Skip to content

Graylog Achieves ‘Leader’ and ‘Outperformer’ Positioning in GigaOm’s 2025 SIEM Report

HOUSTON — August 1, 2025 — Graylog, the platform built for SIEM, API protection, and Centralized Log Management, today announced its recognition as a ‘Leader’ and ‘Outperformer’ in GigaOm’s 2025 Radar Report for Security Information and Event Management (SIEM).

Recognition Highlights from GigaOm

The Graylog Security platform, built on the robust Graylog foundation, was specifically recognized for several key differentiators that are critical for modern SOC teams:

  • Alarm Fidelity & Self-Tuning: Recognized for superior accuracy and the platform’s ability to optimize itself.
  • Data Analysis & Risk Scoring: Acknowledged for its advanced data analysis capabilities and effective risk scoring based on enriched data.
  • Anomaly Detection: Highlighted for its strong anomaly detection modules that receive, normalize, and enrich log data.
  • Innovation & Evolution: Recognized for continuously evolving the platform, including the capability to filter incoming logs through streams and apply rules via pipelines.

“The SIEM market is evolving quickly as security teams face unprecedented data volumes, increasingly sophisticated threats, and complex compliance demands. Our Graylog Security platform stands out by delivering powerful analytics and streamlined workflows without the complexity and cost that have previously held the industry back. We are honored that GigaOm continues to recognize our ability to innovate.”

— Seth Goldhammer, VP of Product Management at Graylog

The Core Value Proposition

Graylog is committed to providing high-impact tools that directly address the real challenges faced by today’s lean security teams. The platform ensures that analysts get the speed, clarity, and confidence needed to detect and respond to threats before they escalate.

Read the Full GigaOm Radar Report

About Graylog
At Graylog, our vision is a secure digital world where organizations of all sizes can effectively guard against cyber threats. We’re committed to turning this vision into reality by providing Threat Detection & Response that sets the standard for excellence. Our cloud-native architecture delivers SIEM, API Security, and Enterprise Log Management solutions that are not just efficient and effective—whether hosted by us, on-premises, or in your cloud—but also deliver a fantastic Analyst Experience at the lowest total cost of ownership. We aim to equip security analysts with the best tools for the job, empowering every organization to stand resilient in the ever-evolving cybersecurity landscape.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

How to find Cisco Identity Services Engine (ISE) installations

Latest Cisco Identity Services Engine (ISE) & Cisco ISE Passive Identity Connector (ISE-PIC) vulnerabilities #

Three vulnerabilities have been disclosed in certain versions of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote adversary to issue execute commands on the underlying operating system as the root user. There is evidence that this vulnerability is being actively exploited in the wild.

  • Cisco ISE and Cisco ISE-PIC are at risk of an insufficient validation of user-supplied input vulnerability in a specific API. This could allow an unauthenticated, remote adversary to execute arbitrary code on the underlying operating system as the root user via a specially crafted API request. Successful exploitation could allow the adversary to obtain root privileges on an affected device. The adversary does not require any valid credentials to be able to exploit the vulnerability. This vulnerability has been designated CVE-2025-20281 and has been rated critical with a CVSS score of 9.8.
  • Cisco ISE and Cisco ISE-PIC are at risk of an improper privilege management vulnerability in an internal API due to a lack of file validation checks to prevent uploaded files from being stored in privileged directories on an affected system. This could allow an unauthenticated, remote adversary to upload arbitrary files to an affected device and then execute those files on the underlying operating system as the root user. Successful exploitation could allow the adversary to store malicious files on an affected system and then execute arbitrary code or obtain root privileges on an affected device. This vulnerability has been designated CVE-2025-20282 and has been rated critical with a CVSS score of 10.0
  • Cisco ISE and Cisco ISE-PIC are at risk of an insufficient validation of user-supplied input vulnerability in a specific API. This could allow an unauthenticated, remote adversary to execute arbitrary code on the underlying operating system as the root user via a specially crafted API request. Successful exploitation could allow the adversary to obtain root privileges on an affected device. The adversary does not require any valid credentials to be able to exploit the vulnerability. This vulnerability has been designated CVE-2025-20337 and has been rated critical with a CVSS score of 10.0.

The following versions are affected

  • Cisco ISE or ISE-PIC release 3.3 prior to version 3.3 Patch 7
  • Cisco ISE or ISE-PIC release 3.4 prior to version 3.4 Patch 2

What is the impact? #

Successful exploitation of this vulnerability by an attacker would allow credentials extracted from a Cisco ISE instance to be used on others from the same release on the same cloud platform. This could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations or disrupt services within the impacted systems.

Are any updates or workarounds available? #

Cisco has released updates in the form of patches for releases 3.3 and 3.4. Users should update to the latest version of the affected software.

  • Cisco ISE or ISE-PIC release 3.3 to version 3.3 Patch 7 and later releases
  • Cisco ISE or ISE-PIC release 3.4 to version 3.4 Patch 2 and later releases

Since the initial (version 1.0) advisory publication, Cisco released an improved fix for release 3.3 and recommends upgrading as follows:

  • Release 3.3 Patch 6 should be up upgraded to Release 3.3 Patch 7
  • Hot patch ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz or ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz should be up upgraded to Release 3.3 Patch 7 or Release 3.4 Patch 2

How do I find Cisco ISE installations with runZero? #

From the Software Inventory, use the following query to locate potentially impacted installations:

vendor:="Cisco" AND product:="Identity Services Engine"

June 2024: CVE-2025-20286 #

vulnerability has been disclosed in certain cloud-deployed versions of Cisco Identity Services Engine (ISE) in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). The vulnerability exists due to improper credential generation in cloud platform deployments resulting in shared credentials across deployments based on release and cloud platform.

It is important to note that Cisco ISE is affected by this vulnerability when the Primary Administration node is deployed in the cloud. An on-premises Primary Administration node is not affected.

The following platforms and versions are affected

  • AWS Cisco ISE 3.1, 3.2, 3.3 and 3.4
  • Azure Cisco ISE 3.2, 3.3 and 3.4
  • OCI Cisco ISE 3.2, 3.3 and 3.4 

This vulnerability has been designated CVE-2025-20286 and has a CVSS score of 9.9 (critical).

What is the impact? #

Successful exploitation of this vulnerability by an attacker would allow credentials extracted from a Cisco ISE instance to be used on others from the same release on the same cloud platform. This could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations or disrupt services within the impacted systems.

 

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

RHEL 10 Overview: Features, Updates, and Derivatives Comparison

RHEL 10 was designed to address the most pressing challenges in modern IT infrastructure, positioning itself as the definitive operating system for organizations navigating digital transformation, hybrid cloud adoption, and increasingly complex security landscapes.

In this blog, we’ll explore the new features in RHEL 10 and explain how it compares to RHEL 9. We’ll also consider its value within the broader Enterprise Linux ecosystem of RHEL derivatives, to help organizations determine if a RHEL subscription is still worth the investment. 

Table of Contents

  1. About the RHEL 10 Release
  2. RHEL 10 Features and Updates
  3. Comparing RHEL 10 vs. RHEL 9
  4. RHEL Derivatives Ecosystem: Rocky Linux 10 and AlmaLinux 10
  5. Is RHEL Still Worth the Cost?
  6. Final Thoughts

Back to top

About the RHEL 10 Release

RHEL 10 was released on May 20, 2025 and goes by the code name “Coughlan” like the upstream CentOS Stream 10 release which came out in December 2024. RHEL 10 is based on Fedora 40 and will be supported until 2035. 

RHEL 10 is focused on three core pillars: enhanced security, cloud-native optimization, and AI-powered automation. The release targets a diverse range of enterprise applications, including containerized workloads, hybrid cloud operations, and Dev Ops workflows, to support organizations transitioning toward more agile, secure, and scalable infrastructure models.

Back to top

RHEL 10 Features and Updates

For a complete list of new RHEL 10 features, as well as removed ones, refer to the official release notes. In this section, we will highlight the most impactful changes.

Security Enhancements

  • Post-Quantum Cryptography (PQC) Integration represents perhaps the most significant security advancement. This FIPS-compliant implementation defends against sophisticated “harvest now, decrypt later” attacks, where adversaries collect encrypted data today with the intention of decrypting it using future quantum computing capabilities. Organizations handling sensitive data or operating in regulated industries will find this protection essential for long-term data security.
  • Improved SELinux delivers enhanced flexibility and usability without compromising security. The updated implementation offers more intuitive configuration options, enhanced auditing capabilities, and improved troubleshooting tools, making it easier for system administrators to implement and maintain robust access controls.
  • Encrypted DNS integration includes both DNS over HTTPS (DoH) and DNS over TLS (DoT) protocols, protecting DNS queries from interception and manipulation. This capability becomes increasingly critical as organizations implement zero-trust security models.
     

NEW: CIS-Benchmarked Hardened Images 

OpenLogic now provides Rocky Linux and AlmaLinux images hardened according to CIS Benchmarks (Level 2) for VMs and containers, making it easier than ever to meet compliance requirements. 

Explore Hardened ImagesSee Latest Releases

 

Performance and Hardware Upgrades

  • The updated Linux Kernel 6.12.0 provides foundational performance improvements and expanded hardware compatibility. This kernel update ensures optimal performance on the latest server hardware while maintaining stability across diverse infrastructure environments.
  • Support for New Hardware includes comprehensive compatibility with next-generation processors, storage systems, and networking equipment. This expanded support ensures organizations can leverage cutting-edge hardware while maintaining their existing RHEL environment.

Cloud Integration and Hybrid Cloud Support

  • Image Mode for RHEL (bootc) revolutionizes deployment flexibility by enabling OS deployment as a container image directly to hardware, virtual machines, or cloud environments. This container-native approach streamlines deployment processes and enhances consistency across diverse infrastructure platforms.
  • Enhanced Compatibility with Major Cloud Providers delivers deeper integration with AWS, Azure, and Google Cloud Platform. These optimizations reduce deployment complexity and improve performance when running RHEL workloads in public cloud environments.
  • Optimized for OpenShift improves integration with Red Hat OpenShift, enabling more efficient container orchestration and management. Organizations leveraging Kubernetes will benefit from enhanced performance and simplified operations.

Developer Tools and System Administration Improvements

  • Updated Application Streams include newer versions of essential programming languages: Python 3.12, Perl 5.40, Go 1.23, and GCC 14.2. These updates ensure developers have access to the latest language features and performance improvements.
  • RHEL Lightspeed integrates generative AI directly into the platform, offering context-aware guidance for system administration tasks. This AI-powered assistance reduces the learning curve for complex administrative operations and improves operational efficiency.
  • Expanded Ansible System Roles automate configuration management, application deployment, and infrastructure provisioning across diverse environments. These roles significantly reduce manual administrative overhead while ensuring consistent configurations.
  • Improved Podman and Buildah Support streamlines building, testing, and deploying containerized applications.

Back to top

Comparing RHEL 10 vs. RHEL 9

The transition from RHEL 9 to RHEL 10 introduces several fundamental changes that will impact user experience and operational capabilities. 

Feature AreaRHEL 9RHEL 10
KernelLinux Kernel 5.14Linux Kernel 6.12
SecuritySELinux, OpenSSL 3.0Post-Quantum Cryptography, Enhanced SELinux, Encrypted DNS
Developer ToolsPython 3.9, Node.js 16Python 3.12, Perl 5.40, Go 1.23
System ManagementWeb Console, Basic Ansible RolesEnhanced Web Console, Comprehensive Ansible Roles, AI-Powered Lightspeed
Supported Architecturesx86-64-v2, ARM64, IBM Power, IBM Zx86-64-v3, ARM64, IBM Power, IBM Z, RISC-V Developer Preview
FocusStability, consistency, foundational hybrid cloud readinessAI integration, post-quantum security, container-native OS deployments

The most significant architectural change involves dropping x86-64-v2 support in favor of x86-64-v3 baseline requirements. This change improves performance on modern hardware but may impact organizations running older infrastructure. 

The shift toward AI integration and container-native operations reflects Red Hat’s strategic focus on emerging technologies and modern deployment patterns. Organizations planning upgrades should evaluate their current infrastructure compatibility and strategic technology direction.
 

Get the Decision Maker’s Guide to Enterprise Linux

Compare security, stability, features, and use cases for commercial Enterprise Linux distributions like RHEL, Oracle Linux, and SUSE Linux Enterprise (SLE) and open source alternatives like CentOS Stream, Debian, Ubuntu, Rocky Linux and AlmaLinux in our free guide.

Read Now

Back to top

RHEL Derivatives Ecosystem: Rocky Linux 10 and AlmaLinux 10

Both AlmaLinux and Rocky Linux continue building their distributions using CentOS Stream as their primary upstream source, supplemented by publicly available resources and RHEL sources obtained through Red Hat’s licensing framework.

These distributions maintain Application Binary Interface (ABI) compatibility with RHEL 10, ensuring applications compiled for RHEL 10 will execute seamlessly on AlmaLinux 10 and Rocky Linux 10 without modification. This compatibility provides organizations with deployment flexibility while maintaining application integrity.

AlmaLinux 10 (codename “Purple Lion”) was released on May 27 (one week after RHEL 10) and offers a unique advantage through its continued support for x86-64-v2 architecture, making it viable for organizations with older hardware that cannot meet RHEL 10’s x86-64-v3 requirements. This capability extends infrastructure lifespan and reduces hardware replacement costs.

Rocky Linux 10 (codename “Red Quartz”) came out on June 11 and includes support for RISC-V computers. 

Both distributions benefit from active community ecosystems and third-party commercial support options, often at significantly lower costs.

Back to top

Is RHEL Still Worth the Cost?

Weighing RHEL’s value proposition requires balancing comprehensive enterprise capabilities against significant licensing costs and vendor lock-in risk.

RHEL Advantages

  • Enterprise-Grade Stability and Reliability: Rigorous testing and quality assurance processes guarantee a stable platform for mission-critical workloads.
  • Predictable Lifecycle: Each major RHEL release is supported for 10 years, which means extended availability of security fixes and patches.
  • Support: RHEL subscriptions comes with 24/7 technical support with SLAs, which is invaluable during critical incidents or for complex deployments.
  • Security and Compliance: RHEL is consistently updated with the latest security patches, including proactive vulnerability remediation. Organizations in regulated industries particularly benefit from RHEL’s comprehensive certifications that ensure security and compatibility with various other solutions.
  • Integrated Ecosystem: RHEL subscriptions often include access to other Red Hat tools for lifecycle management, analytics, and automation that your organization might also want to utilize.  

RHEL Derivatives Benefits

  • No License Costs: This is by far the most compelling differentiator because it eliminates a substantial line item from IT budgets, freeing up resources for other projects and investments.
  • Freedom and Flexibility: By using RHEL derivatives, organizations can avoid getting locked into the RHEL ecosystem of products and retain greater control over their infrastructure.
  • Binary Compatibility: Applications designed for RHEL 10 should be able to run without modification.
  • Community and Third-Party Support: Rocky Linux and AlmaLinux have very active communities and good documentation, and commercial support vendors like OpenLogic can provide expert, 24/7 SLA-backed Enterprise Linux support for less than the cost of a RHEL subscription.
  • Niche Use Cases: AlmaLinux 10’s continued support for x86-64-v2 makes it a more viable option for organizations that cannot meet RHEL 10’s x86-64-v3 baseline and want to defer hardware replacement costs.

Back to top

Final Thoughts

With its advanced security capabilities, AI-powered administration, and comprehensive cloud integration, RHEL 10 and its derivatives set a new benchmark for Enterprise Linux distributions. The choice ultimately depends on organizational priorities: Enterprises requiring extensive certifications and preferring integrated management tools may find the ROI for RHEL worthwhile. Organizations prioritizing cost optimization and operational flexibility may find Rocky Linux 10 or AlmaLinux 10 more attractive, particularly when combined with third-party commercial support.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

What are connected classrooms and why schools need UEM to manage them?

Understanding the technology behind modern learning environments and how to manage them securely.

A connected classroom, also known as a smart or digital classroom, is an educational environment that uses technology to enhance both the learning and teaching experience. The primary goal is to seamlessly integrate digital tools, devices, and internet resources into the classroom for a more interactive and collaborative experience. This model is rapidly changing how educators and students interact with information and each other.

Core Components of a Connected Classroom

A connected classroom is built on several key components that work together to create a dynamic learning space:

  • Connected Devices: This includes devices used by students and teachers, such as laptops, tablets, interactive whiteboards, and projectors.
  • Learning Management Systems (LMS): Platforms like Google Classroom, Canvas, or Moodle are essential for managing coursework, assignments, and grades in a digital format.
  • Collaboration Tools: Applications such as Zoom, Google Docs, and Microsoft Teams facilitate communication and real-time collaboration between students and teachers.
  • Immersive Technologies: Advanced tools like Virtual Reality (VR) and Augmented Reality (AR) are used to create engaging, hands-on learning experiences.
  • One-to-One (1:1) Programs: Many schools now provide a dedicated device to each student, ensuring equitable access to digital resources.

Benefits and Challenges

The adoption of connected classrooms comes with significant advantages, but also presents new challenges for schools and IT departments.

Key Benefits

  • Enhanced Engagement: Interactive devices and tools make learning more dynamic and exciting for students.
  • Quick Access to Resources: Students can instantly access a wealth of online information, digital textbooks, and educational apps.
  • Personalized Learning: Educators can tailor content and pace to meet the individual needs of each student.
  • Improved Teaching Efficiency: Teachers can automate administrative tasks, making more time for instruction and student interaction.

Common Challenges

Managing a connected classroom at scale is not without its hurdles. IT teams must address issues such as:

  • Securing a large fleet of devices.
  • Ensuring students stay focused on educational content.
  • Providing immediate remote support for technical issues.
  • Managing and updating a wide range of apps and content.
  • Protecting student data and privacy.

The Role of Unified Endpoint Management (UEM)

A UEM solution is the key to overcoming these challenges. Platforms like Scalefusion offer a centralized, comprehensive approach to managing all devices within a school’s ecosystem. A UEM platform helps by:

  • Centralized Device Management: IT can manage thousands of devices from a single console.
  • Policy Enforcement: Enforce security policies and content filtering to ensure a safe learning environment.
  • Application Management: Control which apps students can access and ensure all software is up-to-date.
  • Remote Troubleshooting: Remotely access and fix device issues without needing to be physically present.
  • Digital Safety Beyond the Classroom: Extend security and content policies to devices used by students at home.

By providing a solution that simplifies device management and strengthens security, UEM allows schools to fully embrace the potential of connected classrooms, creating a safe, engaging, and effective learning environment for both students and teachers.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Singapore Under Cyber Siege: What You Need to Know About the UNC3886 Attack—And How to Stay Protected

SINGAPORE, July 30, 2025 — In July 2025, Singapore’s digital defences came under fire. The government revealed an active, ongoing cyber attack targeting the country’s critical infrastructure—energy, water, finance, telecom, healthcare, and more. The threat actor behind it? UNC3886—a highly sophisticated espionage group with suspected links to China, known for silently infiltrating global systems since 2021.
But what does this mean for your organization? Why should you care? And how can you protect your business, your customers, and your operations?
Let’s break it down.

Who is UNC3886?

UNC3886 is not your average hacker group.
They are state-sponsored, stealthy, and relentless, targeting the very core of national infrastructure. What makes them dangerous is not just their skills—but where they attack: virtualization platforms, routers, VPNs, and operational technology (OT) that traditional antivirus and security tools can’t even see.
They don’t just hack into computers. They live in the invisible layers of your digital environment—below the surface, undetected for months.

How the Attack Works

UNC3886 uses advanced techniques that few organizations are prepared for:
Step-by-step:

  1. Initial Entry via Zero-Day Exploits
    They exploit previously unknown vulnerabilities in platforms like Fortinet VPNs, VMware vCenter, and Juniper routers—systems trusted and used by most enterprises.

  2. Silently Deploy Malware
    They install custom-made malware (like REPTILE, MOPSLED, and LOOKOVER) directly into virtual servers or network devices. These tools hide in plain sight, even surviving reboots and standard clean-up.

  3. Steal Data & Move Laterally
    Once inside, they move across your network, harvesting credentials, capturing sensitive data, and accessing other critical systems—often without anyone knowing.

  4. Maintain Persistence
    Their malware is designed to stay hidden. Even after you think you’ve removed them, they often find a way back—through backdoors or compromised admin accounts.

Why You Should Care—Even If You’re Not a Target

You might think: “We’re not a government agency, why would they attack us?”
The truth is:

  • Every business depends on infrastructure—energy, water, internet, payment systems.
  • You may be the weak link. Attackers often enter through less-protected vendors or partners to reach bigger targets.
  • Cyberattacks don’t just steal data—they destroy trust. Operational downtime, data leaks, and regulatory penalties can be crippling.

UNC3886 isn’t just a government problem. It’s an ecosystem problem—and everyone is part of the ecosystem.

How You Can Protect Yourself—With Solutions from Us

We brings together some of the world’s most powerful cybersecurity solutions—many of which are specifically designed to defend against attacks like UNC3886.

1. Get Full Visibility with runZero
UNC3886 hides in forgotten or unmanaged systems.
runZero gives you a full map of every device—IT, OT, IoT, and even shadow infrastructure—so nothing hides.
🔍 Know what you have before you can protect it.

2. Lock Down Network Access with NACView
Stop attackers from moving across your network.
NACView enforces network access control, segments users and devices, and blocks unauthorized connections—no hardware required.
🛑 One compromised device shouldn’t mean full access.

3. Secure Industrial and OT Systems with SCADAfence
If you run factories, utilities, or use industrial control systems, SCADAfence detects suspicious activity across OT and IT. It monitors specialized protocols and alerts you to anomalies before real damage happens.
⚙ Modern OT threats need modern OT defence.

4. Detect Breaches with ESET PROTECT Elite
UNC3886 is stealthy—but not invisible.
ESET PROTECT Elite delivers advanced endpoint detection, threat hunting, and response capabilities to spot and stop abnormal behaviour across your devices.
🧠 It’s not just antivirus—it’s active defense.

5. Test, Simulate, and Strengthen with Version 2’s Security Services
From vulnerability assessments to penetration testing and red-team simulations, Version 2 Security Center helps you validate your defenses against real-world threats like UNC3886.
🧪 Better to find the gaps before attackers do.

Final Thought: Don’t Wait for the Headlines

Cyber threats like UNC3886 are not just in the news—they’re already on our networks.
Protecting your organization doesn’t require a full security overhaul overnight. But it does start with visibility, access control, real-time detection, and a strong partner.
With Version 2 and its best-in-class cybersecurity solutions, you’re not alone in this fight.

📞 Ready to assess your exposure or plan your next steps?
Reach out to Version 2 today for a tailored cybersecurity consultation.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Named a Challenger for the 6th Time in Gartner® Magic Quadrant™ for Endpoint Protection Platforms

How omnisend enhanced its threat visibility with nordstellar

Summary: Omnisend, a leading provider of marketing automation technology, now leverages NordStellar to proactively monitor and mitigate external threats before they escalate.

As a provider of a marketing automation platform used by over 150,000 online stores worldwide, Omnisend must stay ahead of cyber threats at all times. To achieve this, the company relies on solutions like NordStellar.

KEY FACTS

Industry: Marketing technology

Challenge: Limited visibility into external cyber threats and dark web exposure

Solution: NordStellar threat exposure management platform

Results:

  • Improved detection of cyber threats targeting the company
  • Simplified threat prioritization for the Omnisend team
  • Identified instances of company credential leaks
  • Found the root cause of a past security incident

ABOUT OMNISEND

Omnisend provides a cutting-edge marketing automation platform for e-commerce brands, dedicated primarily to email and SMS marketing. The company’s solution is used by over 150,000 online shops worldwide. In 2022, Omnisend was ranked #77 in the Financial Times ranking of Europe’s 1000 fastest-growing companies, and earned the #44 spot in the Deloitte UKFast50 for the third consecutive year.

CHALLENGE

While Omnisend already had several protective measures in place to ensure strong protection of its data and infrastructure, some threats remained under the radar. This was due to the company’s limited visibility into areas such as the dark web. As a result, Omnisend didn’t have the means to monitor leaked company credentials or data compromised by malware.

The company decided to address this after its team attended a live demo of NordStellar, where the platform was used to assess their threat exposure using actual company data. The results were eye-opening. Once they saw what kind of information NordStellar was able to uncover about their business on the dark web, they decided to take appropriate action. In their own words: “Like any professional security team with high standards, we couldn’t just walk away from such findings.”

SOLUTION

Shortly after the demo, Omnisend decided to move forward with the NordStellar platform. The decision was based on three factors:

  • The actionable and impactful findings it delivers
  • A wide range of external threat management features
  • Immediate proof of the platform’s high value during the demo

The company was most impressed with NordStellar’s ability to detect leaks involving employee credentials, a threat vector that often goes unnoticed. Omnisend also praised the platform for providing clear, practical feedback that the team could act on right away, rather than just basic notifications.

To gain insights into external threats targeting the company, Omnisend is making full use of all NordStellar’s features, including:

  • Data breach monitoring
  • Dark web monitoring
  • Attack surface management
  • Domain squatting detection

NordStellar delivers findings that include risk levels and contextual information about security events to help Omnisend better understand the specific circumstances surrounding each incident. As a result, it significantly improves the company’s cybersecurity posture and threat response.

IMPACT

The findings provided by NordStellar help Omnisend’s security team prioritize their tasks and dedicate more attention to other urgent issues. As Žygimantas Stauga, Director of Information Security at Omnisend, said, “There is always an issue to address, but resources are limited. That’s why it’s crucial to prioritize tasks when planning security activities. Insights from NordStellar help us do exactly that.”

NordStellar has also helped the company uncover the root cause of a past security incident. Although the issue had already been handled, the team wasn’t sure exactly what had caused it. Thanks to NordStellar, they discovered it was malware. This revelation had a big impact on the company’s processes and led to important changes in its threat response strategy.

Today, instead of guessing if there’s any trouble, NordStellar immediately notifies Omnisend whenever external threats require their attention. With this information, the company can mitigate risks before they escalate.

“NordStellar is the missing puzzle piece in most organizations’ cybersecurity, catching threats that slip past other defenses.”

Žygimantas Stauga, Director of Information Security at Omnisend

Curious what hackers might know about your business? See NordStellar in action—book a demo with us and learn about the risks you’re probably unaware of.

 

About NordStellar
NordStellar is a threat exposure management platform that enables enterprises to detect and respond to network threats before they escalate. As a platform and API provider, NordStellar can provide insight into threat actors’ activities and their handling of compromised data. Designed by Nord Security, the company renowned for its globally acclaimed digital privacy tool NordVPN.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Powder Mountain transforms its operations with Google Workspace and CloudM

Powder Mountain, the USA’s largest multi-season ski resort by acreage known for its history, authentic character and focus on sustainability, sought to enhance its internal communication and operational efficiency. The resort’s new owner, Netflix co-founder Reed Hastings, decided to move the entire organization from Microsoft 365 to Google Workspace to achieve a more seamless and collaborative environment. 

To facilitate a seamless transition and enhance their Google Workspace setup, Powder Mountain teamed up with Upcurve Cloud, who enlisted CloudM for their migration and data management solutions.

Seamless data migration with instant results

The migration to Google Workspace was crucial for Powder Mountain to enable better collaboration across departments and improve communication among employees, whether they were on the mountain, in the office, or working remotely. Upcurve Cloud facilitated the migration, leveraging CloudM’s migration technology to ensure a smooth transition with minimal disruption to Powder Mountain’s daily operations.

Zeb Burdick, Systems Administrator at Powder Mountain, noted, “Everything was super seamless. There really wasn’t much of a hiccup at all in the transition. It almost caught us off guard at how easy it suddenly was to access everything and collaborate.”

Leveraging Google Workspace for better communication

The adoption of Google Workspace tools like Spaces significantly improved communication, particularly for time-sensitive updates and safety alerts, which are critical in Powder Mountain’s dynamic environment.

As Rob Phillips, Director, IT Operations at Powder Mountain, explained, “Having been a Microsoft user for a long time, it was nice to jump into the new platform and see all the enterprise grade features that really help our team communicate throughout the day.”

Implementing CloudM Automate and Email Signatures to enhance onboarding and offboarding

Powder Mountain also utilized CloudM’s Automate and Email Signatures to streamline employee lifecycle processes and maintain brand consistency.

Simplifying workflows with CloudM Automate

With up to 800 seasonal staff every year, automated onboarding and offboarding have enormous time-saving potential. While still in the early stages of full implementation, CloudM Automate has demonstrated its potential to simplify offboarding workflows. The ability to quickly delegate access and manage out-of-office settings has saved the IT team valuable time and improved the experience for both departing employees and their colleagues.

Just a click away: Saving time and keeping business data save

As Zeb Burdick reiterates, “So far it has been a great experience for everybody. The delegation of items like emails, calendars and out of offices, it’s definitely something the entire IT department has embraced. The interface is super clean and easy to use to make any changes we may need. Everything is right at our fingertips.” 

Being able to quickly remove access to key documents and systems has proven especially valuable, as Zeb Burdick explains, “When somebody is being offboarded, there’s a big urgency to cut down their access. Having CloudM just one click away rather than waiting a few days has been super helpful.”

The interface is super clean and easy to use to make any changes we may need. Everything is right at our fingertips.

Zeb Burdick, Systems Administrator at Powder Mountain

 

Freeing up IT admin time and improving new starter experience with CloudM Email Signatures

Having used a tool to manage all email signatures in their previous Microsoft environment, Powder Mountain chose CloudM’s Email Signatures module to help them do the same in their new Google home. Implemented right after the transition, the tool has enabled them to maintain a consistent and professional brand identity across their sub brands. It has also simplified the management of email signatures, ensuring that they are accurate and up-to-date, improving employee experience and saving the IT team from having to make changes themselves or instructing other team members to do so.

A game changer for the IT team

Zeb Burdick said, “In the past we’ve had people alter their signatures so that titles weren’t correct or the layout was off. Implementing CloudM has been such a game changer. It’s super easy to manage the email signatures as part of the onboarding process. It saves time for the new team members, too. It definitely frees up a lot of time and removes the potential for errors.” 

This sentiment is echoed by Rob Phillips, “It was definitely nice to see that my email signature was already there when I joined the company and that there wasn’t any kind of administrative setup. The ability to have little things like this already set up for you means there is one less thing to worry about while you’re focussed on getting started in your new role.”

A strong partnership for continued success

The collaboration between Powder Mountain, Upcurve Cloud, and CloudM has been instrumental in driving Powder Mountain’s digital transformation. Upcurve Cloud’s expertise in guiding the migration and providing ongoing support, combined with CloudM’s powerful migration and automation tools, has empowered Powder Mountain to embrace Google Workspace and optimize its operations.

“It was a great experience,” said Zeb Burdick, “To this day the whole company talks about how seamless it all was.”

As Powder Mountain continues to grow and innovate, the strong foundation laid by Google Workspace, CloudM, and Upcurve Cloud will undoubtedly play a key role in their future success.

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

Securing VMware Environments in an Era of Escalating Cyber Threats

Protect Your Virtual Environment from Ransomware

Ransomware has evolved into one of the most disruptive threats in cybersecurity, and virtualized environments have become an increasingly frequent target. Organizations running VMware vSphere and ESXi platforms are now prime targets, facing not just financial losses but the potential collapse of critical business operations. With cybercriminals continuously innovating their attack strategies, security leaders must rethink their defenses and adopt a proactive, automated approach to safeguarding their virtual infrastructures.

The Growing Sophistication of Ransomware Attacks on VMware

Cybercriminals recognize that VMware environments house the backbone of enterprise IT. By targeting ESXi servers, attackers gain leverage over an organization’s most essential systems—data storage, virtualized applications, and networking. These attacks are not just opportunistic; they are meticulously planned, often involving unauthorized access through stolen credentials, remote access exploitation, tampering with scheduled tasks, and malicious encryption of critical VMware files to maximize impact.”

The financial stakes are staggering. In 2024, the average ransom demand has surged to $5 million – an amount that doesn’t even account for indirect losses such as business disruption, reputational damage, and compliance penalties. Traditional security tools, while effective in some areas, often fail to detect and prevent attacks specifically designed to bypass endpoint protections and exploit virtual infrastructure.

Why Traditional Security Approaches Fall Short

Many enterprises rely on perimeter-based defenses, endpoint detection tools, and periodic security assessments. However, these measures are insufficient when dealing with the modern ransomware landscape, where threats evolve faster than traditional defenses can adapt. Attackers are increasingly leveraging:

  • Credential theft and privilege escalation attacks that grant attackers full control over ESXi servers.
  • Ransomware-as-a-Service (RaaS) models that make sophisticated attacks more accessible to cybercriminals.
  • Zero-day exploits and unpatched VMware vulnerabilities that attackers use to bypass traditional defenses.

With attackers actively targeting VMware environments using stolen credentials, encryption-based extortion, and service tampering, organizations need security solutions designed specifically to detect and stop these threats within virtual infrastructures.

Strengthening Prevention and Containment for VMware Security

To effectively counter ransomware in virtual environments, organizations must implement a multi-layered defense strategy that prioritizes automation, real-time monitoring, and preemptive containment. BullWall Virtual Server Protection (VSP) for VMware exemplifies this forward-thinking approach by providing:

  • Multi-Factor Authentication (MFA) for SSH logins: Ensuring that only authorized personnel can access critical VMware infrastructure, reducing the risk of credential-based attacks.
  • Real-time process and file monitoring: Detecting malicious activity before encryption or data corruption can occur.
  • Protection of storage assets: Securing datastores, virtual disks, NFS storage, and internal storage against unauthorized modification.
  • Automated threat containment: Isolating compromised systems instantly, preventing lateral movement within the virtual environment.

Beyond Ransomware: Strengthening Cyber Resilience

Implementing proactive security measures like BullWall VSP doesn’t just stop ransomware—it strengthens overall cyber resilience, ensuring ongoing protection against evolving threats. Organizations that invest in automated security solutions benefit from:

  • Reduced cyber insurance premiums by demonstrating robust security controls to insurers.
  • Regulatory compliance with industry standards requiring continuous monitoring and immutable audit logs.
  • Uninterrupted business continuity, ensuring that ransomware attacks do not result in catastrophic downtime.

Strengthening VMware Security to Defend Against Emerging Threats

The battle against ransomware is not just about prevention—it’s about transformation. Organizations must rethink security strategies, moving away from passive defense mechanisms and embracing real-time, automated protection. The cost of inaction is too high, and the consequences are irreversible. Is your virtual environment ransomware resilient? Find out for sure. Visit www.bullwall.com to learn how BullWall VSP can help you stay ahead of evolving cyber threats.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The Five Must-Haves of a Zero Trust Program

Zero Trust isn’t only for enterprises with massive budgets and complex stacks. It has become essential for organizations of all sizes that need to protect a modern, distributed workforce.

But while many organizations say they’ve implemented Zero Trust, the reality is that very few go beyond the surface. Most efforts cover only high-risk users or systems, leaving major gaps across the rest of the environment. As threats evolve and cloud adoption accelerates, these gaps become serious liabilities.

To build a Zero Trust program that adapts to risks and is scalable, you need more than multi-factor authentication (MFA) and a few access policies. You need complete coverage across five core areas:

  1. Identity and access management (IAM)
  2. Device trust
  3. Network and application access
  4. Privileged access management (PAM)
  5. Visibility and monitoring

These are the structural pillars that support long-term security, operational efficiency, and resilience in the face of evolving threats. Keep reading to dive deep into each of these focus areas.

1. Identity and Access Management 

Everything starts with identity.

If you can’t confidently verify who’s trying to access your systems, nothing else matters.

A strong IAM foundation means enforcing MFA across all access points, not just admin accounts or remote logins. It also includes setting up conditional access rules that evaluate context — like device, location, and time — before granting access.

IAM is not just about access control. It’s about verifying that the right person, using the right identity, is requesting access in the right way.

2. Device Trust

User identity is only part of the equation. You also need to know whether the device being used is secure and compliant.

Device trust means verifying that endpoints meet your organization’s security standards before they’re allowed to access sensitive data or systems. This could include operating system (OS) version, patch status, encryption, or mobile device management (MDM) enrollment.

Without this layer, a verified user logging in from an unmanaged, compromised device can still create risk.

3. Network and Application Access

Legacy security models gave users broad access to internal networks through VPNs. That approach increases risk because it allows attackers to move laterally once inside.

In a Zero Trust model, users get access only to the applications and services they need, and nothing more. This limits lateral movement inside the network and reduces exposure.

Application-level segmentation and access policies tied to user context allow you to move away from broad, perimeter-based controls and toward more granular enforcement.

4. Privileged Access Management 

Not all user accounts are equal. Admins and service accounts hold significantly more power — and they’re a prime target for attackers.

Zero Trust demands strict controls around privilege escalation. PAM should be integrated across your environment and include capabilities like just-in-time access, automatic revocation, session monitoring, and auditing.

Static admin credentials, especially those that never expire or are shared across teams, introduce long-term risk. They need to go.

5. Visibility and Monitoring

You can’t enforce what you can’t see. A Zero Trust program is only effective if you have complete visibility into who accessed what, when, from where, and how.

Centralized logging, real-time monitoring, and anomaly detection are essential. These controls help IT teams identify risks early, support audits, and continuously refine access policies.

Without visibility, enforcing policies consistently or responding to threats quickly becomes tedious.

Build a Stronger Security Posture

Implementing Zero Trust isn’t a one-and-done project. It’s an ongoing initiative that requires clarity, coordination, and scaling. Focusing on just one or two areas may create a false sense of security. To effectively manage today’s threats, your Zero Trust strategy must address all five core areas.

Most IT teams aren’t struggling with the “why” behind Zero Trust. It’s the “how” that gets complicated. Competing priorities, limited resources, and tool sprawl make it difficult to move beyond surface-level adoption.

That’s exactly why we created our latest eBook Where Zero Trust Falls Short. It explores each must-have in detail and outlines a phased roadmap for scaling Zero Trust across your organization. Download the eBook and take the next step towards a more resilient security posture.

About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.