{"id":8119,"date":"2026-03-13T14:37:40","date_gmt":"2026-03-13T14:37:40","guid":{"rendered":"https:\/\/heliview.com\/cyber-resilience-belgium\/?p=8119"},"modified":"2026-04-09T14:40:03","modified_gmt":"2026-04-09T14:40:03","slug":"whitepaper-xfa-what-companies-dont-know-is-hurting-them","status":"publish","type":"post","link":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/","title":{"rendered":"The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them"},"content":{"rendered":"<div class=\"wpb-content-wrapper\">[vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text css=&#8221;&#8221;]<strong>Executive Summary<\/strong><\/p>\n<p>Most organizations believe their device fleet is under control. They run an MDM solution, they have a patching policy, and they report compliance to their board. But when we look at what actually connects to corporate systems, a different picture emerges. An analysis of 13,000+ devices across 67 organizations reveals that the majority of corporate endpoints are invisible to IT, and the ones they can see are dangerously out of date.<\/p>\n<p><strong>The Invisible Fleet<\/strong><\/p>\n<p>Nearly two thirds of the devices accessing their systems are unknown to IT or ignored. We examined 29 organizations that had at least one managed device in their fleet. Together, these organizations had 7,447 devices connecting to corporate resources. Of those, only 2,701 (36%) were managed. The remaining 4,746 (64%) were previously unknown, discovered by XFA but invisible to the organization&#8217;s existing tooling. For every managed device, 1.8 additional unknown devices were discovered accessing corporate systems. Among the worst 5% of organizations, unknown devices accounted for over 97% of the fleet.<\/p>\n<p><strong>OS Outdatedness and Fat Tails<\/strong><\/p>\n<p>The devices they do manage run operating systems that are, on average, 146 days out of date. The median organization runs 84 days behind. However, the distribution is heavily right-skewed. The P95 company is 425 days behind, 5x the median. In our data, the P95 is five times the median; that multiplier is the hallmark of a fat tail.<\/p>\n<p><strong>Platform Breakdown<\/strong><\/p>\n<p>Not all platforms are equally affected:<\/p>\n<ul>\n<li>Android: Devices run an average of 464 days behind the latest OS version.<\/li>\n<li>macOS: The second-most outdated platform at 274 days average.<\/li>\n<li>Windows: Despite being the largest platform by device count, sits at 135 days average.<\/li>\n<li>iOS: Performs best, with a median of just 15 days.<\/li>\n<\/ul>\n<p><strong>Closing the Gap<\/strong><\/p>\n<p>The biggest risk in device security is not the devices you manage poorly, but the devices you do not know about at all. Closing this gap requires a fundamentally different approach than traditional MDM. XFA automatically discovers every device that authenticates to your business applications. It verifies security and helps users fix issues without taking ownership or control of the device. Finally, it enforces access policies: devices that do not meet your security requirements are blocked from accessing business applications until the issue is resolved.[\/vc_column_text]        <div class=\"lgx-subscriber-area\" >\n            <form class=\"vc-whitepaper-form\">\n                <h3>Download the Whitepaper<\/h3>\n                <p class=\"nieuwsbrief-validation-error nieuwsbrief-validation-error--message hidden\">\n                    One or more fields have not been filled in or have been filled in incorrectly.\n                <\/p>\n                <div class=\"row\">\n                    <label class=\"col-xs-6\">\n                        First name*<br>\n                        <input type=\"text\" name=\"firstname\" maxlength=\"50\" autocomplete=\"given-name\">\n                    <\/label>\n                    <label class=\"col-xs-6\">\n                        Last name*<br>\n                        <input type=\"text\" name=\"lastname\" maxlength=\"50\" autocomplete=\"family-name\">\n                    <\/label>\n                <\/div>\n                <div class=\"row\">\n                    <label class=\"col-xs-6\">\n                        Company name*<br>\n                        <input type=\"text\" name=\"companyname\" value=\"\" size=\"50\" autocomplete=\"organization\">\n                    <\/label>\n                    <label class=\"col-xs-6\">\n                        Role*<br>\n                        <input type=\"text\" name=\"workdescription\" value=\"\" size=\"100\" autocomplete=\"organization\">\n                    <\/label>\n                <\/div>\n                <label>\n                    Business email address*\n                    <input type=\"email\" id=\"EmailAddressNewsletter\" name=\"email\" \/>\n                <\/label>\n                <p>By clicking on sign up you give permission to be emailed, you will receive the whitepaper in your mailbox.