Skip to main content
Monthly Archives

December 2022

Cyber Insurance Rates Climb & Refusals Multiply

By BlogNo Comments

The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.  

Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times. 

While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).  

The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages. 

Tough Requirements  

The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.  

 

Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal. 

Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.  

Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.  

Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.  

Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.  

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
ransomware

DDoS Eclipses Ransomware as a Major Threat

By BlogNo Comments

A recent Threat Pulse research report from NCC Group found that the highest number of Distributed Denial of Service (DDoS) incidents between January and September 2022 took place in the month of September. This represented a 14% increase and a total of 2,090 DDoS attacks. Ransomware attacks, meanwhile, were down 7% from the previous month with Lockbit 3.0 (30%), Black Basta (13.3%), and BlackCat (12.8%) remaining the most prevalent threat actors. Lockbit has been the most active group for every month of the year.  

Sector-wise, all areas experienced a high volume of attacks. But Industrials (34%) were the most attacked vertical, followed by Consumer Cyclicals (18%), Healthcare (10%), and Technology (8.5%). The geographical distribution of attacks showed no surprises: North America suffered 84 attacks (45%), making it the most targeted region. Europe was next with 27%, then Asia with 14%. 

Interestingly, ransomware attacks overall were found to be 50% lower than a year before. It seems likely, therefore that 2021 will remain the highest year on record – unless there is an unprecedented upsurge in ransomware to end the year.  

Shift of Tactics  

Make no mistake. Ransomware remains a potent threat. But stepped-up law enforcement efforts, better international legal collaboration, and organizations deploying a raft of ransomware protection solutions probably combined to lessen its impact.  

The bad guys may be criminals, but they are not fools. They know what is going on. Thus, they have adjusted their tactics by increasing the volume of DDoS and launching more targeted ransomware campaigns. More than likely, 2021 was a freak year. Due to the success of ransomware in 2020, just about everyone among the cybercriminal gangs decided to get in on the act. Entire cybercrime supply chains formed up to facilitate ransomware. Lots of little outfits would probe enterprises for weaknesses. They would get a finder’s fee for passing on the details of a ripe target. More organized groups would then execute the ransomware attack and seek to collect the funds. Ransomware as a Service, too, emerged. Criminal developers created kits that could be sold to people with little or no computing experience. These developers got a cut of every successful extortion scheme.  

But the unprecedented funds raised through ransomware let to a glut in the market in 2021. Hence, the downturn in 2022. That doesn’t mean ransomware will go away. It is expected to remain an important part of the cybercrime toolkit for some time to come. But stronger defences against it mean that the bad guys will turn to tried and tested means of breaking into enterprise IT systems.  

They will scan networks looking for server, website, operating system (OS) and application vulnerabilities. They will scour the web for unpatched systems. When they find them, they will exploit them relentlessly. Bad actors know that items on the Common Exposure and Vulnerabilities (CVE) list remain weak spots in many organizations. Despite these threats being publicized broadly and patches and remediation steps being clearly laid out, a great many organizations fail to act. There are many cases on record of vulnerabilities remaining unremedied years after the issuance of a patch. We have known about Log4j, for example, for a year now yet it is still being exploited. Similarly, the Heartbleed exploit from 2014 remains something that the bad guys can exploit in some businesses.  

Syxsense Protection 

Syxsense Enterprise offers comprehensive vulnerability management, remediation, and patch management. It intelligently distributes patches with the click of a button without tying up bandwidth across the enterprise. It does this automatically, using technology that is designed to send software and patches across the wire once, using peer-to-peer within the network for local distribution.  

Further features include:  

  • Patch supersedence addresses the fact that vendors sometimes include older updates in current patches. Therefore, if a company is deploying patches sequentially, it can place the new patch at the end of the queue and not deploy it immediately while it takes care of the oldest patches. However, the new patch a) may be higher priority, and b) includes the old patch in any case. The patch supersedence features of Syxsense would deploy the new patch and not the old one.  
  • Patch Roll Back: The last thing you want is for an update to cause incompatibilities in other systems. That’s why software vendors and IT departments conduct testing to ensure patches are benign. But despite the precautions, faulty patches can occasionally happen. Syxsense includes a patch roll back feature that allows you to return your systems to the state that existed before the implementation of the new patch.  
  • Testing and release within three hours: Hackers and cybercriminals move fast. There is no time to lose in installing patches. Within a couple of hours of a patch being released, Syxsense has tested it, validated it, and has it ready for distribution.  
  • Automation: With hundreds or even thousands of endpoints to manage, manual patch distribution is too slow. Syxsense is fully automated to ensure critical patches are implemented right away. There is no need to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The API Insecurity Challenge

By BlogNo Comments

Application Programming Interfaces (APIs) have become ubiquitous in IT. There are now more than 400 billion API calls per month. They enable applications to interact and systems to connect with external services.  

Think about the many layers of the networking stack. It begins with the physical layer and then there are additional layers dealing with different aspects of computing and interaction. Above them all are the APIs. They usually harness the HTTPS protocol to communicate or relay requests and responses. Thus, APIs are the glue that bring software elements together. In the cloud, they connect the client and the provider.  

But popularity usually creates other problems. Nobody bothered much with malware for Apple platforms until the company rose to dominance in the 2000s. Until then, almost all viruses were squarely aimed at Windows as it accounted for an overwhelming majority of all PCs and laptops. Once you reach a certain size or level of market penetration, though, cybercriminals are likely to take notice. In the case of APIs, getting close to half a trillion calls a month certainly warrants attention.  

The State of API Security  

API security has not been a topic of lengthy conversation until recently. APIs were thought of as something happening in the background – a relatively minor aspect of overall IT infrastructure. Due to their lack of stature, they haven’t received the attention they deserve from developers with regard to overall security.  

In some ways, this isn’t too dissimilar to the way applications were developed. Until quite recently, developers created their apps and then security features or patches were added after the fact. It has only been in the last few years with rampant data breaches and ransomware that we have seen the appearance of DevSecOps and other movements that aim to make applications more secure from the very early stages of their creation. The goal is to bake in security rather than cobble it on at a later point once use in the real world exposes its vulnerabilities.  

APIs have been late to the party. They have been somewhat neglected as a potential weak point in organizational defenses. And the bad guys are onto it.  

APIs, after all, are what expose services to the outside world. And they can be compromised. Common problems include vulnerabilities within the APIs themselves, misconfiguration issues, lax access controls that allow APIs to share too much information, personally identifiable information (PII) being exposed via APIs, and in general, not getting APIs enough attention from security tools. No wonder hackers have learned different ways they can use to exploit insecure APIs as a means of compromising systems or stealing data.  

 

Safeguarding APIs  

There are several steps that organizations should take to safeguard the APIs they utilize:  

  1. Add API security best practices to internal development efforts so you don’t perpetuate the API insecurity challenge.  
  2. Inventory all APIs in use: Due to the prevalence of APIs in just about every aspect of IT operations, few organizations have a good idea of the many ways their applications are touched by APIs. What is needed is a complete API inventory. Only by possessing such an inventory does it becomes possible to spot misconfigured, insecure, or unprotected APIs.  
  3. Reveal how access controls interact with APIs to determine whether they reveal too much information by inspecting API gateways and the micro-services involved.  
  4. Ensure APIs are configured to prevent exposure of PII and to prevent violations of the many privacy regulations that apply.  
  5. Monitor how APIs are consumed to detect abnormal behavior or potential abuse.  
  6. Adopt sensible safeguards to keep the organization secure such as mobile device management, patch management, and vulnerability management.  

Syxsense Enterprise delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. Unusual activities originating from API insecurity can be spotted quickly and dealt with. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices. 

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cuba ransomware

Cuba Ransomware: What is it?

By BlogNo Comments

Security is always in principle a conversation of trust. Do you trust the vendors providing your company with products and services? This is a question which every company should be continually evaluating and reevaluating as part of their ongoing security posture maintenance.  

Microsoft is the latest example of a company providing trust to entities, wherein that trust was abused, through no major fault of their own. As early as August 2022, a small set of accounts within Microsoft’s Hardware Developer platform began using their trusted authority to sign drivers which contained malicious code. The payload of this code has been found to effectively disable security platforms on an endpoint basis. With the endpoint security tools disabled, malware payloads can then propagate freely across an enterprise network, preparing for, and then executing on a set of commands which cryptographically lock down the contents of end user devices. The originator of the malware then sends a trigger sequence, turning the lock on the encryption mechanism, removing access to the end user, then presenting them with a ransomware demand. This ransomware has been named Cuba, after the cyber-crime organization (not related to the nation of Cuba) responsible for its dissemination.  

Malicious drivers are traditionally classified as trojan horse attacks. An end user experiences a problem with their computer. To solve the problem, they search the internet for an answer, and click a link providing a download which promises to fix a malfunctioning driver causing the original problem. Once installed, that driver then executes code providing unapproved access to the device.  

But the Cuba Ransomware is more sophisticated. Rather than relying on an end user going outside of the traditional support channels for help, the Cuba Ransomware relies on a supply chain breach, using a reasonably assumed trust which most companies give to one of the world’s largest software vendors, Microsoft, to provide their payload. They were able to do this by utilizing signing certificates stolen as part of the Lapsus$ group’s targeted attack of Nvidia back in February. These same leaked signing certificates were never removed from Microsoft’s Hardware Developer Program and were therefore available for Cuba to use in their supply chain attack.  

To read the full Cybersecurity Advisory on Cuba Ransomware released by CISA, click here.

Why You Should Care 

In the context of the Cuba ransomware event, your company can do everything correctly and still be a victim by simply installing recommended drivers from Microsoft (which is a perfectly reasonable thing to do). This is why supply chain attacks are so powerful.   

As of the writing of this article, Microsoft has removed the fraudulently signed drivers, and the accounts responsible for signing them within their Hardware Developer Program.  If no one in your organization has performed any kernel driver updates within the last few months, then this attack may not be relevant to your organization. That said, the number of companies that can definitively say that they have not performed kernel driver updates within the last 6 months is vanishingly small. Again, this is the power of supply chain attacks. That being the case, it is safe to assume that there is a non-trivial chance that your organization has had the Cuba Ransomware driver compromise imbedded somewhere in your environment.  

To their credit, Microsoft has added the affected kernel driver versions to their blacklist, which helps ensure that these malicious drivers don’t end up on your devices in the future, and existing versions are now being removed as part of standard OS patching. But, for those environments still affected, the Cuba Ransomware group has a potentially viable link into your environment which they can use to inflict severe damage to your company.  

And Cuba has been busy.  

According to the United States Cybersecurity and Infrastructure Security Agency (CISA), the Cuba Ransomware group has successfully disrupted operations at 101 organizations since August 2022, 65 of which are within the United States. From these 101 organizations, the Cuba Ransomware Group has extracted $60,000,000 dollars in extortion payments.   

How Syxsense can Help 

Syxsense can help keep your organization safe from this supply chain attack in two distinct ways. First, our vulnerability scanning tool can alert your team to existing possible Cuba related breaches using a process called indicator of compromise detection (IoC). IoC detections are small scripts that analyze configuration files, device driver versions, and other aspects of a device’s operating system to see if the OS matches a known state associated with the supply chain attack. Using these IoC’s your organization can then determine if the Cuba ransomware attack is a relevant concern to your organization.  

Additionally, Syxsense can also facilitate the standard deployment of Microsoft patches, ensuring that the latest set of patch Tuesday updates are applied to your environment universally.  

Between these two mechanisms, your organization can have confidence that the Cuba ransomware is not currently present in your environment, and that the ransomware won’t be present in the future.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cybersecurity

Cybersecurity Job Crisis Worsens 

By BlogNo Comments

It has become increasingly apparent in recent years that more cybersecurity professionals are needed urgently. But the pace at which new people are trained is tortoise-like in comparison to the hare-like pace of cybercrime. And unlike the popular children’s story, the tortoise isn’t likely to win over a longer race. The bad guys show no signs of slowing down and appear to have the stamina to maintain the speed of malware distribution, or even accelerate it.  

But the shortage of security workers isn’t going to abate anytime soon. There are currently more than 1.1 million working in cybersecurity in the US. that may seem impressive. Yet there are currently more than 750,000 job openings with many of them unlikely to be filled for some time to come.  

Understandably, there are a great many industry initiatives ongoing to combat this staffing crisis. The White House launched a National Apprenticeship Week in November along with various supporting programs. The InfoSec Institute has stepped up its efforts to train a new workforce and reskill existing workers. These efforts aim to change alarming trends in the talent pipeline.  

For example,  computer science is being studied by 5.6% of high school students despite being offered by more than half of all U.S. high schools. We need state and local governments to incentivize schools to further incorporate (and even mandate) computer science courses. By doing so, more young people will possess a baseline of tech competencies, bolstering talent pipelines. 5.6% may be shockingly bad, yet it is up from 4.7% only a year ago. Clearly, progress is being made, but not at the speed necessary to fill the cyber-skills chasm.  

Further efforts include the development of industry career paths that go beyond the traditional focus of degrees. This includes Community College programs and training people on industry credentials to take up entry level positions in cybersecurity.  

Hiring practices, too, are being asked to change their usual requirements. Almost every entry-level position in cybersecurity demands a degree in IT or security. Many also ask for certifications and several years of experience. With the current job shortage, setting the bar much too high may be one big reason for lack of applicants. The fight over unicorn candidates is one ramification of this. While bidding wars go on for a select few highly qualified and experienced individuals, the industry has a dearth of promising newcomers. It could be likened to all NBA teams fighting over one superstar such as Lebron James and utterly neglecting any other standard player recruitment practices and largely ignoring new draft picks.  

The Applicant Tracking Systems (ATS) used by HR may also be contributing to the problem. These systems work primarily based on certain parameters and keywords. If someone doesn’t have X degree, or Y certificate, they are automatically excluded. Their resume is never viewed by human eyes. If they have no experience in the workforce, ATS disqualifies them. Yet sitting there might be a diamond in the rough. Should anyone take the time to peruse the resume, they would discover that the person has been developing applications since they were 10 years old, or won an award at a Black Hat conference as a teenager.  

Additional actions being encouraged are continuous training of IT staff in security and other parts of the workforce. The more certifications that existing staff obtain, the better off the industry as a whole becomes.  

Automation  

These efforts are all laudable and vitally necessary. But it becomes increasingly apparent with each passing day. That the world of security will have to get used to doing far more with far fewer people. That is where automation comes in. IT security can no longer consist of manually intensive labor or troubleshooting actions that consume hour after hour trawling through logs in an attempt to find a cybercriminal needle in the infrastructural haystack.  

Nor is it appropriate to rely on veteran staffers to gaze solve all our cybersecurity woes. Granted, there are some superstars out there who have an intuitive ability to zero in on the root cause of security issues. But dependence on the few only plays into the hands of the criminal fringe. These talented individuals may soon be up for retirement. They are likely to be headhunted by other organizations overly focused on attracting unicorns. In any cases, as IT and multi-cloud environments grow in size and complexity, there are just too many inputs, too many logs, and too many workloads to manage security threats manually.  

It takes end-to-end automation to take care of modern IT security. Such automation not only encompasses detection of potential issues. It must also address remediation. Syxsense provides security services that automatically take care of functions such as endpoint management, mobile device management, patch management, vulnerability scanning, and remediation. In patch management, for example, Syxsense guarantees to test and critical patches within four hours of their release. It automatically deploys patches based on a priority system to safeguard all organizational systems and devices by providing the correct updates and patches. And it provides end-to-end integrated automation a cross its suite of endpoint and security management tools.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Analyst Insights GigaOm Radar for Patch Management

Analyst Insights: GigaOm Radar for Patch Management

By Patch Management, Video, WebinarsNo Comments

We hosted Howard Holton, Analyst & CTO at GigaOm, to discuss the state of the industry, the future of patch management, and how to use the latest GigaOm Radar to find the right solution for you.

In this session you’ll learn:

  • Good practices for patch management in the current threat environment
  • Emerging technologies in patch management solutions
  • How to use the GigaOm Radar to find the right patch management solution

View the Webinar

Business Email Compromise is Big Business

By BlogNo Comments

The FBI’s 2021 Internet Crime Report named business email compromise (BEC) as the most effective weapon in the cybercrime arsenal. It accounted for third of the country’s $6.9 billion in cyber losses that year and is expected to rake in even more cash in 2022.  

BEC can be categorized as a response-based attack. A bad actor requires a user to reply to a message and engage in a conversation that eventually leads to the execution of an elaborate scam. It all begins with someone successfully breaking into an email account. Phishing might be the gateway to BEC. It usually is: A user is tricked into clicking on a malicious URL or attachment, has their password cracked using brute force techniques, or a criminal buys those credentials (that had previously been exposed) on the dark web.  

But in most BEC cases, the con doesn’t take place at once. Cybercriminals are keen to gain access to prized email accounts such as those of a CEO, CFO, or other finance personnel with purchasing or bill-paying authorization or who have access to bank accounts. A common trick is for a bad guy to lay in wait, carefully monitoring traffic on the exposed email account, and hoping for the best opportunity. The victim in these cases has no idea that anyone else is monitoring their conversations.  

A bad actor waits for the right moment. Perhaps a deal is going through that involves millions. It might be the company is sending a big order to a new supplier or finalizing negotiations for a merger. Ideally, the CEO, CFO, or person whose account has been hacked is traveling as part of the deal. The criminal knows when they log off for the day. At that point, they can take over the email, send a message to someone at headquarters saying that something has come up and they need that person to immediately send $XTZ millions to an account number. Urgency is injected such as the fact that the deal will fail or business will be lost to a competitor if they don’t transfer the money right away. As the message came from the exec’s actual email account – and clever BEC scammers even use the same language, the same greetings, the same complimentary close the boss always uses – everything looks indistinguishable from normal traffic apart from the unexpected need to act now and send the cash immediately. If the person complies and sends the cash that night, it is usually not until the next morning that suspicion emerges. By that time, it is too late. The money has been transferred from account to account to account and is usually beyond retrieval.  

Bigger Targets and Better Defenses  

Modern scammers now look for the most lucrative targets. Hence the upward trajectory on the effectiveness of BEC. FBI numbers put annual takings at around $2.4 billion from BEC.  

Further data from the FBI added up all the damage from BEC. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses. The BEC scam has been reported in all 50 states and 177 countries, with over 140 countries receiving fraudulent transfers. Banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore. Between June 2016 and December 2021, the total haul internationally from BEC-related incidents came to $43 billion.  

Accordingly, the agency made the following suggestions to protect against BEC:  

  • Use secondary channels or two-factor authentication to verify requests for changes in account information. 
  • Ensure the URL in emails is associated with the business/individual it claims to be from. 
  • Be alert to hyperlinks that may contain misspellings of the actual domain name. 
  • Refrain from supplying login credentials or sensitive personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate. 
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from. 
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed. 
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added to this list in a Shields Up alert earlier this year with the following key guidelines:  

  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA. 
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.  

No one wants to experience a cyberattack. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date. Syxsense is the only product that combines automated patching, vulnerability scanning, remediation, and IT management.

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
server

Dealing with the OpenSSL Vulnerability

By BlogNo Comments

The OpenSSL vulnerability is big news. Why? This one is the OpenSSL bug with the highest level of risk since the infamous Heartbleed way back in 2014. It has since resulted in the release of two common vulnerabilities and exposures (CVEs). This is important when you consider that OpenSSL isa very large software code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is widely used by just about any application. Its purpose is to secure communications over computer networks and protect them from eavesdropping or any need to identify the party at the other end. It is heavily used by Internet servers and most HTTPS websites.  

CVE-2022-37786 and CVE-2022-3602 both concern a buffer overrun that can be triggered in X.509 certificate verification, specifically in name constraint checking. This happens after certificate chain signature verification and requires either a signed malicious certificate or for an application to continue certificate verification despite failure to build a path to a trusted issuer. As a result, an attacker can craft malicious email addresses in certificates to overflow a certain number of bytes. This buffer overflow can result in denial of service.  

The good news is that these vulnerabilities have been downgraded from critical to high risk (though they are still serious) due to the fact that many platforms implement stack overflow protections to mitigate against this kind of remote code execution. The risks posed by these vulnerabilities can be further mitigated based on the stack layout for different platforms and compilers. That doesn’t mean there is no urgency. Users should upgrade to a new OpenSSL version (OpenSSL 3.0.7) as soon as possible. 

Not Another Heartbleed   

The initial panic on this one has subsided somewhat since security researchers realized it was not so devastating as what happened with Heartbleed 8 years ago. Heartbleed enabled malicious users to trick vulnerable web servers into sending sensitive information, including usernames and passwords. It caused complete devastation in its heyday. Some analysts said that it affected roughly one in every six SSL servers. Part of the problem was that certain requests within OpenSSL, at that time, weren’t checked for accuracy. This meant that attackers could easily trick an SSL server into allowing malicious access to parts of its memory that should have been kept secure. By letting an attacker see the contents of a memory buffer containing sensitive information, for example, they could sometimes gain the SSL private keys to allow decryption of secure communications as well as usernames and passwords. You can read more about it and what Heartbleed did to enterprise systems in CVE-2014-0160. That vulnerability ended up costing organizations around the world as much as half a billion dollars according to some estimates due to the need to revoke and replace SSL certificates.  

Heartbleed is Still Being Hacked 

Despite it being so old and so virulent, hackers continue to exploit Heartbleed. There are still servers around that have not yet installed the patch that fixes the bug. How many? SANS Institute figures put the number of servers that remain vulnerable at close to a quarter of a million in late 2020. It may have come down somewhat since then. Nevertheless there are still a lot of servers out there that remain vulnerabule to a prehistoric bug.  

This fact makes it clear that organizations need all the help they can get when it comes to fixing known vulnerabilities. Systems should be scanned to find any and all servers that are vulnerable to the latest OpenSSL vulnerability. But they should also check for any remaining Heartbleed issues, too. The CVEs cover the various steps required for remediation. But the basic action is to deploy the necessary patches as soon as possible.  

Syxsense takes the uncertainty out of patch deployment. It scans all servers, endpoints, and systems for vulnerabilities and automatically deploys patches anywhere and everywhere across the network to fix serious issues fast. It can take care of OpenSSL issues rapidly. After a rapid setup, administrators can rely on it to patch systems thoroughly and fast.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Cyber Insurance Rates Climb and Refusals Multiply

By BlogNo Comments

The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.  

Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times. 

While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).  

The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages. 

Tough Requirements  

The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.  

Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal. 

Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.  

Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.  

 Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.  

Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
blog

Syxsense Unifies Zero Trust and Vulnerability Management

By BlogNo Comments

The ZeroTrust concept is all about securing endpoints, applications, IT infrastructure and data based on the assumption that any network or endpoint is always at risk of either internal or internal attack. Accordingly, Zero Trust means individuals are not automatically trusted just because they are on the network. They must prove who they are and are given limited access to only the systems they need. The same applies to devices. Zero Trust also verifies machine identities and picks up changes such as the browser being used for access. In essence, all devices and identities are not trusted and are denied access to corporate assets until they can meet a defined set of criteria.  

Security vendors are promoting a range of products and services designed to implement Zero Trust in the enterprise. The good news is that the latest version of Syxsense Enterprise incorporates an integrated Zero Trust module. Hence, those using Syxsense for vulnerability detection management and remediation have no need to add additional products or tools to achieve zero trust protection. Zero Trust features are completely integrated into Syxsense.  

Those organizations considering a Zero Trust strategy can utilize Syxsense as a fast and reliable way to implement it. Those wishing to consolidate different tools for patching, vulnerability scanning, remediation, mobile device management (MDM) and Zero Trust can deploy Syxsense to unify all those functions into a single solution.  

Blocking Untrusted Devices  

Syxsense protects organizations from breaches by blocking users on untrusted devices. As an end-to-end solution, it helps organizations to create a Security Posture that encompasses the various criteria necessary to be granted trusted access. But the granting of trust is not a one-time event. Each device and identity must consistently meet the trust criteria based on evaluation of trusted status on each managed device. Those meeting the criteria gain access. Those that don’t are automatically blocked. The system then automatically triggers further actions appropriate to the situation to prevent breaches and stop attacks in their tracks.  

The Syxsense Zero Trust module within Syxsense Enterprise enables endpoint compliance using Zero Trust Network Access policies (ZTNA). This approach is vitally needed as traditional authentication solutions are not designed to evaluate device health, enforce granular policy compliance, or automate risk remediation.  

Take the case of password protection. According to research from Bitwarden, 85% of Americans reuse passwords across multiple sites and 49% rely on memory to manage passwords. 24% reset their passwords multiple times a week. Zero Trust provides the extra layer of protection needed in light of the fact that cybercriminals have become so adept at using brute force techniques to crack passwords as well as phishing to trick users into handing over their access credentials. Data protection, too, is an area where ZTNA exerts a positive impact. It can prevent data exfiltration, intellectual property theft, and unauthorized access to corporate data assets.   

Zero Trust, then, requires users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture a) before being granted access and b) to retain access to applications and data.  

Syxsense Zero Trust Module  

The Syxsense Zero Trust module serves as a trust evaluation engine for endpoints. It offers unparalleled visibility and control over network access policies, while enabling security teams to build sophisticated access policies and remediation workflows to ensure complete ZTNA compliance across the enterprise.   

In addition to accepting or denying access based on device Security Posture, it can automatically apply fixes and remediate issues in real time to enable proper access. Actions that lie outside the range of the Security Posture automatically trigger alerts and the need for full device and user verification. This might include a laptop accessing a NetSuite server after hours from un unfamiliar IP address and location, such a circumstance would be blocked immediately.  

But where Syxsense really differentiates itself from the competition is through automated remediation of non-compliant endpoints. Remediation actions might include deploying an urgently needed security patch, updating the anti-virus signature database, and alerting IT about unauthorized access attempts.  

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo