Skip to content

Introducing Shared iPad management with Scalefusion: Seamless multi-user device management

As enterprises scale, we recognize the growing investment required to deploy and manage individual devices for every user. IT teams need solutions that maximize hardware utilization while ensuring security, performance, and a seamless user experience.

At Scalefusion, we have long been committed to simplifying shared device management for our customers. After enabling seamless multi-user experiences on Android, we are now bringing the same efficiency to Apple’s Shared iPads.

Shared iPad management

Shared iPads empower organizations to reduce infrastructure costs while allowing multiple users to securely access a single device. IT teams can assign user policies, optimize storage, and deploy configurations effortlessly, all without increasing hardware overhead. 

Integrated with Apple Business Manager (ABM) and Apple School Manager (ASM), this solution ensures streamlined deployment across industries, including education, enterprise, healthcare, retail, and more.

Simplifying Shared iPad Management with Scalefusion

IT teams can effortlessly configure, deploy, and manage shared iPads directly from the Scalefusion dashboard.

Key highlights include:

  • Multi-user support: Enable multiple users to securely log in with Managed Apple IDs, ensuring a customized workspace for each session.
  • Enterprise-grade security: Maintain strict data separation, ensuring each user’s files and apps remain private and inaccessible to others.
  • Policy-driven management: Define user-specific restrictions, configurations, and access policies for a controlled and compliant environment.
  • Seamless session management: Users can log in and out effortlessly while IT teams retain complete control over device settings.
  • Optimized resource utilization: Reduce hardware costs by maximizing device sharing without performance bottlenecks.

With Shared iPads for businesses, organizations can streamline IT management, lower costs, and enhance collaboration without compromising security or efficiency.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

How to find DrayTek Vigor routers

Latest DrayTek Vigor router vulnerability #

previously disclosed vulnerability (CVE-2024-12987), has recently been confirmed to be under active exploitation in the wild.

This vulnerability, with a CVSS score of 7.5 (high), would allow a remote, unauthenticated attacker to inject arbitrary commands to be run on the underlying operating system of DrayTek Vigor2960 and Vigor300B routers.

This vulnerability has been designated CVE-2025-2567 and has been assigned a CVSS score of 9.8 (critical).

What is the impact? #

Successful exploitation of this vulnerability would allow an attacker to execute arbitrary commands on vulnerable routers, allowing them to take complete control of affected devices.

Are any updates or workarounds available? #

DrayTek has released an updated version of the affected firmware, and advises all users to upgrade immediately.

How do I find vulnerable DrayTek Vigor routers with runZero? #

From the Asset Inventory, use the following query to locate vulnerable DrayTek Vigor assets:

(hw:"DrayTek Vigor2960" OR hw:"DrayTek Vigor300b" OR hw:"DrayTek Vigor 2960" OR hw:"DrayTek Vigor 300b") AND osversion:<"1.5.1.5"

Previous DrayTek Vigor router vulnerability (CVE-2022-32548) #

The Trellix Threat Labs Vulnerability Research team recently published vulnerability details affecting almost 30 models of DrayTek Vigor routers. This vulnerability resides in the management interface login page and is trivial to exploit via buffer overflow. An unauthenticated attacker can easily gain control over vulnerable Vigor devices, doing so remotely if the management interface is exposed to the Internet.

What is the impact? #

Tracked as CVE-2022-32548 with a CVSS “critical” maximum score of 10, successful attackers can potentially leverage device control to execute code, establish a foothold on the network for further exploration, exfiltrate sensitive data, add the device to a botnet, and more. Trellix researchers found over 200k vulnerable Vigor devices with management interfaces exposed to the Internet, putting them at risk of remote exploitation. Even with external access to the management interface disabled, vulnerable devices are still susceptible to exploitation via the local network.

Are updates available? #

DrayTek has provided patched firmware for affected Vigor devices. Admins should ensure that affected models are updated to the latest firmware version. The Trellix research team also provided additional mitigation recommendations, including disabling public-facing access to the management interface (see Recommendations).

How do I find DrayTek Vigor routers with runZero? #

From the Asset Inventory, use the following pre-built query to locate DrayTek Vigor assets that may need remediation:

hw:"DrayTek Vigor"
Prebuilt query is available in the Queries Library

As always, any prebuilt queries are available from our Queries Library. Check out the library for other useful inventory queries.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

What is mobile device management (MDM)?

First, what is master data management?

Mobile device management falls under master data management (also abbreviated MDM), the process of managing all critical data within the organization. Master data management doesn’t refer to specific software or hardware but rather the entire workflow required to securely handle data assets.

Master data management encompasses all departments working with customer details, product data, and other information deemed critical. The goal is to create one single source of truth, eliminating any fragmented, duplicated, outdated, or otherwise inaccurate information.

Mobile data management contributes to this by supporting the enforcement of privacy policies and compliance-ready data protection for hardware and software. It helps streamline risk management by ensuring each company-owned device follows the exact requirements and uses the same approved apps and tools. Administrators using MDM software can spot irregularities in employee activity more easily and quickly, leading to better response times in the case of an incident.

How does mobile device management work?

MDM security is a core part of the overall cybersecurity infrastructure, simplifying and centralizing processes that would otherwise create challenges for organizations. While it’s particularly beneficial for remote and hybrid teams, mobile device management is crucial for fully in-house organizations, too.

Mobile device management concerns all company-issued devices: desktop computers, laptops, tablets, and phones given to employees with remote access and management software installed. These software components are known as MDM solutions.

One app is rarely enough to cover the entire MDM infrastructure. Some programs are OS-dependent. For instance, Apple offers Apple Business Management (ABM) for its native device management. Others are developed by third-party service providers, granting more flexibility for organizations using a broader device range.

Mobile device management makes it easier for organizations to ensure employee devices are secure and their usage adheres to internal protocol. For instance, a managed device may contain software to connect to the company’s internal network, a remote access app that lets administrators access the device in case of technical issues, a password manager with set security policies, antivirus software, or encrypted file storage.

Using MDM solutions simplifies software updates, allowing administrators to ensure all apps and operating systems are up-to-date and secured from zero-day vulnerabilities. It supports device monitoring, making it easier to spot irregularities and suspicious activity. In case of a security incident, a compromised device can be remotely wiped and locked by the IT team to reduce the risk of data theft and damage.

Mobile device management is beneficial for onboarding and offboarding processes. New employees can receive their hardware with the necessary tools pre-installed and set according to company requirements, while leavers have their data easily wiped from the device, allowing it to be passed along to future employees or be adapted for further personal use.

 

BYOD and mobile device management

Using a company-issued device is not always mandated. For example, company phones may be limited depending on employee roles or the company’s budgetary requirements. Although computers provided by the employer are a common business practice, in some cases, like with fully remote teams, it may be logistically simpler to have the employee use their personal device for work. In such instances, companies practice BYOD, or “bring your own device.”

The problem with personal device use is the lack of security assurance. Unlike company-issued devices, BYOD practices don’t mandate MDM software to be installed. However, employees may opt for it for security reasons. Since the personal and work-related use overlap, employees may be reluctant to install remote access software to keep their private information protected.

This creates further security risks for employers and employees alike: if a company adheres to BYOD practices and the device in question is stolen, hacked, or otherwise compromised, the cybersecurity team can’t promptly respond to the threat. For instance, they can’t remotely shut off the device or delete its contents. Furthermore, they can’t guarantee that a malicious party won’t misuse work-related data stored on a personal device. Considering the liability involved, it’s strongly recommended for organizations to avoid BYOD practices and opt for company-issued device use instead.

MDM solutions: Are they worth it?

While the benefits of mobile device management are alluring, they can cause some challenges. Here’s what organizations need to know as they set up MDM solutions.

The pros

  • Increased security. Mobile device management offers stronger security for employees, particularly those working with sensitive data. Centralized control ensures all devices adhere to the same requirements and employees follow company policies.

  • Onboarding and offboarding. Upon joining a workplace with MDM solutions, employees receive devices that are already partially or fully prepared for their duties. Likewise, having access to tools like remote wiping ensures that leavers can’t take sensitive data with them when they part ways with the company.

  • Streamlined tech support. If an employee experiences any problems with their work-issued device, an administrator can assist them remotely using mobile device management software. It simplifies problem resolution and reduces some of the burden for the IT team.

  • Compliance. Centrally managed devices help ensure stronger compliance with data regulations. They help prevent data loss and fragmentation, and provide access to sensitive information that meets cybersecurity compliance standards.

  • App distribution. Organizations may allowlist or denylist select apps based on their data security standards, required permissions, developer reliability, and other criteria. With mobile device management, they can control which apps can be added to the device and which can only be accessed with administrators’ permission.

  • Cost savings. By using owned devices that can be passed along to new employees or retained when employees leave, companies can save on hardware and software expenses, utilize business and enterprise resources for security tools, and minimize breach risks thanks to centralized monitoring and management.

The cons

  • Initial costs. As a security system, MDM pays off over time. However, the initial setup can be costly: acquiring devices, purchasing licenses, and finding solutions with required scalability can be expensive and time-consuming.

  • Connectivity reliance. For mobile device management to work, monitored devices typically require an internet connection. That means if suspicious activity occurs while the device isn’t connected to a network, it may go unseen by administrators.

  • Overmonitoring. Broad access to monitoring tools can sometimes sow mistrust in employees, leading to administrators and managers overextending their use to observe employee activity. This can pose the risk of observing sensitive information they otherwise would not have permission to access, and can deepen a lack of trust in a team.

  • Implementation complexity. The bigger the organization, the more complex its MDM system is. Once you start adding different devices and operational systems into the mix—make that Windows, Linux, macOS, iOS, Android, or any other options—you need tools that cover it all. Some MDM solutions may only be available for certain operating systems, while others may not cover all your bases.

  • Forced updates. If the IT admins determine which software can be installed on a managed device, they also maintain the responsibility for updates. To ensure the entire network remains secure, the IT team may force-update all computers at the same scheduled time, leading to frustration from employees whose workflow is interrupted and who may max out the allowed update deferrals.

  • Lack of BYOD coverage. If employees use personal devices for work, it’s unlikely that IT administrators will be able to install MDM solutions on them. This makes BYOD devices more susceptible to insecure data management practices and lack of compliance, and blurs the line between personal and work-related device usage.

No MDM solution is likely to be 100% perfect and cater to every business need. The goal is to develop a system that covers all essential bases and keeps both employees and the data they handle secure on their day-to-day. It can take some mixing and matching, testing, and replacing one service with another to find what works best for your business.

Keeping company-owned device data secure with NordPass

Mobile device management solutions can first appear as a complex, expensive maze that encompasses tens or even hundreds of devices, all set to protect your organization’s most sensitive data. However, it doesn’t all have to be so complicated. You can get some of your key security aspects covered with just one tool that’s both budget-friendly and easy to manage.

NordPass is a password manager for businesses that supports flexible security. NordPass allows your organization members to create and store passwords, passkeys, one-time authentication codes, payment details, and other sensitive information in an encrypted vault.

Granular policy controls help ensure strong password policies, secure device usage, additional safety via multi-factor authentication, and external sharing practices. You can adjust required policies to apply to the whole organization, specific teams, or individual employees.

NordPass’ XChaCha20 encryption and zero-knowledge architecture maintain a high level of security and allow credentials to be shared among employees without exposing them to external parties. Employees can limit access to shared credentials to be only autofillable, shareable, or editable, while admins can transfer ownership rights for simplified onboarding and offboarding.

NordPass is available as an extension on all major browsers, Windows, macOS, iOS, and Android devices, making it a flexible option for mobile device management across your organization, whether you’re a small business or an enterprise. All data is backed up and synchronized automatically, ensuring credentials are up-to-date whenever you need them.

Make password management the easiest part of your multi-device management system. Try NordPass today and upgrade the centralized device security standard in your organization.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

SealPath | Protect CAD Designs From Exfiltration with Purview

Portnox Cloud Recognized for Exceptional Innovation.

 

AUSTIN, TX – May 6, 2025 – Portnox announces that TMC has awarded Portnox Cloud a 2025 Product of the Year Award, presented by Cloud Computing Magazine. The Cloud Computing Product of the Year Awards honor vendors with the most innovative, useful, and beneficial cloud products and services available to deploy within the past year.

Network access control (NAC) and endpoint security solutions often receive mixed reviews due to their challenging deployment, management complexity, and high costs. However, Portnox Cloud stands out by offering an affordable, unified access control (UAC) solution that addresses these concerns. As a fully cloud-native platform, Portnox Cloud is designed to simplify security management while reducing costs and complexity.

“Being recognized as a Cloud Computing Product of the Year winner underscores the power and value of our cloud-native approach to access control,” said Denny LeCompte, CEO of Portnox. “Portnox Cloud was built from the ground up in the cloud to provide unparalleled ease of deployment, management, and scalability. This award fuels our passion to continue pushing the boundaries of what’s possible in unified access control.”

“Congratulations to Portnox on earning a Cloud Computing Product of the Year Award,” said Rich Tehrani, CEO of TMC. “Portnox Cloud stands out as a truly innovative solution helping to drive meaningful transformation. As the cloud landscape advances and unlocks new possibilities, we’re excited to watch their continued growth and impact.”

Read the full announcement of 2025 Cloud Computing Product of the Year Award winners here.

 

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Windows Monitoring with Sysmon: Practical Guide and Configuration

One might think that, considering how effective some companies are at logging everything we do to serve us ads, they’d at least apply that to help us understand what’s happening on our systems and monitor their performance and security. But in the case of Windows, traditional logs fall short — and that’s where the importance of Sysmon comes in.
Sysmon is a Windows service that logs operating system activity into the event log. However, it’s not installed by default, so you’ll need to download it from here.
Once installed, Sysmon logs are significantly more advanced and comprehensive than the default Windows Event Log, which is critical for ensuring the security of your systems.
That’s why we’re taking a deep dive into Sysmon.

How to Install Sysmon

Sysmon isn’t installed like a common Windows program, and here are the steps to do it without running into weird errors:

  • Run PowerShell as Administrator.
  • Use the command line to navigate to the location where you retrieved the previously linked Sysmon file.
  • Then run: .\Sysmon64.exe -i -accepteula
  • You’ll see some installation messages, and just like that, Sysmon will be up and running.

Sysmon Log Location and Management

So, how can we view Sysmon logs? Microsoft enjoys hiding things from us, but it’s “easy”:

  • Press the Windows key and search for Event Viewer, then open it.
  • You’ll see several folders — go to: Applications and Services Logs.
  • Open the Microsoft folder, then the Windows folder.
  • In the central panel, scroll down until you find Sysmon, then click on it. You’ll see a log named Operational, which you may manage using the options on the right-hand side. Click to open it.
  • Everything that’s happening is recorded there, and you can select events, copy them, save them, etc.

Why Sysmon Logs Are Essential for a SIEM

With Sysmon’s detailed logging, our SIEM— such as Pandora SIEM — can analyze and correlate those records, detecting and alerting the SOC about threats that would otherwise go unnoticed with basic logs..

For example, a process hollowing attack — where a malicious actor creates a “legitimate” process like svchost.exe, but injects it with malicious code — would likely slip past default event logs, assuming they haven’t been disabled altogether.
But thanks to Sysmon, our SIEM can detect and raise alerts for this and other techniques by analyzing its logs. That’s why in today’s security landscape, Sysmon is essential if you’re managing Windows systems and dealing with threats more advanced than a basic DDoS attack.

Events Logged by Sysmon

With Sysmon, we go from logging almost nothing to logging nearly everything. The service assigns an Event ID number to each type of activity it monitors, and these are the events it records:

  • 1: Process creation.
  • 2: A process changed the creation time of a file.
  • 3: Network connection.
  • 4: Sysmon service state changed.
  • 5: Process terminated.
  • 6: Driver loaded.
  • 7: Image loaded.
  • 8: CreateRemoteThread.
  • 9: RawAccessRead.
  • 10: ProcessAccess.
  • 11: FileCreate.
  • 12: RegistryEvent (object creation and deletion).
  • 13: RegistryEvent (value sets).
  • 14: RegistryEvent (key and value names).
  • 15: FileCreateStreamHash.
  • 16: ServiceConfigurationChange.
  • 17: PipeEvent (pipe created).
  • 18: PipeEvent (pipe connected).
  • 19: WmiEvent (WmiEventFilter activity detected).
  • 20: WmiEvent (WmiEventConsumer activity detected).
  • 21: WmiEvent (WmiEventConsumerToFilter activity detected).
  • 22: DNSEvent (DNS query).
  • 23: FileDelete (archived file deletion).
  • 24: ClipboardChange (new clipboard content).
  • 25: ProcessTampering (image change in a process).
  • 26: FileDeleteDetected (logged file deletion).
  • 27: FileBlockExecutable.
  • 28: FileBlockShredding.
  • 29: FileExecutableDetected.
  • 255: Error — reserved for when Sysmon fails to complete a task or encounters other issues.

As you can see, it logs everything from file creation and modification, to clipboard activity and network requests. With this granular logging, we can correlate events that may appear harmless on their own but together may be the signs of a sophisticated attack.

Sysmon Log Lifecycle

To manage logs efficiently, we need to define what happens at each stage of their lifecycle.
Sysmon begins recording events in real time based on the configuration defined in an XML file.
By default, it uses a generic configuration to start logging, but the real power—and what any SOC truly cares about—is customizing that XML to suit the organization’s needs security policies risk management approach, and infrastructure (such as the SIEM being used).
This allows us to configure Sysmon to ignore irrelevant “noise” and focus only on what matters.
Once event logging begins, entries are stored until the log reaches its maximum defined size, which can be adjusted through the Event Viewer.
To configure this, navigate again to Operational, right-click it, select Properties, and there you can define:

  • Maximum log size.
  • What happens when the limit is reached: Overwrite events starting with the oldest, archive the log so it won’t be overwritten, or choose not to overwrite at all (because you’ll manually clear the logs—something you probably promise to do and never will).

These logs reach their full potential when analyzed by a SIEM, Manually going through every Sysmon line for clues might build character—but also eye strain—and is much slower and more error-prone than letting a SIEM handle it, implying a high risk of overlooking issues such as malware.
For example, Pandora SIEM’s agent collects these logs and sends them to a centralized server for analysis and correlation alongside other logs—without burning through your eyelashes. This allows you to detect real-time threats that might be buried within endless log lines, and correlate them with other activity across the network, even from non-Windows machines.
Even better: if the Windows endpoint is compromised beyond recovery, you’ll still have a centralized copy of the log in your SIEM, which is vital for forensic analysis to understand what caused the catastrophic failure.
And what happens to the logs once they’ve been analyzed?
That depends on finding the right balance between smart archiving and deletion, and meeting both forensic investigation needs and regulatory compliance regarding long-term log retention.

How Eventlog Analyzer Processes Sysmon Logs

A Sysmon log captures a vast amount of information, but what we truly need is actionable insight for our defense strategies. To achieve this, various tools can leverage Sysmon logs to detect malicious patterns and alert us accordingly.
Eventlog Analyzer, a tool by ManageEngine, includes powerful log analysis capabilities—not just for Sysmon, but also for routers, IDS systems, and more.
It normalizes, correlates, and presents the most relevant data visually through dashboards and alerts.
This simplifies threat detection, forensic investigations during security breaches, and ensures compliance with regulatory requirements.

Monitoring Sysmon with Pandora FMS and Pandora SIEM

Pandora SIEM also enables centralized and advanced analysis of Sysmon logs (as well as logs from other areas of your IT infrastructure) via the Log Collector. It then transforms that information into actionable insights and quickly detects threats, It doesn’t matter if you’re running both Windows and Linux machines, and Sysmon data needs to work in harmony with Syslog or Auditd—everything gets integrated and analyzed together.
One of Pandora’s strongest features is its adaptability— you can fully tailor the tool to match your workflows, organization structure, and specific needs.
Similarly, Pandora dashboards can be configured to display exactly what matters to you—such as listing Sysmon events sorted by severity —and alert you only when needed, filtering out the noise.
It also provides advanced reporting and search capabilities, going far beyond the features offered by many other tools.
Pandora is a comprehensive solution—think of it as the Enterprise’s central computer—designed to monitor and manage diverse systems so they run in sync. Its SIEM is synonymous with top-tier security, but you can also incorporate remote monitoring, control, and ticketing into a single unified platform.
This prevents your stack from turning into a Frankenstein’s monster of stitched-together tools—something all too common in IT—which also brings the added headache of fragmented support, where each vendor blames “the other applications.”

How to Properly Configure Sysmon

With great power comes great responsibility… and complexity. That’s why anyone who needs to filter out “noise” and receive only critical information from Sysmon should use a custom XML configuration.
You can do this with the following command:

.\Sysmon64.exe -i -accepteula c:\micarpeta\mixmlpersonal.xml

But writing that XML from scratch can feel like one of Hercules’ labors—which is why Pandora provides a starter configuration file, which you can download here.
This file is based on best practices and specially adapted to help Pandora extract the key information necessary for effective protection. However, it should always be tailored to fit your environment.
The file comes well-commented (which makes working with it much easier) and includes some Pandora-specific rules, but you can and should customize it as needed.
Some key points in the XML you may want to adapt include:

  • Critical processes (search for
  • Ports commonly used by attackers (search for <destinationport…) —=”” keep=”” an=”” eye=”” on=”” suspicious=”” ports=”” like=”” 4444,=”” often=”” used=”” by=”” metasploit.<=”” li=””>
    </destinationport…)>
  • Registry modifications (search for <targetobject…).< li=””>
    </targetobject…).<>
  • Executables launched from suspicious locations, like /temp or the Recycle Bin.

Becoming familiar with the XML format, its structure, and the meaning of each field is one of the best skills you can develop for protecting Windows systems.
This way, you can ensure that Sysmon’s potential doesn’t go to waste, quietly collecting gigabytes of dusty virtual logs.
As we’ve seen, if you manage Windows endpoints, Sysmon is essential—because while Microsoft might know everything about us, the default event logs leave us knowing little about Windows itself. That’s why you need to start logging with Sysmon—but don’t stop there.
Its massive logging capabilities are also its biggest challenge, which is why the best approach is to customize its XML and integrate it with a SIEM. The SIEM can then do the heavy lifting of detecting threats hidden among the thousands of log lines

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Nord Security

Keepit recognized for excellence at the Cloud Security Awards 2025

Keepit named “Best Security Solution for Data Management/Data Protection” for the second year in a row

Copenhagen, Denmark – May 8, 2025 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today announced its win at the Cloud Security Awards. Keepit secured the title of “Best Security Solution for Data Management / Data Protection” for the second year running, underscoring its position as a leader in cloud data protection. Keepit was also a finalist in the “Best SaaS Security Solution” category.

Headquartered in Copenhagen, Denmark, with offices in the US, Germany, France and the UK, Keepit provides leading data protection to over fifteen thousand companies across the globe.

“We’re proud to receive recognition for Keepit’s leading data protection platform. The continued move to store and secure data in the cloud has resulted in huge amounts of business-critical cloud data that is vulnerable to human error, ransomware attacks, or service provider downtime. Securing data in our vendor-independent cloud ensures uninterrupted access to your company’s most critical asset – data,” says Michele Hayes, CMO at Keepit.

Key benefits of the Keepit platform include:

  • Data protection for all major SaaS applications in a single platform, including Azure DevOps, Dynamics 365, Microsoft Entra ID, Google Workspace, Microsoft 365, Power Platform, Salesforce, and Zendesk.
  • Vendor-independent cloud: Keepit ensures backup data is stored separately from the production data, on its independent cloud, meaning data is always accessible even if a SaaS vendor has downtime.
  • Data sovereignty: with seven isolated data center regions, Keepit’s customers can always be 100% certain that they can customize their backups to comply with local regulatory requirements.
  • Instant recovery: fast, easy, and granular search and restore features means data can be located, previewed, and retrieved with just a few clicks.
  • Certified, cloud-native design: Keepit is ISO/IEC 27001:2013 and ISAE 3402-II certified. Unique security and ransomware protection keeps data available and immutable by default.
  • Predictable costs: customers pay one flat fee per user which includes unlimited data storage, ingress/egress, and retention.
  • Simple and intuitive software: the simple interface and API-first architecture of the Keepit Platform requires no training, and can easily be integrated into existing systems, meaning customers can get up and running in minutes.

 

CEO of The Cloud Awards, James Williams, said: “We’re extremely proud to reveal the winners of The 2025 Security Awards. Cybersecurity is becoming more and more prevalent within the consciousness of people everywhere, not just within businesses. These awards provide a platform for those organizations that help keep our data safe and secure to celebrate their outstanding work.

 

Keepit has proven to amongst the very best in the industry at what they do – impressing our judging panel throughout the awards program with their ingenuity, and dedication to great security practice. We offer them huge congratulations on their deserved victory in what was a tightly-contested program. We look forward to seeing how they build on this success in the months and years to come.”

 

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.