<\/p>\n                <input onclick=\"Website.SubscribeToNewsletter('851292295242', 'e0b1e5d1-570a-4e07-b099-6b0aeb7d03e4')\" type=\"button\" class=\"lgx-btn\" value=\"Sign up\">\n                <div id=\"NewsletterSuccess\" class=\"nieuwsbrief-succes hidden\">Thank you, you will receive an email within a few minutes to download the whitepaper.<\/div>\n                <div id=\"NewsletterError\" class=\"nieuwsbrief-error hidden\">Unfortunately something went wrong; your request was not successful. Please try again later.<\/div>\n            <\/form>\n        <\/div>[\/vc_column][vc_column width=&#8221;1\/3&#8243;][vc_wp_search][vc_wp_posts number=&#8221;5&#8243;]<div class=\"wpb-content-wrapper\">[vc_row][vc_column][vc_raw_html]JTNDZGl2JTIwY2xhc3MlM0QlMjJsZ3gtc3Vic2NyaWJlci1hcmVhJTIyJTNFJTBBJTNDZm9ybSUyMGNsYXNzJTNEJTIybmV3c2xldHRlciUyMiUzRSUwQSUzQ2xhYmVsJTNFJTIwU3Vic2NyaWJlJTIwdG8lMjBuZXdzbGV0dGVyJTNDaW5wdXQlMjB0eXBlJTNEJTIydGV4dCUyMiUyMGlkJTNEJTIyRW1haWxBZGRyZXNzTmV3c2xldHRlciUyMiUyMG5hbWUlM0QlMjJlbWFpbCUyMiUyMHBsYWNlaG9sZGVyJTNEJTIyWW91ciUyMGUtbWFpbCUyMGFkZHJlc3MlMjIlMjAlMkYlM0UlM0MlMkZsYWJlbCUzRSUwQSUzQ2lucHV0JTIwdHlwZSUzRCUyMmJ1dHRvbiUyMiUyMGNsYXNzJTNEJTIybGd4LWJ0biUyMiUyMHZhbHVlJTNEJTIyU3Vic2NyaWJlJTIyJTIwb25jbGljayUzRCUyMldlYnNpdGUuU3Vic2NyaWJlVG9OZXdzbGV0dGVyJTI4JTI3ODUxMjkyMjk1MjQyJTI3JTI5JTIyJTNFJTBBJTNDZGl2JTIwaWQlM0QlMjJOZXdzbGV0dGVyU3VjY2VzcyUyMiUyMGNsYXNzJTNEJTIybmlldXdzYnJpZWYtc3VjY2VzJTIwaGlkZGVuJTIyJTNFVGhhbmslMjB5b3UlMkMlMjB5b3VyJTIwcmVnaXN0cmF0aW9uJTIwaGFzJTIwYmVlbiUyMHNlbnQlMjElM0MlMkZkaXYlM0UlMEElM0NkaXYlMjBpZCUzRCUyMk5ld3NsZXR0ZXJFcnJvciUyMiUyMGNsYXNzJTNEJTIybmlldXdzYnJpZWYtZXJyb3IlMjBoaWRkZW4lMjIlM0VVbmZvcnR1bmF0ZWx5JTIwc29tZXRoaW5nJTIwd2VudCUyMHdyb25nJTNCJTIwWW91ciUyMHJlZ2lzdHJhdGlvbiUyMGZhaWxlZC4lMjBQbGVhc2UlMjB0cnklMjBhZ2FpbiUyMGxhdGVyLiUzQyUyRmRpdiUzRSUwQSUzQyUyRmZvcm0lM0UlMEElM0MlMkZkaXYlM0U=[\/vc_raw_html][\/vc_column][\/vc_row]\n<\/div>[\/vc_column][\/vc_row]\n<\/div>","protected":false},"excerpt":{"rendered":"Executive Summary Most organizations believe their device fleet is under control. They run an MDM solution, they have a patching policy, and they report compliance to their board. But when we look at what actually connects to corporate systems, a different picture emerges. An analysis of 13,000+ devices across 67 organizations reveals that the majority [...]","protected":false},"author":30,"featured_media":8189,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[13,26,36],"tags":[],"class_list":["post-8119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-congres-update","category-home","category-latest-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.3.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\r\n<title>The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them - Cyber Resilience Conference<\/title>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them - Cyber Resilience Conference\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/\" \/>\r\n<meta property=\"og:site_name\" content=\"Cyber Resilience Conference\" \/>\r\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/HeliviewCT\" \/>\r\n<meta property=\"article:published_time\" content=\"2026-03-13T14:37:40+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2026-04-09T14:40:03+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png\" \/>\r\n\t<meta property=\"og:image:width\" content=\"1140\" \/>\r\n\t<meta property=\"og:image:height\" content=\"350\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\r\n<meta name=\"author\" content=\"brandon\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:creator\" content=\"@HeliviewConf\" \/>\r\n<meta name=\"twitter:site\" content=\"@HeliviewConf\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"brandon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/\",\"url\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/\",\"name\":\"The Device Security Gap:\\u2028What Companies Don\u2019t Know Is Hurting Them - Cyber Resilience Conference\",\"isPartOf\":{\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png\",\"datePublished\":\"2026-03-13T14:37:40+00:00\",\"dateModified\":\"2026-04-09T14:40:03+00:00\",\"author\":{\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#\/schema\/person\/2d39647bd98de83dc39bfcf8176c99ad\"},\"breadcrumb\":{\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#primaryimage\",\"url\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png\",\"contentUrl\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png\",\"width\":1140,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Device