Skip to main content
Monthly Archives

April 2020

||||White Laptop with Syxsense

RDP Brute-Force Attacks Increase Since the Start of COVID-19

By Blog

RDP Brute-Force Attacks Increase Since the Start of COVID-19

According to recent reports, the number of brute-force attacks targeting RDP endpoints has increased rapidly since the start of the COVID-19 outbreak.

The Rise of RDP Exposure

According to recent reports, the number of brute-force attacks focused on Remote Desktop Protocol (RDP) endpoints has dramatically increased since the start of the COVID-19 pandemic.

As countries implemented quarantines and stay-at-home orders, more companies started deploying RDP systems online. This resulted in a 41.5% increase in “the number of devices exposing RDP to the internet via RDP’s default TCP port 3389.”

More RDP Brute-Force Attacks

Attackers continually rely on brute-force attacks to obtain credentials that have remote desktop access. As more remote workers connected to the corporate network in recent months, the attack surface for cybercriminals became wide open.

“Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet,” said Dmitry Galov at Kaspersky.

RDP endpoints have been heavily target among ransomware attackers. Notably, 2019 gave rise to the infamous BlueKeep vulnerability, which allowed attackers to remotely take control of an unpatched connected device.

That’s why it’s critical for businesses to adopt security measures to protect themselves when using RDP, as well as other potential attack vectors.

How Syxsense Combats Brute-Force Attacks

Attackers and RDP vulnerabilities are no match when you have vulnerability scanning with Syxsense on your side.

Syxsense helps you reduce the likelihood of brute-force success by knowing about weak passwords and sub-standard user account policies.

Keep your environment locked down with our Policy Compliance scripts:
  • Brute-force attacks occur when you endlessly try passwords
  • When you have at home devices in a network with other none corporate devices
  • Password set to any of the standard easily hacked passwords like “Password”
  • Passwords Unchanged: Are accounts used with unchanged passwords? Simple passed or passwords which have not been changed are a high risk
  • User Login Analytics: Has an account not been logged in within a reasonable period of time?
  • Users Never Used: Has an account never been used? Accounts which are never used are often planted for later “Zero-Day” attacks
  • Password Never Expires: Has an account been set to never expire?
  • Password Not Required: Blank passwords are the easiest to hack
  • Administrator Account in Use: Has the recommended policy of renaming the Administrator account been actioned?
  • Multiple Login Attempts: Multiple login attempts provide trace evidence of a “brute-force attack”

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||||||||||

Whitepaper: Why You Will Replace Microsoft SCCM

By Patch Management

Whitepaper: Why You Will Replace Microsoft SCCM

When you’re ready to replace Microsoft SCCM, you should know exactly what to look for in an endpoint management solution.

The Solution Replacement Cycle

We have spent more than a decade helping IT organizations install and maintain their endpoint management solutions.

Over time, we noticed an unfortunate pattern: many companies were stuck in an endless cycle of replacing their IT solutions every few years.

This never-ending replacement cycle is not just expensive and time consuming for the IT organization, it also creates IT quality issues, negatively impacting business results.

While no one purposely sets out to follow this path, many companies find themselves in this situation. We took a closer look at the underlying causes to see if there was a way to break the cycle.

Whitepaper

Why You Will Replace Microsoft SCCM

This whitepaper will help you spot the six big problems that could lead you toward endpoint management failure. When you’re ready to replace SCCM, you’ll know exactly what to look for in an IT solution for your business.

Download PDF Guide

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Why RDP Vulnerabilities Need Your Attention

By Blog

Why RDP Vulnerabilities Need Your Attention

With a history of security holes, Remote Desktop Protocol (RDP) is being used more than ever by remote users. How can IT departments manage the risks?

Remote Work Has Changed the IT Landscape

As more employees are forced to work from home due to COVID-19, there is a heightened need for tools and checks to ensure remote devices are properly secured.

The current situation has certainly rocked the foundation for how businesses function and how IT departments are able to respond. Not only are there endpoints and servers left on-premise that may be sitting idle, waiting for an attacker to come along, but sending massive fleets home to unknown territory and networks opens up a whole new can of worms.

How RDP Puts You at Risk

One vulnerability that has been plaguing the industry for over a decade, Remote Desktop Protocol (RDP) is being used more than ever to allow remote workers back into the corporate network.

In late March 2020, after most non-essential businesses were forced to send workers home, search engine Shodan reported a 41.5% spike in “the number of devices exposing RDP to the internet via RDP’s default TCP port 3389.”

This protocol has seen its fair share of security holes and hardship since the beginning. Most notably, 2019 gave rise to a vulnerability known as BlueKeep that could allow attackers to remotely take control of an unpatched connected device. Further, attackers continually rely on brute force attacks to attempt to obtain credentials that have remote desktop access.

If successful, the attackers can gain access to remote workstations and servers that the accounts are authorized for. Organizations need to adopt adequate security measures to proactively protect themselves when using RDP, as well as other potential attack vectors.

Preventing RDP Exploits and Vulnerabilities

How can IT departments accurately check to make sure RDP is checked, as well as other potential security holes? The answer is simple: use a vulnerability scanner.

RDP is just one piece of the puzzle—a popular one, no doubt, but there are other flaws to look out for. Backdoors, crypto mining, peer-to-peer applications, open ports, SNMP, and even the configured Windows policies. All must be checked routinely for potential misconfiguration or susceptibility. Now that employees are working from the couch with a corporate device, or even their own, the need for heightened security has never been greater.

Use Syxsense to Manage and Secure Your Environment

Syxsense Secure offers a thorough definitions library so that devices on or off-premise can be securely checked for any of these popular vulnerabilities. Contrary to most conventional vulnerability scanners that must be stood-up on-premise with new or existing hardware, licensing, and corporate firewall rules.

Additionally, Syxsense Secure includes Syxsense Manage, where patch management comes standard. Conventional tools fall short due to the lack of any remediation capabilities as well as rudimentary patch definitions. Once devices are checked, exportable reports can easily be emailed on set schedules so that newly-discovered vulnerabilities can easily be identified and sent to the proper parties, whether in-house or third-party.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

The Real Costs of WSUS

By Patch Management

The Real Costs of WSUS

Although WSUS comes with Windows, it isn't necessarily free. Consider the hidden expenses and headaches that come along with Microsoft's tool when managing your environment.

Is WSUS Actually Worth It?

“Why should I pay for an IT management tool? I get WSUS for free with Windows!”

While WSUS might come with Windows, it is certainly not free—there are hidden expenses to consider.

Looking at the number of hours wasted and additional software needed to fully manage your environments, WSUS comes out as more expensive than any paid-for IT management software.

According to analysis by Tolly, using WSUS requires an average of 2,454 hours of labor per year. With an assumed IT labor rate of $50/hour, that’s $122,700 a year! Then you have to factor in the management of servers, Mac devices, Linux devices, and third-party software.

Why Syxsense is the Better Choice

Spending so many resources on only updating your Windows OS is a dramatic waste of the time your IT team could spend on more critical or interesting projects.

Implementing a solution, such as Syxsense, will simplify your deployment process. From a single browser Syxsense can manage PCs, Macs, and Linux devices, as well as devices inside and outside the network. You can also deploy third-party software, track task status, generate reports, and more. You can manage and secure everything, everywhere, all from the cloud.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patch management and vulnerability scanning.

With an IT management solution like this, you save money. The cost of the software is offset by the time and resources reallocated into IT projects that improve your company.

Proactively Protect Your Organization

It’s important to get the most out of your investment, and in this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||||||

Can You Trust Your Vulnerability Report?

By Patch Management

Can You Trust Your Vulnerability Report?

Vulnerability reporting is critical, but not every patch management tool provides data you can rely on. Compare Microsoft ‘WSUS’ and Nessus to Syxsense.

IT Reporting Isn’t Always Accurate

If you have yearly governance audits, you know how stressful it can be when your patch management tool provides inaccurate reports or evidence that auditors can use to fail your accreditation. Let’s explore several industry standards to compare the results of the toolset against the devices themselves, to see if there are conflicts or discrepancies—something you should know before your audit.

We will base our accreditation on an industry standard of PCI/DSS compliance. Any company which processes credit card information should conform to a level of PCI/DSS. The different levels of PCI/DSS are dependent on the size of the business or transactions processed by that business yearly.

Another critical thing to note—if a data breach occurs, the amount of compensation paid in the form of fines vary dramatically on that level. This is why companies that process billions of transactions a year must attain the highest level of PCI/DSS to safeguard their business.

Evaluating WSUS and Nessus Reporting

The two well-known patch management tools we will use in this review are Microsoft ‘WSUS’ and Nessus. Nessus uses the Tenable detection engine and is know as one of the industry “go to” tools for audit software.

We have a device installed with Windows 10 Enterprise (1903) and Windows Server 2012 R2, and several updates are needed on both systems. To create a baseline for comparison, we have used Syxsense to deploy all updates missing to the device, and have rebooted multiple times to ensure all updates have taken.

Windows 10 Enterprise | Feature Update 1903

1. Syxsense records no updates are needed.

2. Next we performed a full scan of the device using Nessus which uses the Tenable detection engine.

Nessus reports two updates are needed.

3. We did the same for WSUS and performed a full scan.

WSUS reports everything is up to date.

Windows Server 2012 R2

1. Syxsense records no updates are needed.

2. Next we performed a full scan of the device using Nessus which uses the Tenable detection engine.

Nessus reports a huge host of updates are needed.

3. We did the same for WSUS and performed a full scan.

WSUS reports only 1 update is needed.

4. We downloaded the binary from the Microsoft site and tried to install it manually.  You can see from the screen shot that the update reported by WSUS was not actually needed.

Manually running the patch binary.

Examining the Results

We are most surprised that the patch management toolset, known globally as one of the best and most accurate detection toolsets, provided the most false positives against WSUS and Syxsense. If our customers were using this toolset alone, we can only imagine what issues they would have using these reports as evidence of compliance against PCI/DSS.

What should concern anyone using WSUS for their compliance needs is that WSUS reported an update was needed, but could not even be installed manually.

Many tools do not detect or correctly report patch supersedence (which is when a new patch makes the need for an old patch obsolete) and are showing that superceded patches are required and devices are non-compliant or vulnerable even though they are in-fact fully patched and complaint.

Can you imagine failing a PCI/DSS because of vulnerabilities which you were not even vulnerable for?

Leverage Syxsense Vulnerability Reporting

Over the few tests conducted, Syxsense proved to be the most consistently reliable at detecting the updates needed. If you are not using Syxsense for your vulnerability reporting, we recommend using multiple patch management toolsets to compare multiple sources. However, the penalty for failure for any breach could cost millions of dollars.

Additionally, Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patch management and vulnerability scanning.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft’s April Patch Tuesday Tackles 113 Updates

By Patch Management, Patch Tuesday

Microsoft’s April Patch Tuesday Tackles 113 Updates

Microsoft issued 113 fixes in this month's massive Patch Tuesday update. It's the first big patch release of the new work-from-home era.

April Patch Tuesday Arrives with Huge Batch of Updates

Microsoft Patch Tuesday has officially arrived with 115 new patches for the unprecedented work-from-home climate amid the coronavirus outbreak.

There are 17 critical updates with the remaining 96 marked as important. Support for Windows 7 and Windows Server 2008 (including R2) ended in January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

For the previous three months, there has been over 100 updates per month. on average—that’s almost 2GB per device per month. Now is the time to start building a patching strategy that does not depend on a VPN or patching in line of sight of your servers.

Users who are now working from home are more vulnerable than ever.

Largest Number of Weaponized Bugs This Year

Weaponized bugs use vulnerabilities to actively exploit security loopholes in the OS to infect your environment with ransomware or steal data. In this month’s release, we have seen the highest number of weaponized vulnerabilities fixed.

These should all be considered zero-day vulnerabilities, and we recommend they be remediated as quickly as possible.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

|

Watch the Webcast: Securing Work-From-Home Devices

By News

Watch the Webcast: 5 Strategies for Securing Work-From-Home Devices

As many organizations navigate the realities of remote work, our webcast shows how to get a clear understanding of how vulnerable your work-from-home devices are to attack.

Reduce Your Attack Surface from Home

Whether you are heading into week two or three of COVID-19 isolation, your IT landscape has undoubtedly changed.

Our webcast explores the best way to get a clear understanding of how vulnerable your work-from-home devices are to attack. Explore the top five strategies to harden devices, reduce your attack surface, and find peace of mind.

We’re bringing industry-leading IT management and security strategies right to your desk. Our webinar covers:

  • Setting up security scans—because patch scans only do half the job
  • Using security scanning results to block brute force attacks
  • Confirming antivirus is installed, running, and definitions are updated
  • Quarantining and troubleshooting a device you suspect has been breached
  • Checking and deploying patches for zero-day vulnerabilities

View the Webcast

5 Strategies for Securing Work-From-Home Devices

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Zoom Rushes Patches for Two Zero-Day Flaws

By Blog

Zoom Rushes Patches for Two Zero-Day Flaws

With the huge influx of remote workers, Zoom's zero-day vulnerabilities couldn't come at a worse time for the web conferencing platform and IT professionals.

Zoom Vulnerabilities Give Attackers Full Control Over Computers

With most staff now working from home, any zero-day vulnerability impacting business critical telephone and conference software would be an absolute nightmare for IT professionals—and this is exactly what happened.

An ex-NSA hacker, Patrick Wardle, identified and disclosed two vulnerabilities to Zoom. Once exploited, the attacker can gain and maintain persistent access to the innards of a victim’s computer, allowing them to install malware, spyware, or gain access to the victims’ microphone and camera.

“Given Zoom’s privacy and security track record this should surprise absolutely zero people,” Wardle said in a blog post this week.

Use Syxsense to Stay Secure

You can find the latest version of Zoom available in your Syxsense console. As companies experience a 40% increase in cyberattacks with remote working, there’s never been a better time to enhance your patching and security strategy.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patch management and vulnerability scanning.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo