
Are you struggling to sell your value and offerings to potential clients? Don’t find yourself in a no-win situation. Hear from a former FBI hostage negotiator with over 24 years of experience in high-stakes negotiations. Learn the art of Tactical Empathy to build meaningful relationships with your clients and convince those prospects of the value you offer.
“Most leaders spend 10% of their time recruiting and 90% correcting recruiting mistakes.” Mads Faurholt-Jorgensen will help you avoid these pitfalls by teaching you what to prioritize when hiring new staff. Learn how to conduct winning interviews and know if the person is the right fit within minutes. Build your team with greater confidence after this educational TED Talk.
Victoria Turk will show you the fundamentals of email etiquette. Where should you begin when starting the conversation in an email? Victoria will give you the scoop on what you should include in the body of the text to keep potential clients interested. Keep those email conversations going in the right direction with this informative TED Talk.
A well-written email will help you close that contract faster. Every character counts. Guy Katz will teach you how to write an email that always gets answered, including the 5 ingredients for a great email. There are billions of emails sent daily. The majority of them won’t get opened or stand a chance of getting noticed as they are redirected to the spam filter. Guy’s practical advice will help increase your open rates and closed won opportunities in your sales pipeline.
Why should a prospect choose your MSP over your competitors? Dr. Terry Wu breaks down the science of neuromarketing and gives you plenty of insight on how to better understand your clients. Learn how a failed Coca-Cola experiment led to 8,000 angry phone calls a day. Find out what the missing ingredient was to avoid customer churn.
Think your emails are private? Andy Yen will prove you wrong on that theory. Andy discusses the role of encryption in securing email conversations and the importance of protecting user privacy. Without encryption, the content gets transmitted as readable text, which gives a threat actor all the insight they need to steal personal information. Don’t hit that “send” button just yet until you’ve watched Andy’s insightful TED Talk.
Are you pricing your services correctly? Take the guesswork out of your pricing efforts by mastering behavioral economics with Maciej Kraus. Learn the importance of behavioral science and how it helps your prospects move forward in the buying funnel. Find out what a coffee chain has in common with your pricing models.
Rob May talks about how personal data is such a precious commodity and how companies invest in traditional security when the bigger risks are what he dubs the human firewall. Rob talks about unsecured Wi-FI connections while waiting for your latte at Starbucks which could lead to potential man-in-the-middle attacks and data exfiltration.
Rob also talks about phishing and how easy it is to fall into that trap – a great use case to implement phishing simulations in your organization.
Dr. Fred Cate will make you rethink what you know about data privacy and data collection. You’ll discover why data privacy is essential, not only for staying compliant with various regulations but also for safeguarding your customers’ identities and sensitive information. A very interesting talk all around.
You can’t grow a successful MSP business without visitors coming to your website. Having visibility in Google’s search results can give you a competitive edge in the market. Just how much? Ira Bowman mentions the fact that Google owns 92-94% of search engine traffic.
As an MSP, if your site isn’t on the first page, you’re missing out on the majority of potential clicks which ultimately translates to lost revenue. Ira will fill you in on all the SEO details to gain more search visibility and how to run campaigns that convert.
Decision-making doesn’t have to be complex, especially when you start thinking like a computer. Take a neural journey with cognitive scientist Tom Griffiths on how you can apply the logic of computers to decipher basic setbacks and accelerate business goals with little to no friction.
Stay inspired by following Guardz to learn more about the latest MSP findings and research to transform your business.
About Guardz Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
BRATISLAVA — January 31, 2025 — ESET, a global leader in cybersecurity solutions, is proud to announce that ESET HOME Security Essential has been named AV-Comparatives’ Product of the Year for 2024. This prestigious award recognizes ESET HOME Security Essential for Windows for its outstanding performance and reliability in protecting consumers against a wide range of cyber threats.
In 2024, AV-Comparatives subjected 16 consumer security products for Windows to rigorous testing, evaluating their ability to protect against real-world Internet threats, identify recent malicious programs, defend against advanced targeted attacks, and provide protection without slowing down the PC. ESET HOME Security Essential emerged as the top performer, receiving the highest Advanced+ Award in all seven tests conducted throughout the year.
As stated in the AV-Comparatives´ Summary Report 2024, “Reviewers were impressed by the clean, intuitive user interface designed for non-expert users, as well as the extensive customization and scan options available for power users.”
Although the majority of vendors make auto-renewal mandatory, the report points out that, most commendably, ESET is among those vendors who do not impose auto-renewal on users. The report further highlights ESET HOME Security Essential as a well-designed and easy-to-use security product that provides safe default settings and essential features easily accessible to all users.
Andreas Clementi, founder and CEO of AV-Comparatives, commented on ESET’s recognition: “ESET’s performance throughout our 2024 tests has been consistently strong, earning high ratings across multiple categories. The awards reflect the product’s reliability in malware protection, usability, and system performance. ESET HOME Security Essential demonstrated a well-balanced approach, providing effective security without imposing a significant burden on the system, which many users will appreciate.”
“We are honored to be recognized as AV-Comparatives’ Product of the Year for 2024. This award is a testament to our commitment to providing high-performance, technologically advanced security solutions that protect digital lives of our customers without compromising their device performance. We will continue to innovate and enhance our products to address real-life cybersecurity and privacy needs of our users, so they can enjoy the full potential of themselves and their technology in a secure digital world,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET.
ESET HOME Security for Windows is designed to offer high-performance protection with low system impact, utilizing multilayered technologies that go beyond basic antivirus capabilities.
Discover more about ESET HOME Security solutions here.
About ESET For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
The biggest obstacles to a swift data migration hide in plain sight. Large users and unique data structures can cause trouble for the migration process if you haven’t factored them into your strategy.
Here, we explore why large users and unique data structures influence migrations, and what you can do to mitigate the risks and keep business running smoothly.
Why do large users impact the data migration process?
Large users have high item count, big file size, or a combination of the two. How these item counts and file sizes interact with destination API restrictions and quota limits is what makes them hard to migrate.
During a migration, data is moved from the source to the destination platform. It’s encrypted in transit and at rest to ensure the data is secure throughout the process. The larger the file, the longer it takes to migrate. And API restrictions limit the size of the file you can download.
Quota limits applied by cloud providers can slow down your migration
Cloud providers also limit how many items can be migrated. This could mean two users with the same amount of data could migrate at different speeds – if one has a higher file count than the other. User A – with 10GB spread across 50 items – migrates faster than user B – who has 10GB and 100 items.
Both Google Cloud Platform and Microsoft Azure have quota limits for how much data can be migrated at a time, and restrictions on how many API calls you can make. A user with many small files can take longer to migrate than a user with fewer, larger files.
It may be necessary to upgrade your tech
Your resource limitations, such as the number and specification of servers, also influence data migration project timelines. Those working to a hard deadline might choose to invest in more or better servers – but this isn’t always an option.
What are unique data structures and how do they impact migration timelines?
When it comes to unique data structures, you’re looking for file types (MIME types) such as folders, movies, and high-resolution images. Large files that hold up migrations.
A large user with a unique data structure could consist of a high number of images and movie files in high resolution. This combines big data size and item count, making for a very different migration compared to a company with lots of smaller data files like text documents and emails.
Some companies have a low number of huge files, which also creates complexity. This causes bottlenecks when you have the resources to migrate items quickly, but your target environment has an upload limit. You could max out Google’s 750GB a day upload limit with a few files, in a few hours.
How to deal with large users
You can’t avoid large users – sooner or later you need to get them across to your target system. But what can you do to control their impact on the data migration process?
Quantify them. How many large users do you have, and how much data do they have? Migration tools can give you an accurate view of item count.
Encourage large users to tidy up their files ahead of migration. Delete obsolete data to avoid hampering the migration process with old files.
Plan your migration with large users in mind. Can you structure your data migration process so that recent files are migrated first? This way, you can get into the target destination quickly and migrate legacy data later.
Opt not to migrate permissions on files. Migrate files minus the permissions if your priority is getting data into the target destination, fast.
Use CloudM’s environment and readiness scans to identify potential roadblocks
Modern migration tools can also help you deal with large users. Take CloudM environment scan, which gives you an item count, shared folder count, and other data points you can use to scope out the migration and estimate a timeline.
Secondly, the CloudM readiness scan checks over source and destination compatibility and connection, flagging limitations and revealing environmental complexities. You can use this scan as a last-minute safety check when you’re ready to migrate. For hard deadlines – such as mergers and acquisitions – using a migration service ensures a frictionless, managed process.
CloudM can help you tame the biggest data behemoth
The right tools can help you avoid disruption and maintain business continuity throughout the data migration process. For those keen to tackle the migration themselves, CloudM’s consulting services give you tailored training and advice.
For a fully managed project, our white-glove migration services ensure the process is handled with care and expertise. We’ve worked with large users, complex data structures, and huge data volumes. We can get you from source to target destination swiftly.
In Google Calendar, attachments are a link to a Drive item. We will back up the item if the user’s Drive is also being backed up and restore the meeting with the link included. The Drive file itself can be backed up separately if required.
These will be backed up as event attendees. Handling of edge cases, such as when a user tries to restore an event and the resource has since become occupied, will be handled by your Workspace administrator.
Please check our knowledge base for detailed information on how to restore a
backup of Google Calendar.
About CloudM CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.
Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.
By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.
With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Many people feel tingled while buying a new Mac or using it for the first time. Its sleek design and seamless performance make it feel invincible. Macs can even be considered superhero devices, but even superheroes have their weaknesses, right? And your Mac? Well, it’s no exception.
Yes, Macs have a reputation for being secure—almost like the Fort Knox of computers. But before you pat yourself on the back for choosing “the safer option”, let me throw a curveball: They’re not bulletproof. In fact, that “Macs don’t get hacked” myth is as outdated as a floppy disk.
Mac Endpoint Security
Think about it—cybercriminals aren’t sitting around ignoring one of the most popular ecosystems in the world. They’re targeting it. And with the rise of sophisticated malware and security threats, Macs are no longer immune. This is where endpoint security steps in.
So, why does your beloved Mac need Mac endpoint security? Let’s break it down.
The Mac myth: Where it all started
For years, Apple marketed its devices as more secure than the rest. The narrative was simple: “Get a Mac, forget about viruses.” To be fair, this wasn’t entirely wrong back in the day. MacOS had built-in defenses like Gatekeeper, XProtect, and Sandboxing, making them less susceptible to threats than Windows.
But here’s the kicker—cybercriminals evolve. And with the increasing popularity of Macs, they’ve become a lucrative target. In fact, Macs might have a lower malware infection rate than Windows but according to a report, malware made up 11% of all threat detections on Macs in 2023.[1] While it’s still a smaller fraction compared to the threats faced by Windows environments, it’s not something to shrug off.
You can’t rely solely on built-in tools. It’s like using a lock on your door but leaving your windows wide open.
Threats targeting Macs
Macs, once considered impervious to most security threats, are now increasingly targeted by a distinct set of sophisticated attacks. Here are some of the most prevalent threats:
Ransomware: The belief that ransomware won’t affect Macs is a misconception. Incidents like the KeRanger attack demonstrate that Macs are firmly on the radar of cybercriminals.
Adware and spyware: The presence of unexpected pop-ups or unfamiliar applications often indicates adware infiltrating your system. These malicious programs are designed to collect your data discreetly and are becoming alarmingly common.
Phishing attacks: Macs are not immune to phishing campaigns. Cybercriminals deploy fraudulent emails and websites that are equally effective in compromising macOS users.
Zero-day exploits: Perhaps the most concerning, these attacks target vulnerabilities that are unknown even to Apple, exploiting them before they can be patched.
Why built-in Mac security isn’t enough
Apple’s native security features, while effective to a degree, fall short in addressing the advanced threats. Here’s a closer look:
Gatekeeper: This feature acts as a gatekeeper for apps, blocking known malicious software. However, it struggles with newer, unidentified malware, leaving gaps in protection.
XProtect: Apple’s built-in malware scanner is a solid tool, but its effectiveness depends on timely updates. Unfortunately, these updates can lag behind rapidly evolving threats.
Sandboxing: While this isolates apps in controlled environments, it doesn’t shield users from phishing attempts or browser-based attacks, which often bypass these restrictions entirely.
The reality is that these tools are foundational but not comprehensive. Against the backdrop of rising threats, relying solely on built-in features is akin to patching a leaking dam with duct tape—it might hold for now, but it’s not a long-term solution.
Why an Endpoint security solution is a must-have for macOS
macOS endpoint security solutions provide protection that goes far beyond the core features of macOS, serving as a comprehensive shield against modern threats. Here’s why they are indispensable:
Real-time protection: Unlike built-in tools that rely on periodic updates, endpoint security solutions monitor your Mac constantly, detecting and neutralizing threats as they arise.
Advanced threat detection: Using artificial intelligence and machine learning, these solutions identify suspicious patterns, catching malware even before it is formally recognized.
Data encryption: For sensitive or confidential files, endpoint security ensures data is encrypted, safeguarding it against unauthorized access or breaches.
Remote management: Ideal for businesses, endpoint security allows IT admins to oversee and secure multiple Macs from a centralized dashboard, ensuring consistent protection across all devices.
So, what is endpoint security for Mac? It’s the ultimate defense layer that ensures your device remains secure, efficient, and protected in an increasingly dangerous digital environment.
Features to look for in an Endpoint security solution
If you’ve decided it’s time to fortify your Mac’s defenses, these are the key features to prioritize:
Comprehensive malware protection: Opt for solutions that address both known and emerging threats, including zero-day vulnerabilities.
Firewall integration: A robust firewall adds an extra layer of protection, preventing unauthorized access and securing your network.
Phishing prevention: An essential feature to shield against deceptive emails and websites that could compromise your data.
Device control: Control over connected peripherals and external storage ensures tighter security and minimizes risks.
User-friendly interface: A straightforward, intuitive design ensures that even non-technical users can navigate and manage the solution effectively.
Busting the “too expensive” myth
It’s a common question: “Macs are already pricey; why add the cost of endpoint security?”
Here’s the reality: the potential cost of not having endpoint security is far greater. Imagine losing access to critical work files, experiencing downtime, or having your personal information exposed and sold on the dark web. Recovering from a breach can involve significant financial loss, reputational damage, and countless hours of stress.
Investing in a reliable Mac endpoint protection solution is about safeguarding not just your device but your peace of mind. When compared to the potential fallout of a successful attack, the cost is a small price to pay for comprehensive protection.
Veltar: The essential protection your Mac deserves
Your Mac is a masterpiece of technology, but it’s not invincible. Cybercriminals are getting smarter, threats are growing, and the stakes are higher than ever.
Endpoint security is not just a fancy add-on, it ensures your Mac stays safe while maintaining its performance and user experience.
Whether you’re a casual user, a creative professional, or running a business, the question isn’t whether your Mac needs endpoint security—it’s which solution you should choose.
Scalefusion’s Veltar combines protection with seamless usability, offering features such as application control and storage device access control. These features are designed to provide comprehensive security for your Mac without compromising its performance, ensuring that your device remains protected and optimized for every task.
Stay smart. Stay secure. And let your Mac keep doing what it does best—without interruptions.
About Scalefusion Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
In this article, we walk through common scenarios that attribution-based attack surface management tools miss and demonstrate how you can use runZero’s new Inside-Out Attack Surface Management (IOASM) capabilities to close these gaps. IOASM helps you defend against opportunistic attacks by leveraging precise device fingerprinting to uncover exposures that are impossible to find through attribution alone.
The attribution challenge
Attackers are continuously scanning and prodding internet-facing systems, looking for easy wins. Although many campaigns start by knocking on your front door — testing assets clearly associated with your domain and IP space — attackers are just as likely to stumble upon an exposed system, compromise it, and only later realize it belongs to you. Opportunistic attacks drive an entire sub-category of the cyber-crime economy: initial access brokers. These criminal groups gain a foothold into your organization and then sell that access to other groups that steal data and attempt to extort money.
External attack surface management (EASM) tools (including runZero!) can reduce your risk by quickly flagging exposures before they can be exploited. You provide these tools with a list of domain names, IP addresses, autonomous system numbers (ASNs), and other identifiers, and the EASM attribution process will iterate on these “seeds” to identify internet-exposed assets. This process works great for well-known organizational resources, but often misses exposures where attribution is impossible using IP addresses and domain names alone.
Flipping the script with Inside-Out Attack Surface Management
This is where Inside-Out Attack Surface Management (IOASM) changes the game. While attribution-based EASM tools often struggle to identify exposures beyond their predefined “seeds,” IOASM flips the script by leveraging detailed knowledge of your internal assets to quickly and accurately identify external exposures, no matter where they are.
Instead of starting with known IPs or domains, the runZero Platform builds device fingerprints from attributes it gathers through external and internal active and passive discovery, as well as integrations with systems like cloud provider APIs and vulnerability scanners. This fingerprinting process captures details such as TLS certificates, SSH host keys, and SNMP metadata, in addition to other system-specific attributes, which tend to remain consistent even when a device changes IP addresses, network segments, or is redeployed from an image. By beginning with an internal baseline of these fingerprints, runZero can pinpoint each device’s unique identity deep within the environment, and then correlate those same devices against information collected externally.
If an asset that was once detected in an isolated subnet suddenly appears on the internet — or if a device spins up in a public cloud and shares the same cryptographic fingerprint as one on-prem — runZero recognizes that it’s the same underlying system. This is why inside-out discovery is so effective: rather than relying on traditional attribution methods like IP ranges or domain registries, runZero focuses on inherent device characteristics.
Once a device’s fingerprint is known, any reappearance gets flagged — be it behind corporate firewalls or exposed on a public IP. This allows security teams to see connections and gaps that external-only scans would miss. Through this inside-out lens, organizations can uncover at-risk assets faster and more accurately, significantly reducing blind spots that attackers often exploit.
To demonstrate, the scenarios outlined below highlight why attribution-based external attack surface management tools struggle with certain types of exposures and how IOASM can help you find the blind spots.
Common scenarios missed by attribution-based EASM
1. The Legacy VPN
A global manufacturer migrated from per-site VPN gateways to zero-trust network access (ZTNA) using endpoint agents. After the migration was complete, the per-site VPN gateways were decommissioned. Unfortunately, the VPN gateway at a small branch office was never turned off. Months later, this gateway was compromised through a zero-day vulnerability in the SSL VPN function, allowing attackers to gain access to the corporate network. Worse, cached credentials dumped from the compromised gateway enabled further ingress into the network.
Why was this missed?
After migrating to ZTNA, the DNS records for the VPN gateways were removed. For small offices, the VPN gateways were connected through business broadband connections, and those IPs were not recorded in the organization’s inventory or part of their EASM configuration.
How did runZero help?
A comprehensive internal discovery scan identified the legacy VPN gateway, leveraging runZero’s advanced device fingerprinting to ensure no assets were overlooked. The runZero Platform’s ability to perform regular, automated scans ensures that similar devices are identified promptly, even if they are misconfigured or hidden in unexpected network segments. Once the gateway was flagged, an alert was configured to notify the security team if any similar devices appeared on the network in the future.
2. The Mobile Broadband Leak
A large financial organization issued laptops to their senior staff, each equipped with built-in mobile broadband cards (cellular modems). The intent was to ensure their team could stay connected even during transit, without relying on public WiFi. These Windows laptops were continuously connected to the mobile network and roamed between cellular providers, even while simultaneously connected to the corporate network through WiFi and wired Ethernet. Depending on which cellular provider was in use, these laptops would sometimes receive public IPv4 and IPv6 addresses, yet the firewall was not configured to block inbound connections. As a result, some portion of the senior staff’s laptops were directly exposed to the internet on semi-random IP addresses. This, in turn, exposed the Remote Desktop and the SMB (CIFS) services to internet attacks. Fortunately, one of these systems was identified in the public Shodan search portal based on the organization’s unique Active Directory domain, and the issue was resolved by deploying a group policy for Windows Firewall that always treated the mobile broadband connection as a public network.
Why was this missed?
Mobile broadband connections can vary dramatically by provider and location. Some providers place customers into private IP space, while others assign public IPs. In some cases private IPv4 addresses are assigned in addition to public IPv6 addresses. Attribution-based exposure management tools struggle to find these connections.
How did runZero help?
An internal scan identified the public IP addresses of these Windows laptops using a combination of unauthenticated NetBIOS (UDP) and DCEPRC (Oxid2Resolver), leveraging runZero’s advanced asset fingerprinting capabilities to detect and categorize devices accurately. The runZero Platform’s ability to conduct both internal and external scans ensured that no public IP addresses associated with these devices were overlooked, even as they roamed between cellular providers. A direct scan of these public IPs confirmed that the mobile broadband connections were exposing these machines directly to the internet, including the Remote Desktop and SMB services.
Additionally, runZero’s automated inventory and exposure tracking ensured that any newly exposed IP addresses were promptly identified. An alert rule was configured to notify the security team whenever a Windows machine on the internal network was detected with a public IP address, enabling real-time monitoring of at-risk devices. This proactive visibility not only mitigated the immediate risk but also provided actionable insights for implementing policies to prevent future exposures, such as refining firewall rules and deploying group policies for Windows Firewall.
3. The “Smart” IP Camera
A national construction firm needed to install a camera in the lobby of their headquarters. They chose an IP camera made by Hikvision, one of the most prolific manufacturers and a type of device that is commonly sold under different brand names. This camera was “smart”; it could detect people and faces and send an alert when particular behavior was observed, such as someone loitering in the lobby after hours. Unfortunately, this camera was too smart; the default configuration caused it to open a hole in the firewall using the UPnP protocol and automatically port-forward several services from the internet to the camera. These services included the video service (RTSP), the web server used for device administration, and a few proprietary Hikvision services.
Shortly after installation, the camera was compromised using an off-the-shelf exploit that enabled remote, unauthenticated command execution through the web service. The attacker gained complete access to the camera and leveraged the Linux operating system shell to explore the company’s internal network. The UPnP-enabled network gateway was an issue on its own, but the automatic port forwarding behavior of the camera escalated the situation into a full-blown crisis.
Why was it missed?
This is an example where EASM can help, but only if the issue was identified and mitigated quickly. EASM tools can be noisy, and investigating the results of new exposures can often take days or weeks to track down the appropriate owner.
How did runZero help?
An internal network scan combined with IOASM capabilities immediately flagged this system as being externally exposed and accurately matched the internal asset to its corresponding external exposure. runZero’s advanced fingerprinting techniques ensured that the match was precise, even for devices with dynamic configurations or those hidden behind network complexities. By leveraging a combination of passive and active discovery, the platform provided comprehensive visibility into both internal and external networks.
Once the exposure was identified, an alert rule was created to notify the security team of similar vulnerabilities in the future. Additionally, runZero’s integration capabilities allowed the organization to correlate this exposure with existing threat intelligence feeds, enabling the team to assess whether the exposed device had been targeted or exploited. This integration also streamlined remediation efforts by generating actionable insights, such as misconfiguration details and recommended mitigation steps.
4. The Developer Tunnel
A global retailer was developing a new version of their online storefront. This work was being coordinated across multiple groups worldwide, including several external contractors. A standard test environment was configured in the cloud, but deployments were taking too long. As a result, the development team began using “tunnel” software, such as Cloudflare Tunnel and ngrok.io, to share their work-in-progress from their developer machines with the wider group.
An attacker stumbled over one of these tunnels and identified a development console in the application that exposed all environment variables. These environment variables contained a wide range of credentials, including access keys to the production cloud account. Fortunately, rather than backdooring the application or stealing data, the attacker instead launched mining bots for cryptocurrency. The organization noticed the resulting cost spike, traced the leaked credential to the developer workstation, and implemented a policy prohibiting the use of tunnels going forward.
Why was it missed?
The internet-side of the tunnel can pop out almost anywhere, including common providers like Cloudflare and ngrok, as well as on virtual machines hosted by cloud providers like Digital Ocean and Linode. These endpoints have no known relationship to the organization’s domain or registered IP ranges, making them difficult to detect with attribution-based tools.
How did runZero help?
This is another example of how IOASM was able to match the internal fingerprint of the web server to an externally exposed service on a tunnel provider. By leveraging advanced fingerprinting, runZero ensured the match was precise, even for services hosted in dynamic or ephemeral environments like those created by tunnel software. This capability provided visibility into hidden or misconfigured exposures that traditional attribution-based methods would likely miss.
After identifying the exposure, an alert rule was configured to notify the security team of any similar issues in the future. Additionally, runZero’s ability to integrate with SIEMs and other security tools allowed the team to automate follow-up actions, such as blocking traffic to unapproved tunnel providers or initiating incident response workflows. The runZero Platform’s continuous monitoring ensures that new tunnels or services appearing in the environment are flagged immediately, reducing detection and response times.
Minimal noise and no real false positives
An important point to note is that IOASM uses detailed fingerprints and a set of layered heuristics to determine if a match between an internal and external asset represents an exposure. This process isn’t perfect, but even in cases where a match doesn’t indicate a true exposure, it still highlights a risk. For example, if the same TLS certificate is found on an internal storage device and also observed on the internet, it could either mean this is the same device or that the device is using a hardcoded TLS key. runZero’s heuristics automatically report duplicated and widely shared keys.
In addition to reporting shared keys, runZero also assigns varying severity levels based on the confidence of the match. For instance, if an internal web server is using a TLS certificate observed on the internet, and that certificate is signed by a valid authority, this is likely either the internal side of an internet-facing web server cluster or a case where the public TLS certificate is also used on internal systems. runZero will report this as a low-risk exposure. Conversely, if the match involves a Remote Desktop service or a SSH host key that is not widely shared, this is almost certainly a critical issue requiring immediate action, and the exposure is reported as high risk.
From theoretical to operational
While it’s easy for us to describe how runZero can detect these threats, it’s even better to show you how to do it in your own instance. The good news is that Inside-Out exposure detection is enabled by default for all runZero customers.
To get started, navigate to the Inventory -> Vulnerabilities section and search for the word “Exposure”. Any internal assets that runZero was able to identify externally, regardless of IP address or location, will be flagged with a vulnerability record based on the type of exposure.
The three exposure detection methods available today are:
TLS Certificate
SSH Hostkey
MAC Address
Here’s an example of an exposure that was identified by matching a TLS public key:
Clicking on the name of the vulnerability will open the details page. This page also provides a list of the public endpoints where this internal system was observed:
About runZero runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