Security Gap:\\u2028What Companies Don\u2019t Know Is Hurting Them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#website\",\"url\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/\",\"name\":\"Cyber Resilience Conference\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#\/schema\/person\/2d39647bd98de83dc39bfcf8176c99ad\",\"name\":\"brandon\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/heliview.com\/cyber-resilience-belgium\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ade45094df7bb306703bc50dc8391111172a263bacba79a1a085eb3396c1f883?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ade45094df7bb306703bc50dc8391111172a263bacba79a1a085eb3396c1f883?s=96&d=mm&r=g\",\"caption\":\"brandon\"}}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them - Cyber Resilience Conference","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/","og_locale":"en_US","og_type":"article","og_title":"The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them - Cyber Resilience Conference","og_url":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/","og_site_name":"Cyber Resilience Conference","article_publisher":"https:\/\/www.facebook.com\/HeliviewCT","article_published_time":"2026-03-13T14:37:40+00:00","article_modified_time":"2026-04-09T14:40:03+00:00","og_image":[{"width":1140,"height":350,"url":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png","type":"image\/png"}],"author":"brandon","twitter_card":"summary_large_image","twitter_creator":"@HeliviewConf","twitter_site":"@HeliviewConf","twitter_misc":{"Written by":"brandon","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/","url":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/","name":"The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them - Cyber Resilience Conference","isPartOf":{"@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#website"},"primaryImageOfPage":{"@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#primaryimage"},"image":{"@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#primaryimage"},"thumbnailUrl":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png","datePublished":"2026-03-13T14:37:40+00:00","dateModified":"2026-04-09T14:40:03+00:00","author":{"@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#\/schema\/person\/2d39647bd98de83dc39bfcf8176c99ad"},"breadcrumb":{"@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#primaryimage","url":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png","contentUrl":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-content\/uploads\/sites\/56\/2026\/03\/Jouw-alineatekst-1.png","width":1140,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/whitepaper-xfa-what-companies-dont-know-is-hurting-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/heliview.com\/cyber-resilience-belgium\/"},{"@type":"ListItem","position":2,"name":"The Device Security Gap:\u2028What Companies Don\u2019t Know Is Hurting Them"}]},{"@type":"WebSite","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#website","url":"https:\/\/heliview.com\/cyber-resilience-belgium\/","name":"Cyber Resilience Conference","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/heliview.com\/cyber-resilience-belgium\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#\/schema\/person\/2d39647bd98de83dc39bfcf8176c99ad","name":"brandon","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/heliview.com\/cyber-resilience-belgium\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ade45094df7bb306703bc50dc8391111172a263bacba79a1a085eb3396c1f883?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ade45094df7bb306703bc50dc8391111172a263bacba79a1a085eb3396c1f883?s=96&d=mm&r=g","caption":"brandon"}}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts\/8119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/comments?post=8119"}],"version-history":[{"count":4,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts\/8119\/revisions"}],"predecessor-version":[{"id":8192,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/posts\/8119\/revisions\/8192"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/media\/8189"}],"wp:attachment":[{"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/media?parent=8119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/categories?post=8119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/heliview.com\/cyber-resilience-belgium\/wp-json\/wp\/v2\/tags?post=8119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}