Skip to main content
Monthly Archives

December 2022

Cyber Insurance Rates Climb & Refusals Multiply

By Blog

The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.  

Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times. 

While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).  

The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages. 

Tough Requirements  

The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.  

 

Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal. 

Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.  

Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.  

Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.  

Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.  

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
ransomware

DDoS Eclipses Ransomware as a Major Threat

By Blog

A recent Threat Pulse research report from NCC Group found that the highest number of Distributed Denial of Service (DDoS) incidents between January and September 2022 took place in the month of September. This represented a 14% increase and a total of 2,090 DDoS attacks. Ransomware attacks, meanwhile, were down 7% from the previous month with Lockbit 3.0 (30%), Black Basta (13.3%), and BlackCat (12.8%) remaining the most prevalent threat actors. Lockbit has been the most active group for every month of the year.  

Sector-wise, all areas experienced a high volume of attacks. But Industrials (34%) were the most attacked vertical, followed by Consumer Cyclicals (18%), Healthcare (10%), and Technology (8.5%). The geographical distribution of attacks showed no surprises: North America suffered 84 attacks (45%), making it the most targeted region. Europe was next with 27%, then Asia with 14%. 

Interestingly, ransomware attacks overall were found to be 50% lower than a year before. It seems likely, therefore that 2021 will remain the highest year on record – unless there is an unprecedented upsurge in ransomware to end the year.  

Shift of Tactics  

Make no mistake. Ransomware remains a potent threat. But stepped-up law enforcement efforts, better international legal collaboration, and organizations deploying a raft of ransomware protection solutions probably combined to lessen its impact.  

The bad guys may be criminals, but they are not fools. They know what is going on. Thus, they have adjusted their tactics by increasing the volume of DDoS and launching more targeted ransomware campaigns. More than likely, 2021 was a freak year. Due to the success of ransomware in 2020, just about everyone among the cybercriminal gangs decided to get in on the act. Entire cybercrime supply chains formed up to facilitate ransomware. Lots of little outfits would probe enterprises for weaknesses. They would get a finder’s fee for passing on the details of a ripe target. More organized groups would then execute the ransomware attack and seek to collect the funds. Ransomware as a Service, too, emerged. Criminal developers created kits that could be sold to people with little or no computing experience. These developers got a cut of every successful extortion scheme.  

But the unprecedented funds raised through ransomware let to a glut in the market in 2021. Hence, the downturn in 2022. That doesn’t mean ransomware will go away. It is expected to remain an important part of the cybercrime toolkit for some time to come. But stronger defences against it mean that the bad guys will turn to tried and tested means of breaking into enterprise IT systems.  

They will scan networks looking for server, website, operating system (OS) and application vulnerabilities. They will scour the web for unpatched systems. When they find them, they will exploit them relentlessly. Bad actors know that items on the Common Exposure and Vulnerabilities (CVE) list remain weak spots in many organizations. Despite these threats being publicized broadly and patches and remediation steps being clearly laid out, a great many organizations fail to act. There are many cases on record of vulnerabilities remaining unremedied years after the issuance of a patch. We have known about Log4j, for example, for a year now yet it is still being exploited. Similarly, the Heartbleed exploit from 2014 remains something that the bad guys can exploit in some businesses.  

Syxsense Protection 

Syxsense Enterprise offers comprehensive vulnerability management, remediation, and patch management. It intelligently distributes patches with the click of a button without tying up bandwidth across the enterprise. It does this automatically, using technology that is designed to send software and patches across the wire once, using peer-to-peer within the network for local distribution.  

Further features include:  

  • Patch supersedence addresses the fact that vendors sometimes include older updates in current patches. Therefore, if a company is deploying patches sequentially, it can place the new patch at the end of the queue and not deploy it immediately while it takes care of the oldest patches. However, the new patch a) may be higher priority, and b) includes the old patch in any case. The patch supersedence features of Syxsense would deploy the new patch and not the old one.  
  • Patch Roll Back: The last thing you want is for an update to cause incompatibilities in other systems. That’s why software vendors and IT departments conduct testing to ensure patches are benign. But despite the precautions, faulty patches can occasionally happen. Syxsense includes a patch roll back feature that allows you to return your systems to the state that existed before the implementation of the new patch.  
  • Testing and release within three hours: Hackers and cybercriminals move fast. There is no time to lose in installing patches. Within a couple of hours of a patch being released, Syxsense has tested it, validated it, and has it ready for distribution.  
  • Automation: With hundreds or even thousands of endpoints to manage, manual patch distribution is too slow. Syxsense is fully automated to ensure critical patches are implemented right away. There is no need to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The API Insecurity Challenge

By Blog

Application Programming Interfaces (APIs) have become ubiquitous in IT. There are now more than 400 billion API calls per month. They enable applications to interact and systems to connect with external services.  

