Skip to main content
Monthly Archives

August 2015

||||

Syxsense Listed as Top IT Management SaaS Tool for Managing IT in the Cloud

By Awards, News

ALISO VIEJO, CA — (ProfitBricks- Aug 31, 2015) — Syxsense tops ProfitBricks’ current list of the “49 Best IT Management SaaS Tools of the Trade for Managing IT in the Cloud.”

After combing through software reviews, top technology sites, and solicited feedback from support teams, ProfitBricks compiled a list of the best Software as a Service IT management tools available in today’s world of technology.

Seated at the number eight spot, some of Syxsense’s highlighted features include the remote desktop access, zero administration, agentless control and its advanced IT systems management.

To read more, view the entire article on ProfitBricks

[vc_single_image image=”5946″ img_size=”medium” alignment=”center”]
|||

Verismic: Breaking the IT Cycle and Redefining Cloud Management

By News, Patch Management

Deploying an IT management system can be a huge pain for IT administrators. The process can take months as you determine which ports to use, install client software (agents), and make sure everything is communicating the way it should.

But, what if it could all be done in 30 minutes?

That’s what Verismic founder and CEO Ashley Leonard said is the average time it takes to get customers up and running on the company’s Syxsense. This new kind of “CMS” is a modern cloud deployment of an IT management system, a necessary tool in many organizations.

“It’s the natural place for IT management if you think about it, because as more cloud services are implemented within our customer environment, that’s where the management tool should be as well,” Leonard said.

[vc_single_image image=”6321″ img_size=”medium” alignment=”center”]

With cloud delivery, Verismic eliminates the backend. There are no servers to install or databases to maintain, and no patches to install either. Additionally, the client companies don’t have to mess around with installing agents on their individual machines, which helps to reduce the time it takes to deploy the Syxsense.

Joseph Cavallaro, CIO of ARC Excess & Surplus in New York, recently went live with the Verismic CMS product in his company. He said that a modern IT department needs tools that allow it to do more with less.

“Our company keeps growing, with the exception of our department, and we need a tool to manage all of the desktops that doesn’t require standing up a server to manage,” Cavallaro said. “Verismic is that tool.”

Breaking the cycle

Before founding Verismic, Leonard worked with enterprise products in the IT systems management space. While working with client companies, he began to notice a cycle that would occur. First, companies would identify a problem in managing their IT assets, such as dealing with geographically dispersed assets, different operating systems, existing user support, or a variety of security issues.

After purchasing and implementing a product, it would work ok for a while, but eventually it would stop performing the way they needed it to. Vendors would update their software after a couple of years with new versions and patches, thereby requiring the agents be updated too. Servers might not be patched properly, or some of the agents wouldn’t get updated. Eventually, the management solution would degrade.

Verismic started back in 2008 as a PC power management company after Leonard sold his previous company. However, Leonard always had the vision of turning Verismic into more of a complete IT management platform.

Eventually, they took the power management product and moved it to the cloud. Then the Verismic team began building out the product as a full IT management platform to handle issues such as remote control, software distribution, patch management, server monitoring, and inventory asset discovery.

Building the product

The product is run out of Microsoft Azure. They are connected to the master SQL database in Azure, and each customer has a database provisioned within it, but it’s geographically replicated so customers can work with a local geographic version of their data in the Azure cloud so they get quick access times. Leonard said they are trying to take advantage of more of the processing features of Azure as well.

Within the Syxsense, there are discrete disciplines, and Leonard said that patch management is one of the most important disciplines the product provides, as it is a critical thing that IT can focus on. Recently, Verismic launched its Patch Management Service to focus exclusively on that discipline.

Cavallaro said that patch management is one of the key reasons he chose Verismic for his company.

“As the company grows so does the number of desktops and so does the attack surface for viruses, hackers, malware, etc.,” Cavallaro said. “[Keeping] that attack surface patched helps control and limit the exposure.”

Verismic is growing quickly. Leonard said that their average sales cycle is 28 days, and they just closed another round of institutional funding last week. Signal Peak Ventures out of Salt Lake City led the round.

Currently, Verismic has offices in Aliso Viejo, California; Salt Lake City, Utah; the UK, and Australia, and they have a development group in Eastern Europe.

|

Verismic Wins TMCnet Cloud Computing Excellence Award

By Awards, News

Global Software Company Receives Prestigious Award for Its Innovative Syxsense

ALISO VIEJO, CA — (Marketwired – Aug 18, 2015) – Verismic, a global provider of IT management solutions delivered from the cloud, is proud to announce it has won a 2015 Cloud Computing Excellence Award for its innovative Syxsense. Presented by TMCnet’s Cloud Computing Magazine, the Excellence Award honors companies that have most effectively influenced cloud computing by bringing new, differentiated offerings to market.

[vc_single_image image=”6241″ img_size=”medium” alignment=”center”]

Syxsense is a cloud-based solution revolutionizing the way IT professionals engage in endpoint device management. Syxsense uses best-in-class agentless technology, requires only a web browser to deploy and can easily and quickly scale up to as many as 35,000 endpoints within an enterprise.

Presented on August 14, 2015, in Norwalk, Connecticut, these awards are regarded as some of the most prestigious and respected honors in the communications and technology sector worldwide. Winners represent prominent players in the market who consistently demonstrate the advancement of technologies. Each recipient is a verifiable leader in the marketplace.

“It is especially gratifying to have Verismic’s Syxsense receive this prestigious recognition before we celebrate its first anniversary on the market,” says Verismic President and CEO Ashley Leonard, the technology entrepreneur behind groundbreaking solutions that have garnered prestigious recognition and numerous awards since the company’s founding in 2012. “Awards like the Cloud Computing Excellence Award encourage us to confidently move forward and conscientiously innovate for the greater good of the cloud computing market.”

Verismic’s CMS has also been named the Gold Winner for Most Innovative IT Software in the 10th Annual IT World Awards by Network Products Guide, the Top Innovator at the coveted Association for Corporate Growth Awards and the Most Innovative Product at the Best in Biz 2014 awards.

For more information about Verismic’s innovative and award-winning Syxsense, visit www.syxsense.com.

ABOUT VERISMIC: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense; Power Manager; Software Packaging and Password Reset. For more information, visit www.verismic.com.

[vc_single_image image=”4711″ img_size=”medium” alignment=”center”]
|||

Patch as Quickly as Possible

By News, Patch Management

Microsoft Releases MS15-093 Out Of Band Patch For IE

Microsoft released security bulletin MS15-093 for all supported releases of Internet Explorer with a severity rating of Critical. This security update is released outside of the usual monthly security bulletin release cycle in an effort to protect your environment.

The description of this update is available here: MS15-093 Description

[vc_single_image image=”6550″ img_size=”medium” alignment=”center”]

MS15-093 modifies the way that Internet Explorer handles objects in memory to close the discovered security hole. It is recommended that this vulnerability be applied as a matter of urgency. Microsoft rarely releases out-of-band patches and the urgent nature could suggest that more attacks may be on their way, said Qualys CTO Wolfgang Kandek.

Now that the vulnerability is disclosed we expect the attack code to spread widely and get integrated into exploit kits and attack frameworks,” said Kandek in an e-mailed comment. “Patch as quickly as possible.”

The security update comes just one week after Microsoft released its scheduled August patch releases which included a cumulative update for all versions of Internet Explorer. Verismic are unsure why Microsoft didn’t include today’s update with last week’s Patch Tuesday updates.

The SANS Internet Storm Centre forum has a post up for this patch. We recommend keeping a close eye on this for real time updates as they occur.

Windows 10 Groundhog Day: August Patch Tuesday

By News, Patch Management, Patch Tuesday

Could it be groundhog day for Windows 10 users? Reports are surfacing of a rouge update causing Windows 10 devices to get stuck in a continual reboot, rebooting over & over again. Although Windows 10 was not expected to be a candidate for this month’s patch Tuesday, there are some reported issues already in the field. Any update you apply to this new Operating System should still pass through your structured test plan before installing on live systems. Issues like stuck reboots should never happen even in a basic test cycle. With Windows 10 being so new, it is highly likely many IT departments are not yet ready to begin troubleshooting issues and many may simply revert to rebuilding broken systems from scratch.

[vc_single_image image=”6018″ alignment=”center”]

This release of updates consists of 14 patch bulletins (4 critical and 10 important) which resolve close to 60 separate vulnerabilities, impacting a lot of the Microsoft real estate including a rare appearance of System Centre Operations Manager. The usual suspects of Windows, Internet Explorer, Office, RDP and .NET Framework make up the bulk of the rest. We also see for the first time Microsoft replacement for Internet Explorer – Edge.

Overall, this patch Tuesday is a fairly light release. If you have not yet designed your release strategy, you may want to take this time to refine your processes in the hope that next month’s patch Tuesday is as light as last years which contained only 4 patch bulletins.

All content from the following table will be added into the Syxsense subscription shortly. We will be recommending our patch management as a service (PMAAS) clients consider the following updates for their remediation cycle this month as a priority; MS15-079, MS15-080, MS15-081 and MS15-091 by combining the vendor severity, the independent CVSS score and their current exposure. The most important update in this release in our opinion is MS15-081 due to the CVSS score of 9.3 and with active exploits already being reported will likely impact our customers the most.

The independent CVSS scores range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Patch Number Executive Summary Vulnerability Type Vendor Severity CVSS Score
MS15-079 Cumulative Security Update for Internet Explorer (3082442)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Remote Code Execution Critical 9.3
MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.
Remote Code Execution Critical 9.3
MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Remote Code Execution Critical 9.3
MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Remote Code Execution Important 9.3
MS15-083 Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.
Remote Code Execution Important 8.5
MS15-084 Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.
Information Disclosure Important 4.3
MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it.
Elevation of Privilege Important 7.2
MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
Elevation of Privilege Important 4.3
MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.
Elevation of Privilege Important 4.3
MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.
Information Disclosure Important 1.2
MS15-089 Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.
Information Disclosure Important 4.3
MS15-090 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.
Elevation of Privilege Important 9.3
MS15-091 Cumulative Security Update for Microsoft Edge (3084525)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Remote Code Execution Critical 9.3
MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
Elevation of Privilege Important 9.3