The NIS2 Directive is not a compliance exercise; it is a mandate for operational survival in the era of AI-accelerated attacks. The EU has made one thing clear: if you don't have a comprehensive, real-time handle on your environment, you are a liability to everyone.
Most organizations are still relying on legacy spreadsheets and "point-in-time" scans to meet these requirements. That is a recipe for failure. To achieve true NIS2 resilience, you must transition from passive observation to a full exposure management platform.
In case you need a quick refresher, article 21 of the NIS2 framework comprises 10 pillars:
Let’s talk about how runZero relates to each of these ten pillars and streamlines your path to compliance.
How runZero directly impacts: Risk Assessment, Security for Employees with Access to Data, and Assessment of Security Efficacy #
Many organizations rely on third-party tools like EDRs for asset inventory, however these solutions leave significant gaps that could result in non-compliance and leave organizations exposed to compromise. NIS2 requires organizations to “adopt a mechanism to identify relevant assets and an assessment of the risks in that Member State.” But how can you be certain that you’ve identified all the assets and their associated risks?
You need a solution that safely scans and discovers external, internal, and cloud-based assets, including those that are missing security controls or that are impossible to deploy agents on – the unknowns and unmanageables.
runZero is the leader in reliable, agentless active scanning across IT, IoT, and OT. On average, enterprise organizations find 25% more assets with runZero than they were previously aware of, and in some cases, this number is exponentially greater. runZero’s best-in-class discovery of both assets and vulnerabilities yields tremendous impact on Pillar #1, Risk Assessment.
OT environments in particular are notorious for blind spots and, in the best cases, visibility is oftentimes restricted to IP-based devices. With the 4.9 release of our product, runZero can walk the backplane of a Modbus gateway to see every serial device connected to it. Since a single compromised thermostat can be connected to dozens of other devices that could serve as pivot points, this level of visibility is critical not only for compliance, but to ensure critical areas of your network are secure.
We uncover assets and CVEs, and we also discover multi-homed devices that can shatter segmentation. Multi-homed devices often act as a bridge, bypassing firewalls and other controls that are designed to prevent lateral movement. New capabilities in the 4.9 release enable you to map the path of least resistance an attacker can take across these devices. runZero’s network maps show you the unintended routes across environments that threaten security. We also identify outdated protocols that need to be deprecated to eliminate weaknesses that can be exploited. At the same time, runZero identifies expired certificates that undermine your security controls.
runZero gives you the single source of truth to anchor your risk policies and pinpoint exactly where you need to focus your attention.
How runZero directly impacts: Security Around Procured Systems and Supply Chain Security #
This area represents one of the most significant expansions from the original NIS directive. It acknowledges that an organization's security perimeter is only as strong as its weakest third-party vendor. Several mandates in these pillars deal with the diligence in vetting suppliers and proper cybersecurity clauses in contractual agreements, which aren’t directly related to runZero.
But the goal for these expansions in NIS2 is to transition organizations away from "one-and-done" checkbox compliance. Entities must implement continuous monitoring mechanisms to supervise their supplier ecosystem. This means utilizing automated risk assessments, security ratings, and regular audits to ensure critical vendors maintain their security posture. runZero excels in the continuous monitoring mechanism for all internal, external, and cloud based parts of your entire attack surface.
Legacy scanners can miss third-party black boxes, vendor-managed systems, and unmanaged devices. runZero doesn’t miss any of these. Using a combination of active scanning, passive scanning, and turnkey integrations, runZero provides detailed asset inventories and identification of exposures helping ensure that all procured systems are identified and free from known vulnerabilities. runZero helps you secure the supply chain and ensures every procured system is hardened and visible, not a backdoor for an adversary.
How runZero directly impacts: Use of Multi-factor Authentication, Basic Computer Hygiene, Use of Cryptography and Encryption #
Most breaches don't use zero-days; they often rely on simple oversights like unencrypted protocols, legacy assets, and forgotten accounts. That’s why pillars #4, #7, & #10 focus on enforcing foundational, day-to-day security routines that eliminate risks across the entire infrastructure.
runZero extracts high-fidelity metadata to unmask assets missing MFA, outdated operating systems, and weak network protocols. We highlight the gaps where your security stack (EDR/AV) is missing or disabled. runZero identifies and tracks these overlooked exposures with surgical precision, effectively tackling the requirements of these pillars.
How runZero directly impacts: Plan for Managing Business Operations During an Incident, Plan for Handling Security Incidents #
While most of the requirements in these pillars involve having a disaster recovery and incident response plan in place and documented, another key aspect involves the timelines of reporting an incident to “supervisory authorities or the CSIRT within 24 hours of detecting a significant incident.” But how can you tell the difference between an isolated incident and a significant one? During a crisis, you don't have unlimited time to figure out how widespread a compromise can be as you race the clock towards containment.
Since the release of 4.9, runZero provides a live, offensive-mindset map of your infrastructure, showing you how a compromised device connects to others, or the public internet. This is the way you can begin to understand the scope of an incident. runZero gives you up-to-date, continuously refreshed asset inventory to track critical systems and support business continuity during an active incident. We combine our best in class discovery with the new Attack Path Mapping in release 4.9, showing you the blast radius of an attack in minutes, not days, so you can know when and what you need to disclose.
The Bottom Line #
In today’s climate of AI-accelerated attacks, SecOps teams have less time than ever before to respond to attacks. NIS2 provides a framework to prove that you have done your due diligence to prepare for the inevitable. The risks of non-compliance are severe; with fines of up to €10 million or 2% of global annual turnover, compliance is a business priority not just a technical one. runZero can help.
See what others miss. Secure what others can't.
Interested in trying runZero? You can explore the platform for free for 21 days.