Think about the many layers of the networking stack. It begins with the physical layer and then there are additional layers dealing with different aspects of computing and interaction. Above them all are the APIs. They usually harness the HTTPS protocol to communicate or relay requests and responses. Thus, APIs are the glue that bring software elements together. In the cloud, they connect the client and the provider.  

But popularity usually creates other problems. Nobody bothered much with malware for Apple platforms until the company rose to dominance in the 2000s. Until then, almost all viruses were squarely aimed at Windows as it accounted for an overwhelming majority of all PCs and laptops. Once you reach a certain size or level of market penetration, though, cybercriminals are likely to take notice. In the case of APIs, getting close to half a trillion calls a month certainly warrants attention.  

The State of API Security  

API security has not been a topic of lengthy conversation until recently. APIs were thought of as something happening in the background – a relatively minor aspect of overall IT infrastructure. Due to their lack of stature, they haven’t received the attention they deserve from developers with regard to overall security.  

In some ways, this isn’t too dissimilar to the way applications were developed. Until quite recently, developers created their apps and then security features or patches were added after the fact. It has only been in the last few years with rampant data breaches and ransomware that we have seen the appearance of DevSecOps and other movements that aim to make applications more secure from the very early stages of their creation. The goal is to bake in security rather than cobble it on at a later point once use in the real world exposes its vulnerabilities.  

APIs have been late to the party. They have been somewhat neglected as a potential weak point in organizational defenses. And the bad guys are onto it.  

APIs, after all, are what expose services to the outside world. And they can be compromised. Common problems include vulnerabilities within the APIs themselves, misconfiguration issues, lax access controls that allow APIs to share too much information, personally identifiable information (PII) being exposed via APIs, and in general, not getting APIs enough attention from security tools. No wonder hackers have learned different ways they can use to exploit insecure APIs as a means of compromising systems or stealing data.  

 

Safeguarding APIs  

There are several steps that organizations should take to safeguard the APIs they utilize:  

  1. Add API security best practices to internal development efforts so you don’t perpetuate the API insecurity challenge.  
  2. Inventory all APIs in use: Due to the prevalence of APIs in just about every aspect of IT operations, few organizations have a good idea of the many ways their applications are touched by APIs. What is needed is a complete API inventory. Only by possessing such an inventory does it becomes possible to spot misconfigured, insecure, or unprotected APIs.  
  3. Reveal how access controls interact with APIs to determine whether they reveal too much information by inspecting API gateways and the micro-services involved.  
  4. Ensure APIs are configured to prevent exposure of PII and to prevent violations of the many privacy regulations that apply.  
  5. Monitor how APIs are consumed to detect abnormal behavior or potential abuse.  
  6. Adopt sensible safeguards to keep the organization secure such as mobile device management, patch management, and vulnerability management.  

Syxsense Enterprise delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. Unusual activities originating from API insecurity can be spotted quickly and dealt with. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices. 

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cuba ransomware

Cuba Ransomware: What is it?

By Blog

Security is always in principle a conversation of trust. Do you trust the vendors providing your company with products and services? This is a question which every company should be continually evaluating and reevaluating as part of their ongoing security posture maintenance.  

Microsoft is the latest example of a company providing trust to entities, wherein that trust was abused, through no major fault of their own. As early as August 2022, a small set of accounts within Microsoft’s Hardware Developer platform began using their trusted authority to sign drivers which contained malicious code. The payload of this code has been found to effectively disable security platforms on an endpoint basis. With the endpoint security tools disabled, malware payloads can then propagate freely across an enterprise network, preparing for, and then executing on a set of commands which cryptographically lock down the contents of end user devices. The originator of the malware then sends a trigger sequence, turning the lock on the encryption mechanism, removing access to the end user, then presenting them with a ransomware demand. This ransomware has been named Cuba, after the cyber-crime organization (not related to the nation of Cuba) responsible for its dissemination.  

Malicious drivers are traditionally classified as trojan horse attacks. An end user experiences a problem with their computer. To solve the problem, they search the internet for an answer, and click a link providing a download which promises to fix a malfunctioning driver causing the original problem. Once installed, that driver then executes code providing unapproved access to the device.  

But the Cuba Ransomware is more sophisticated. Rather than relying on an end user going outside of the traditional support channels for help, the Cuba Ransomware relies on a supply chain breach, using a reasonably assumed trust which most companies give to one of the world’s largest software vendors, Microsoft, to provide their payload. They were able to do this by utilizing signing certificates stolen as part of the Lapsus$ group’s targeted attack of Nvidia back in February. These same leaked signing certificates were never removed from Microsoft’s Hardware Developer Program and were therefore available for Cuba to use in their supply chain attack.  

To read the full Cybersecurity Advisory on Cuba Ransomware released by CISA, click here.

Why You Should Care 

In the context of the Cuba ransomware event, your company can do everything correctly and still be a victim by simply installing recommended drivers from Microsoft (which is a perfectly reasonable thing to do). This is why supply chain attacks are so powerful.   

As of the writing of this article, Microsoft has removed the fraudulently signed drivers, and the accounts responsible for signing them within their Hardware Developer Program.  If no one in your organization has performed any kernel driver updates within the last few months, then this attack may not be relevant to your organization. That said, the number of companies that can definitively say that they have not performed kernel driver updates within the last 6 months is vanishingly small. Again, this is the power of supply chain attacks. That being the case, it is safe to assume that there is a non-trivial chance that your organization has had the Cuba Ransomware driver compromise imbedded somewhere in your environment.  

To their credit, Microsoft has added the affected kernel driver versions to their blacklist, which helps ensure that these malicious drivers don’t end up on your devices in the future, and existing versions are now being removed as part of standard OS patching. But, for those environments still affected, the Cuba Ransomware group has a potentially viable link into your environment which they can use to inflict severe damage to your company.  

And Cuba has been busy.  

According to the United States Cybersecurity and Infrastructure Security Agency (CISA), the Cuba Ransomware group has successfully disrupted operations at 101 organizations since August 2022, 65 of which are within the United States. From these 101 organizations, the Cuba Ransomware Group has extracted $60,000,000 dollars in extortion payments.   

How Syxsense can Help 

Syxsense can help keep your organization safe from this supply chain attack in two distinct ways. First, our vulnerability scanning tool can alert your team to existing possible Cuba related breaches using a process called indicator of compromise detection (IoC). IoC detections are small scripts that analyze configuration files, device driver versions, and other aspects of a device’s operating system to see if the OS matches a known state associated with the supply chain attack. Using these IoC’s your organization can then determine if the Cuba ransomware attack is a relevant concern to your organization.  

Additionally, Syxsense can also facilitate the standard deployment of Microsoft patches, ensuring that the latest set of patch Tuesday updates are applied to your environment universally.  

Between these two mechanisms, your organization can have confidence that the Cuba ransomware is not currently present in your environment, and that the ransomware won’t be present in the future.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

December Patch Tuesday Update 2022

By Patch Management, Patch Tuesday, Webinars

Watch our December Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft releases 98 fixes this month including 11 Critical, one Public Aware and one Weaponised Threat

There are 11 Rated Critical and 87 are rated Important. Microsoft Windows, Office, NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components and Microsoft Exchange Server have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We are starting the year with almost 100 bugs being fixed. Last month in December there were no Preview updates available, which means Microsoft would not have had the same level of testing they would usually would have liked, so we recommend taking the first deployment of this year as carefully as possible — additional internal testing should be conducted to ensure your end users do not suffer. You will also notice 14 (fourteen) 3D Builder Remote Code Execution Vulnerability fixes have been added to the release notes; however, Microsoft has yet to release the fixes for them so keep an eye on these, as they could indicate problems with testing.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This vulnerability has a large coverage of the Microsoft operating system estate from Windows 8.1 to Windows 11 on workstations and Windows 2012 R2 to 2022 20H2 on servers. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. Combined with both being actively exploited and having a Jump Point, this should be your number 1 priority.

Note: The vulnerability is Weaponised and has a Jump Point

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: Yes
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: None
User Interaction: Required
Scope (Jump Point): Changed / Yes

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability

Although Microsoft states this vulnerability is less likely to be used in an attack, the exact steps to follow to exploit this vulnerability can be found on the internet. If that could happen, an attacker could execute RPC functions that are restricted to privileged accounts only hence the CVSS score of 8.8.

Note: The vulnerability is Public Aware

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: No
Public Aware: Yes
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Unchanged / No

CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. The AppContainer environment is considered a defensible security boundary therefore any process that can bypass the boundary is considered a change in Scope (what we call a Jump Point). The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Note: The vulnerability has a Jump Point

Syxscore
Vendor Severity: Critical
CVSS: 8.8
Weaponised: No
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Local
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Changed / Yes

Syxsense Cortex Workflows are being set up to remediate all of January’s patches with the click of a button.

If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.

Microsoft’s January Patch Tuesday Fixes

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Additional Information
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes No Scope = Changed / Jump Point = True
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No No An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No No Scope = Changed / Jump Point = True
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21543 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21546 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21555 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21556 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21679 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21535 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21548 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Identified by Microsoft Offensive Research and Security Engineering (MORSE).
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Exploitation More Likely
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No No Exploitation More Likely
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No No
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21757 Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21728 Windows Net logon Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No No
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No No
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No No Exploitation More Likely
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No No
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 5.3 No No No Exploitation More Likely
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.3 No No No
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No No
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No No An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cybersecurity

Cybersecurity Job Crisis Worsens 

By Blog

It has become increasingly apparent in recent years that more cybersecurity professionals are needed urgently. But the pace at which new people are trained is tortoise-like in comparison to the hare-like pace of cybercrime. And unlike the popular children’s story, the tortoise isn’t likely to win over a longer race. The bad guys show no signs of slowing down and appear to have the stamina to maintain the speed of malware distribution, or even accelerate it.  

But the shortage of security workers isn’t going to abate anytime soon. There are currently more than 1.1 million working in cybersecurity in the US. that may seem impressive. Yet there are currently more than 750,000 job openings with many of them unlikely to be filled for some time to come.  

Understandably, there are a great many industry initiatives ongoing to combat this staffing crisis. The White House launched a National Apprenticeship Week in November along with various supporting programs. The InfoSec Institute has stepped up its efforts to train a new workforce and reskill existing workers. These efforts aim to change alarming trends in the talent pipeline.  

For example,  computer science is being studied by 5.6% of high school students despite being offered by more than half of all U.S. high schools. We need state and local governments to incentivize schools to further incorporate (and even mandate) computer science courses. By doing so, more young people will possess a baseline of tech competencies, bolstering talent pipelines. 5.6% may be shockingly bad, yet it is up from 4.7% only a year ago. Clearly, progress is being made, but not at the speed necessary to fill the cyber-skills chasm.  

Further efforts include the development of industry career paths that go beyond the traditional focus of degrees. This includes Community College programs and training people on industry credentials to take up entry level positions in cybersecurity.  

Hiring practices, too, are being asked to change their usual requirements. Almost every entry-level position in cybersecurity demands a degree in IT or security. Many also ask for certifications and several years of experience. With the current job shortage, setting the bar much too high may be one big reason for lack of applicants. The fight over unicorn candidates is one ramification of this. While bidding wars go on for a select few highly qualified and experienced individuals, the industry has a dearth of promising newcomers. It could be likened to all NBA teams fighting over one superstar such as Lebron James and utterly neglecting any other standard player recruitment practices and largely ignoring new draft picks.  

The Applicant Tracking Systems (ATS) used by HR may also be contributing to the problem. These systems work primarily based on certain parameters and keywords. If someone doesn’t have X degree, or Y certificate, they are automatically excluded. Their resume is never viewed by human eyes. If they have no experience in the workforce, ATS disqualifies them. Yet sitting there might be a diamond in the rough. Should anyone take the time to peruse the resume, they would discover that the person has been developing applications since they were 10 years old, or won an award at a Black Hat conference as a teenager.  

Additional actions being encouraged are continuous training of IT staff in security and other parts of the workforce. The more certifications that existing staff obtain, the better off the industry as a whole becomes.  

Automation  

These efforts are all laudable and vitally necessary. But it becomes increasingly apparent with each passing day. That the world of security will have to get used to doing far more with far fewer people. That is where automation comes in. IT security can no longer consist of manually intensive labor or troubleshooting actions that consume hour after hour trawling through logs in an attempt to find a cybercriminal needle in the infrastructural haystack.  

Nor is it appropriate to rely on veteran staffers to gaze solve all our cybersecurity woes. Granted, there are some superstars out there who have an intuitive ability to zero in on the root cause of security issues. But dependence on the few only plays into the hands of the criminal fringe. These talented individuals may soon be up for retirement. They are likely to be headhunted by other organizations overly focused on attracting unicorns. In any cases, as IT and multi-cloud environments grow in size and complexity, there are just too many inputs, too many logs, and too many workloads to manage security threats manually.  

It takes end-to-end automation to take care of modern IT security. Such automation not only encompasses detection of potential issues. It must also address remediation. Syxsense provides security services that automatically take care of functions such as endpoint management, mobile device management, patch management, vulnerability scanning, and remediation. In patch management, for example, Syxsense guarantees to test and critical patches within four hours of their release. It automatically deploys patches based on a priority system to safeguard all organizational systems and devices by providing the correct updates and patches. And it provides end-to-end integrated automation a cross its suite of endpoint and security management tools.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Analyst Insights GigaOm Radar for Patch Management

Analyst Insights: GigaOm Radar for Patch Management

By Patch Management, Video, Webinars

We hosted Howard Holton, Analyst & CTO at GigaOm, to discuss the state of the industry, the future of patch management, and how to use the latest GigaOm Radar to find the right solution for you.

In this session you’ll learn:

  • Good practices for patch management in the current threat environment
  • Emerging technologies in patch management solutions
  • How to use the GigaOm Radar to find the right patch management solution

View the Webinar

Business Email Compromise is Big Business

By Blog

The FBI’s 2021 Internet Crime Report named business email compromise (BEC) as the most effective weapon in the cybercrime arsenal. It accounted for third of the country’s $6.9 billion in cyber losses that year and is expected to rake in even more cash in 2022.  

BEC can be categorized as a response-based attack. A bad actor requires a user to reply to a message and engage in a conversation that eventually leads to the execution of an elaborate scam. It all begins with someone successfully breaking into an email account. Phishing might be the gateway to BEC. It usually is: A user is tricked into clicking on a malicious URL or attachment, has their password cracked using brute force techniques, or a criminal buys those credentials (that had previously been exposed) on the dark web.  

But in most BEC cases, the con doesn’t take place at once. Cybercriminals are keen to gain access to prized email accounts such as those of a CEO, CFO, or other finance personnel with purchasing or bill-paying authorization or who have access to bank accounts. A common trick is for a bad guy to lay in wait, carefully monitoring traffic on the exposed email account, and hoping for the best opportunity. The victim in these cases has no idea that anyone else is monitoring their conversations.  

A bad actor waits for the right moment. Perhaps a deal is going through that involves millions. It might be the company is sending a big order to a new supplier or finalizing negotiations for a merger. Ideally, the CEO, CFO, or person whose account has been hacked is traveling as part of the deal. The criminal knows when they log off for the day. At that point, they can take over the email, send a message to someone at headquarters saying that something has come up and they need that person to immediately send $XTZ millions to an account number. Urgency is injected such as the fact that the deal will fail or business will be lost to a competitor if they don’t transfer the money right away. As the message came from the exec’s actual email account – and clever BEC scammers even use the same language, the same greetings, the same complimentary close the boss always uses – everything looks indistinguishable from normal traffic apart from the unexpected need to act now and send the cash immediately. If the person complies and sends the cash that night, it is usually not until the next morning that suspicion emerges. By that time, it is too late. The money has been transferred from account to account to account and is usually beyond retrieval.  

Bigger Targets and Better Defenses  

Modern scammers now look for the most lucrative targets. Hence the upward trajectory on the effectiveness of BEC. FBI numbers put annual takings at around $2.4 billion from BEC.  

Further data from the FBI added up all the damage from BEC. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses. The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers. Banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore. Between June 2016 and December 2021, the total haul internationally from BEC-related incidents came to $43 billion.  

Accordingly, the agency made the following suggestions to protect against BEC:  

  • Use secondary channels or two-factor authentication to verify requests for changes in account information. 
  • Ensure the URL in emails is associated with the business/individual it claims to be from. 
  • Be alert to hyperlinks that may contain misspellings of the actual domain name. 
  • Refrain from supplying login credentials or sensitive personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate. 
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from. 
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed. 
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added to this list in a Shields Up alert earlier this year with the following key guidelines:  

  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA. 
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.  

No one wants to experience a cyberattack. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date. Syxsense is the only product that combines automated patching, vulnerability scanning, remediation, and IT management.

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
server

Dealing with the OpenSSL Vulnerability

By Blog

The OpenSSL vulnerability is big news. Why? This one is the OpenSSL bug with the highest level of risk since the infamous Heartbleed way back in 2014. It has since resulted in the release of two common vulnerabilities and exposures (CVEs). This is important when you consider that OpenSSL isa very large software code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is widely used by just about any application. Its purpose is to secure communications over computer networks and protect them from eavesdropping or any need to identify the party at the other end. It is heavily used by Internet servers and most HTTPS websites.  

CVE-2022-37786 and CVE-2022-3602 both concern a buffer overrun that can be triggered in X.509 certificate verification, specifically in name constraint checking. This happens after certificate chain signature verification and requires either a signed malicious certificate or for an application to continue certificate verification despite failure to build a path to a trusted issuer. As a result, an attacker can craft malicious email addresses in certificates to overflow a certain number of bytes. This buffer overflow can result in denial of service.  

The good news is that these vulnerabilities have been downgraded from critical to high risk (though they are still serious) due to the fact that many platforms implement stack overflow protections to mitigate against this kind of remote code execution. The risks posed by these vulnerabilities can be further mitigated based on the stack layout for different platforms and compilers. That doesn’t mean there is no urgency. Users should upgrade to a new OpenSSL version (OpenSSL 3.0.7) as soon as possible. 

Not Another Heartbleed   

The initial panic on this one has subsided somewhat since security researchers realized it was not so devastating as what happened with Heartbleed 8 years ago. Heartbleed enabled malicious users to trick vulnerable web servers into sending sensitive information, including usernames and passwords. It caused complete devastation in its heyday. Some analysts said that it affected roughly one in every six SSL servers. Part of the problem was that certain requests within OpenSSL, at that time, weren’t checked for accuracy. This meant that attackers could easily trick an SSL server into allowing malicious access to parts of its memory that should have been kept secure. By letting an attacker see the contents of a memory buffer containing sensitive information, for example, they could sometimes gain the SSL private keys to allow decryption of secure communications as well as usernames and passwords. You can read more about it and what Heartbleed did to enterprise systems in CVE-2014-0160. That vulnerability ended up costing organizations around the world as much as half a billion dollars according to some estimates due to the need to revoke and replace SSL certificates.  

Heartbleed is Still Being Hacked 

Despite it being so old and so virulent, hackers continue to exploit Heartbleed. There are still servers around that have not yet installed the patch that fixes the bug. How many? SANS Institute figures put the number of servers that remain vulnerable at close to a quarter of a million in late 2020. It may have come down somewhat since then. Nevertheless there are still a lot of servers out there that remain vulnerabule to a prehistoric bug.  

This fact makes it clear that organizations need all the help they can get when it comes to fixing known vulnerabilities. Systems should be scanned to find any and all servers that are vulnerable to the latest OpenSSL vulnerability. But they should also check for any remaining Heartbleed issues, too. The CVEs cover the various steps required for remediation. But the basic action is to deploy the necessary patches as soon as possible.  

Syxsense takes the uncertainty out of patch deployment. It scans all servers, endpoints, and systems for vulnerabilities and automatically deploys patches anywhere and everywhere across the network to fix serious issues fast. It can take care of OpenSSL issues rapidly. After a rapid setup, administrators can rely on it to patch systems thoroughly and fast.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Cyber Insurance Rates Climb and Refusals Multiply

By Blog

The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.  

Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times. 

While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).  

The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages. 

Tough Requirements  

The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.  

Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal. 

Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.  

Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.  

 Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.  

Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo