What happened
Antwerp-based cybersecurity startup XFA has secured €1.5 million in Seed funding to scale its platform aimed at closing a critical device security gap in modern workplaces. The round was led by ScaleFund (Belgium) and Curiosity (the Netherlands), with participation from PMV, Seeder Fund, and angel investors under Investee. XFA’s solution is designed to discover all workplace devices and verify their security without relying on traditional invasive management systems.
Who is affected
Organizations with hybrid and remote work environments are directly in scope. Research cited by XFA suggests traditional device management covers only about 40% of used devices, leaving the remaining 60% (such as BYOD, unmanaged, or freelance hardware) unmonitored and vulnerable. Enterprises across Europe, North America, and Asia currently use or are evaluating solutions addressing this coverage gap.
Why CISOs should care
For CISOs, unmanaged devices represent a persistent attack surface blind spot, especially as flexible and AI-native work environments become mainstream. Reliance on conventional Mobile Device Management (MDM) approaches can miss devices and burden IT teams, exposing organizations to outdated or insecure endpoints at login. A privacy-first verification model like XFA’s may offer a complementary path toward full device visibility and stronger access controls without compromising user experience.
3 practical actions
- Assess unmanaged device risk: Inventory all endpoints accessing corporate resources, including BYOD and contractor hardware, to quantify coverage gaps in your current device security strategy.
- Evaluate non-MDM verification tools: Consider technologies that verify security posture at login without invasive controls, as part of a layered endpoint trust model.
- Align with compliance frameworks: Ensure any new device security solution can export attestations and evidence for ISO 27001, SOC 2, NIS2, and similar standards to support audits and governance.