Skip to main content



Ransomware on the Rise: Local Governments Under Attack

By BlogNo Comments

Ransomware attacks against local governments are an increasingly common occurrence in recent years. According to a recent report, 330 ransomware attacks have been carried out against government systems over the past four years, with more than half a million individual records affected. These attacks also often disrupt essential services, such as online portals and payment systems. This can have serious consequences for local governments, as well as for those who rely on the services they provide.

Recent Attacks on Local Governments Highlight the Need for Stronger Cybersecurity Measures

There have been several recent ransomware attacks against local government organizations in the U.S. in recent years.

  • In August 2019, in a coordinated attack, 22 municipalities in Texas were simultaneously infiltrated by hackers, resulting in significant impact to their computer systems and disruption to local services.
  • In December 2019, the city of Pensacola, Florida, was hit by a ransomware attack that impacted its email and phone systems and online payment systems.
  • In May 2021, the city of Tulsa, Oklahoma, was hit by a ransomware attack that impacted more than 18,000 city files, some of them including information such as names, dates of birth, addresses, and driver’s licenses.
  • Just this month, the city of Oakland, California, was hit by a ransomware attack that exposed personal confidential data and took down the city’s computer systems for weeks.

The FBI’s Cyber Crime Center noted that “phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities” were “the top initial infection vectors for ransomware attacks in 2022.

The aftermath of attacks such as these makes one thing clear: local governments need stronger cybersecurity measures and more robust vulnerability and risk assessment. With continuous vulnerability scanning and comprehensive endpoint management, local governments can reduce their attack surface and give criminals one less entry point to launch an attack.

Limited Resources Pose a Challenge for Maintaining Secure IT Infrastructure

Consistently tight budgets have left local governments particularly vulnerable to ransomware attacks. Many local government organizations must use older hardware and software because they do not have the luxury of upgrading to newer technology. This can lead to systems and applications that may no longer be supported by vendors, with vendors supplying security updates or patches. Limited staffing resources have only compounded this issue, leaving many local government agencies unable to keep up with patching and other IT or security operations such as regular vulnerability scanning.

Many local government organizations have limited resources, small IT teams, and tight budgets, which make it difficult to keep up with the maintenance and support of current and older systems. With more devices being used to get work done, hastened by the pandemic and work-from-home initiatives, many IT and security teams don’t have a clear picture of how many devices are connected to the enterprise, much less whether those devices are up-to-date on patches and other security measures. This means they cannot monitor the health of devices accessing sensitive information, scan for potential issues on the devices, deploy patches, or enforce security controls that would limit their attack surface and reduce their exposure to these types of attacks.

While there are many challenges local governments face in managing and securing their endpoints, it is crucial that they do so. The best way for government organizations to prevent crippling cyber-attacks like ransomware is to implement best practices around patch management and vulnerability scanning.

Leveling the Playing Field

While attackers are targeting local governments more frequently due to outdated and vulnerable systems and limited resources, this does not mean that government organizations must be victims. Tools that consolidate management and security with automation can make these organizations less vulnerable to cyberattacks and reduce the burden on their budgets and staff. By implementing these measures with a tool that does the work for them, they can ensure their systems and sensitive data remain secure and protected.

Implementing best practices around patch management and vulnerability scanning is particularly important in these environments. Older devices may have unpatched operating system vulnerabilities or use software that has reached end-of-life from vendors that no longer release updates, leaving the devices exposed to risk. This does not mean that they should simply be left as-is, though. Other mitigations, especially policy-based security controls, can help reduce the risk from older devices and applications. Unified security and endpoint management (USEM) tools make it easy to implement these best practices by enabling patch management best practices, regularly scanning for vulnerabilities, and remediating vulnerabilities automatically. This ensures that the devices employees use to work and access sensitive data are managed and secure, while cutting off device access if it does not have the proper management and security profile.

Automating vulnerability scanning and patch management can make local governments less of a target for attackers. When vulnerabilities are quickly identified and addressed and software is regularly updated, the risk of a successful cyberattack is significantly reduced, making governments less likely targets in the future.

Find out how Syxsense helps local governments strengthen cybersecurity measures and keep endpoints secure. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Healthcare Under Attack

By BlogNo Comments

According to a report by Comparitech, the healthcare field is attracting a lot of attention from cybercriminals; ransomware, in particular, has created chaos across the sector. In 2021 alone, there were more than 100 ransomware attacks that impacted around 2,300 healthcare organizations, including 20 million patient records. The 2022 report comes out later this year, but the forecast looks grim.

Estimates of the cost of these attacks is upwards of $8 billion and that’s just in downtime. The average number of days of downtime was six, although some organizations were offline a lot longer. In addition to this price tag were ransomware payments that varied anywhere from $250,000 to $5 million, such as TriValley Primary Care’s payment of $250,000, Allergy Partners payment of $1.75 million, and UF Health Central Florida’s payment of $5 million.

It’s clear that medical organizations are being targeted by cybercriminals. While the sheer size of the attack surface can make it seem impossible to change, this doesn’t have to be the case.

The Harm of Ransomware in Healthcare

Ransomware is a dangerous form of malware for any organization. But for the medical sector, it is particularly harmful because patient health and privacy is at risk. The effects of an attack can disrupt key systems or even shut them down, leaving healthcare providers without access to patient data and medical records. In addition, the already high cost of medical care will only increase as organizations struggle to operate efficiently due to ransomware disruption and payouts.

The financial repercussions from regulatory agencies when healthcare organizations fail to secure their systems and a breach occurs can be severe. The Health Insurance Portability and Accountability Act (HIPAA) regulations stipulate security policies to protect patients from unauthorized access to health records and medical history. Failing to comply with HIPAA regulations can leave businesses facing fines of up to $1.5 million, in addition to any payouts related to a resulting breach.

Such attacks are becoming all too common: Scripps Health, a network of five hospitals and 19 outpatient clinics in California, was infiltrated by ransomware in 2021 to the cost of more than $100 million. Two of its hospitals lost access to electronic medical record systems and offsite servers, leaving several units unable to provide care and requiring patients to be diverted to other facilities. Though the initial access vector for the breach remains unverified, an internal email distributed after the attack noted that Scripps added multi-factor authentication processes for remote access and mobile devices and new security software on 98% of all Scripps devices. This suggests that access rights to high-value databases and assets were not protected by foundational cybersecurity controls.

Protecting Hospitals and Patients from Ransomware

Medical organizations can take steps to prevent the spread of ransomware by updating security policies and ensuring the burden of compliance isn’t left to busy healthcare workers. While doctors and nurses provide care to patients, organizations can rely on tools that consolidate vulnerability scanning, patch management, and compliance reporting to monitor and secure their environment.

In the case of Scripps Health, a unified security and endpoint management (USEM) solution with user- and device-based, multifactor authentication controls and integration with existing IT infrastructure, such as Active Directory, could have ensured compliance with security policies that restrict access to confidential records. With USEM, healthcare organizations could automatically verify that users and devices had multifactor authentication set up and up-to-date security controls in place before users could gain access to critical data.

USEM solutions enable healthcare organizations to achieve and maintain compliance with regulations such as HIPAA, ensuring that patient data is protected, and healthcare organizations aren’t subject to the financial burden of fines and payouts.

Find out how Syxsense helps healthcare organizations identify, manage, and secure their endpoints. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Ransomware Prevention with the help of MSPs/MSSPs

By BlogNo Comments

In 2022, malicious actors carried out nearly 400 ransomware attacks on U.S. organizations, affecting over 21 million individual records, according to Comparitech.

With an average ransom demand of more than $4 million dollars, the cost of a ransomware attack continues to balloon. This figure does not take into account expenses tied to recovery costs, lost revenue because of operational downtime, and the loss of customer confidence that can follow an attack. On average, a business in the US lost nine days of operation due to ransomware-induced downtime, although some were locked out of their networks for several months.

Malicious hackers can easily scan the internet to find open ports and vulnerabilities to exploit. If a business fails to patch a program or update an operating system, or if IT systems are not configured properly, attackers can utilize these attack vectors to gain entry to systems and mount a ransomware attack.

Companies can be easily overwhelmed by the IT management and cybersecurity tasks that help keep their businesses running. They need to apply their skills to their core competencies, but they are having to throw more and more resources at cyber-defense. Instead of investing in the business to forward their strategic ambitions, budgets are getting eaten up by security expenditures.

It is easy to see how, for some businesses (especially small businesses), a ransomware attack can be catastrophic. Some never recover and permanently close their doors. It’s not surprising then that many businesses are turning to managed services providers and managed security service providers (MSPs/MSSPs) to help safeguard their business environments.

MSPs Make It Easy to Protect Your Business

MSPs/MSSPs have the flexibility to quickly bring on skilled resources and partner with innovative technology vendors to deliver management and security in one simple package. Further, partnering with MSPs/MSSPs take the burden of finding, vetting, purchasing, implementing, and managing IT systems and security products off of the company, leaving business owners to focus on their business.

MSPs/MSSPs are already leveraging Syxsense Enterprise, for example, to automate asset discovery, patch and endpoint management, mobile device management, and vulnerability management – all in one easy-to-use product. These services help businesses to avoid ransomware attacks by inventorying every endpoint on their networks, detecting all unpatched systems, vulnerabilities, and misconfigurations, and remediating them rapidly. And because of the automation built into the product, MSPs/MSSPs can utilize less staff to manage more customers. MSPs wishing to begin offering security services should select solutions and products that place the least technical and staffing burden on existing personnel.

For more information, schedule a demo today and find out how Syxsense can help MSPs/MSSPs grow their service offerings and drive greater customer value.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cyber heist

Cyber Heists Continue to Grow, Financial Institutions Remain a Key Target

By BlogNo Comments

Everyone loves a good heist movie, which is why Hollywood keeps bringing out new ones. The Ocean’s Eleven series, the Italian Job, Die Hard, the Fast and the Furious series – the list goes on and on. Yet the story is largely the same – a group decides to steal the diamonds, the gold, the money, or what’s in the safe deposit boxes. They face adversity along the way yet eventually pull off the job.

In the modern era, such physically intensive heists are becoming less common. That’s because criminals can now target organizations via cyber-attacks without having to show their faces and easily cover their digital tracks to escape the consequences. While it may seem like cybercrime is only being perpetrated by the technically savvy, this is no longer true. In a study conducted in late 2022, Cybersecurity Ventures found that cybercrime is set to cost the world $8 trillion USD in 2023. For reference, if it were its own country, it’d be the third largest economy after the U.S. and China.

Another recent report from Contrast Security, Cyber Bank Heists, dove deeper into the cybersecurity threats facing the financial services sector. Some of the statistics worth noting included:

  • 60% of financial institutions have been victimized by malware attacks
  • 48% report an increase in wire transfer fraud
  • 50% have detected campaigns to steal non-public market information

With cyber fraud, phishing, ransomware attacks, account takeovers, and business email compromises (BEC) growing steadily in recent years, these numbers are likely to continue to rise.

Furthermore, cybercriminals are taking advantage of the fact that the business systems across the banking and financial services are complex. They span on-premise, legacy systems, such as mainframes, to modern, cloud-native applications. Transactions often traverse a complex route from transactional systems to customer portals delivered from the cloud, other online systems, and back again. The range of devices and applications is vast, and this complexity increases the attack surface for financial organizations. Effective management and implementation of robust security controls to protect against damaging attacks can seem like a difficult, never-ending task.

Defending Against Cyber Heists

Identifying, managing, and securing an enterprise doesn’t have to be difficult, though. Financial services enterprises are already under watchful regulatory and compliance eyes, and most are spending significant funds on meeting these requirements. Which is why being able to leverage the same tools for compliance, management, and security should be something IT and security teams look into.

Today, many IT and security teams tend to struggle to manage and integrate a hodge-podge of disparate tools as they seek to defend infiltration attempts. With a unified security and endpoint management (USEM) solution, financial services enterprises can have real-time alerting, immediate device quarantining, patch management, vulnerability scanning and automated remediation, along with real-time reporting to prove compliance.

With USEM, everything can be managed from one console: IT managers can set automated processes that ensure critical patches are deployed in a timely manner, without having to rely on end users, that attempted breaches are caught before they can do damage, that endpoints stay secure, and much more.

Find out how Syxsense helps financial institutions identify, manage, and secure their endpoints. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The Danger of Unknown, Unpatched, and Miscategorized Open-Source Vulnerabilities

By BlogNo Comments

The profile of Common Vulnerabilities & Exposures (CVEs) has risen in recent years. Organizations now pay far more attention to them than they used to. Of course, there are still plenty of cases on record of companies getting hacked due to failing to patch a CVE from a year or more ago. There are endless examples of companies taking weeks and sometimes months to act once a high-priority CVE after it is issued.

Nevertheless, in the vast majority of cases, CVEs are given almost gospel-like status in organizations. Some build their security response programs largely around issued CVEs. For example, if a CVE has a rating of 7 or above in severity, companies tend to put it to the head of the queue, leaving lower priority patches to be deployed at a later date – or in many cases not at all.

There are numerous flaws in this mode of operation. Cybercriminals have grown wise to this tactic. Yes, hackers search carefully for endpoints and systems that have failed to deploy high priority patches to address CVEs – and they rub their hands in glee when they find yet another inattentive victim. But they also now mount multi-faceted attacks that take advantage of lower-priority flaws that they know are often ignored. Thus, they will launch a campaign simultaneously probing for higher priority and lower-priority CVEs that are unpatched. If only the lower ones are available, they can be used to gain a foothold into the enterprise from which they can exact further damage.

New Research Asserts Open-Source Threats Overrated

JFrog just announced another shortcoming in CVE-oriented security defense programs. Their researchers analyzed the top 10 most prevalent open-source software vulnerabilities in 2022. Their findings? The severity ratings of most CVEs for open-source systems were overrated.

Severity ratings within the National Vulnerability Database (NVD) follow this scoring rubric: Critical severity levels are graded between 9 and 10. High severity is 7 to 8.9. A Medium rating is between 4 and 6.9, and a Low rating goes up to 3.9. However, when JFrog researchers assessed the real-world impact of these vulnerabilities and applied contextual analysis to their evaluations, they found that many of the scores attributed to open-source bugs were overinflated. Since it takes roughly 246 days to remediate a security issue completely, they recommended that security teams only deploy resources on the vulnerabilities that actually matter.

According to the report, most of the open-source vulnerabilities evaluated were much harder to exploit than reported, and therefore were undeserving of a high NVD severity rating. The consequence of following the NVD system, therefore, can sometimes cause organizations to “waste valuable time and resources to mitigate a vulnerability that is extremely unlikely to have any real-world impact on their systems,” said the report.

Prioritizing Vulnerability Remediation Requires Context

At Syxsense, we found a very similar issue across our customer base. Many organizations focus on remediating and patching the most severe vulnerabilities, but often do not have the time to tackle the medium or low severity vulnerabilities. They were simply inundated with the most severe or highest profile CVE for the day. However, that did not mean that those vulnerabilities weren’t relevant. In recent years, we have seen many medium or low severity vulnerabilities being exploited to gain an initial foothold into an enterprise.

This is why we developed a risk and prioritization rating based on an organization’s attack surface with vulnerabilities and endpoint posture. The Syxscore leverages NIST and vendor severity assessments in relation to the health status of the endpoints in your environment. It’s a personalized evaluation of what devices are vulnerable and the criticality of updates to the overall protection of your network, giving you the ability to target endpoints that pose the most serious levels of risk.

While vulnerability severity scores can be helpful, it is simply another data point. What organizations really need is customized context, including the security posture of their endpoints and existing security controls that can reduce the risk of a vulnerability.

Patching is the Key to CVE Remediation Success

Beyond context, patching is a critical component to managing vulnerabilities. Oftentimes, critical vulnerabilities will have patches released quickly – sometimes the same day that the vulnerability is made public. In these cases, keeping up is the most difficult part.

That’s why automation, inventorying, and patch deployment can eliminate long delays in patching programs. If you can constantly prioritize vulnerabilities with context based on your environment, patch the most important ones quickly, and validate that those patches have been applied appropriately, you will reduce your organizational risk and attack surface.

If you want to learn more about automating your patching program, schedule a demo today.


Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
remote control

Windows 7 Users and 8 Users – Watch Out

By BlogNo Comments

Windows users are notorious for holding onto aging operating systems and PCs many years after their sell-by date. A couple of years back, for example, an entire publishing and events office was discovered to still be running on Windows XP. No doubt there are XP machines sitting about in unsuspected places. Yet Microsoft ended support for that OS a decade ago. Since then, no security updates have been issued for it.

The same thing now applies to Windows 7 and 8. According to StatCounter, Windows 7 accounts for 11% of global Windows users as of September of 2022. Windows 8 has almost 4% market share and XP still manages half a percent. But even though the bulk of users have transitioned to Windows 10 (68% and are being heavily encouraged to make the switch to Windows 11 (currently only accounting for 17% of Windows users), that still leaves a large number running on obsolete, unsupported, and highly insecure OSes.

Windows, after all, rules the desktop and laptop space with three quarters of all installations. Microsoft estimates that 1.5 billion devices worldwide are running on Windows 10 or above. That means several hundred million users continue to run XP, Windows 7, and Windows 8 – and some of them could be lurking within your network or somewhere along your supply chain.

It becomes an urgent priority for organizations to find these users and upgrade them fast. Otherwise, they will no longer qualify for technical assistance and will get no more software updates. Crucial security updates for Windows 7 and 8 have officially ended. Any new exploits that can attack these systems will receive no patches from Microsoft.

Microsoft is asking Windows 7 users to skip 10 and move directly to Windows 11.

“PCs have changed substantially since Windows 7 was first released 10 years ago. Today’s computers are faster, more powerful, and sleeker – plus they come with Windows 11 already installed,” said an official announcement from Microsoft.

In most cases, a PC or laptop upgrade will be required – the new OS has much higher requirements for memory and processing power.

Anyone considering hedging their bets and moving to Windows 10 should know that its support will end in the fall of 2025. Why upgrade yet again in a couple of years and open yourself to yet another round of insecure devices to fix?

Those determined to stick with Windows 7 face an uphill task. Not only is Microsoft abandoning them, so, too, is the rest of the software ecosystem. Google, for example, is about to release a new version of Chrome, which will no longer me operable on Windows 7 or 8. That means no more updates for Chrome users on Windows 7 and 8 i.e., yet another gaping security hole impacting those users.

When Windows 7 supported began to disappear a in 2020, it attracted a great many cybercriminals. They began to look for the OS, knowing that they could penetrate it due to well-known and no longer patched security holes. The FBI issued a warning to private industry to get rid of it as quickly as possible. Many have yet to heed that advice.

Steps to Take Immediately

In light of these announcements, organizations are urged to take the following steps.

1. Conduct a detailed inventory of all operating systems running throughout the enterprise using Syxsense Enterprise.

2. Note all versions of XP, Windows 7 and 8 running, as well as older no longer supported Windows 10 instances (such as versions 1803, 1809, and 1909).

3. Work out a plan on how these machines are to be a) protected right now b) moved to Windows 11, and c) replaced with more modern PCs and laptops that qualify to run Windows 11.

4. Until the migration occurs, place all Windows 7 and 8 systems behind a dedicated firewall and protect them with intrusion prevention and anti-malware tools. Also, disable remote access to those systems unless sit is behind a VPN.

5. Survey your supply chain partners and even customers that have trusted access to your network. Verify that they have no users still on obsolete Windows OSes. Demand that only those on Windows 10 and 11 will be allowed access.

6. Use Syxsense Enterprise to conduct regular vulnerability scans throughout the network, and initiate remediation steps for vulnerabilities found.

7. Set up Syxsense Enterprise to automatically prioritize, deploy patches throughout the enterprise.

Syxsense centrally manages, and fully automates all inventorying, scanning, patching, and remediation. It reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices. It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It also frees up IT and security personnel to take care of other urgent areas of security for the enterprise.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Threat Detection and Response Remain Weak Points in Many Organizations

By BlogNo Comments

A recent survey by Foundry Research highlighted the fact that little has changed in the cybersecurity world of late. Organizations remain deeply worried about their inability to spot threats, respond to them in a timely manner, and train staff to avoid being tricked by scammers.

Across public and private sector organizations, the biggest issues were found to be threat response/remediation (55% among public sector and 53% among private sector respondents), improving detection of emerging threats (49% and 47%, respectively), and improving user security awareness (46% and 50%). Further issues cited included securing the supply chain (37% in the private sector compared to 28% among public sector respondents) and enabling secure Work-From-Home (WFH) or remote work (31% compared to 22%).

These findings demonstrate that the basics of security remain areas of difficulty in many government and private organizations. A big part of the issue is that these organizations are overwhelmed by the volume of data they must deal with to maintain a tight security posture. They are inundated with alerts and must trawl through massive logs across multiple applications to try to spot what is going on. Accordingly, the survey revealed that public sector organizations, in particular, struggle to leverage data to detect and prevent threats (63% compared to 49% of private sector respondents) and mitigate cybersecurity events (66% versus 56%). More than half of all agencies and organizations believe that it is challenging to harness data to inform cybersecurity decisions, detect and prevent threats, and mitigate events.

What underlies these challenges? Skills gaps (40% among both public and private sector respondents), lack of resources (31% public sector, 35% private), data integration (28% and 33%), and lack of visibility into the threat landscape (32% and 29%) were cited in the report. These issues inhibit their ability to act on data and resolve security events.

Budget, too, is a major obstacle when it comes to addressing cybersecurity priorities, according to three quarters of organizations surveyed. 48% of public sector respondents reported budgeting as an obstacle to a great extent and another 31% to some extent. In the private sector, 35% say budget impacts them to a great extent (35%) or to some extent (40%). More than one-third said their cybersecurity budgets were too low to address priorities and mandates (44% of public sector, 35% of private sector).

Getting Help with Cybersecurity

These results indicate that organizations need all the help they can get when it comes to cybersecurity. They are having trouble managing the many in-house security tools they have at their disposal, don’t have enough trained personnel to understand their risk posture and respond effectively to threats, and lack adequate budgets to resolve their ongoing security problems. The solution to these woes is to import as much help as possible via SaaS applications for cybersecurity. These can either be delivered directly from the vendor or via an MSP.

Syxsense Enterprise is a SaaS platform that automates the entire process of managing, monitoring, patching, scanning and remediating endpoints anywhere. It provides the necessary level of automation to make it feasible for IT to manage a vast number of endpoints, and soon, an even larger number of IoT devices and sensors. It automates all aspects of endpoint management and security. It is the only way to stay on top of patches, vulnerabilities, and endpoint security.

Alternatively, Syxsense Enterprise can be white labelled and offered to MSPs as a new service for their clientele. The Syxsense Managed Service provider program is designed for MSPs and MSSPs looking to provide a higher level of management services to their customers. It consolidates multiple solutions together into a single offering that includes IT Management, Patch Management, Security Vulnerability Remediation, and a robust policy based Zero Trust product.

Syxsense combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices. Its unified security and endpoint management platform centralizes the three key elements of endpoint security management (vulnerabilities, patch, and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex™ through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Security Service Edge and Zero Trust Are the Keys to Safeguarding the Modern Enterprise

By BlogNo Comments

A new study examined Security Service Edge (SSE) adoption, and the role it plays in establishing a zero-trust architecture. According to the report, SSE’s popularity is reflected in the fact that 71% of cybersecurity professionals are familiar with it, despite it only being around for about two years. In fact, SSE ranks above single sign on (SSO), multifactor authentication (MFA), endpoint security, and Security Information and Event Management (SIEM) in the minds of IT executives as a key technology in the achievement of zero trust. That’s why 65% of organizations plan to adopt SSE in the next 24 months, with 43% planning on implementing before the end of 2023.

Zero trust is all about securing endpoints, applications, IT infrastructure, and data based on the assumption that any network or endpoint is always at risk of either internal or internal attack. Accordingly, zero trust means individuals are not automatically trusted just because they are on the network. They must prove who they are and are given limited access to only the systems they need. The same applies to devices. Zero trust verifies machine identities and picks up changes such as the browser being used for access. In essence, all devices and identities are not trusted and are denied access to corporate assets until they can meet a defined set of criteria.

SSE has quickly become a top strategic initiative for organizations due to the role it plays in Secure Access Service Edge (SASE) adoption and successful zero trust implementations. The study found that 67% plan to start their SASE strategy with an SSE platform, compared to 33% with SD-WAN. Why? SSE is seen as more secure while also bringing gains in terms of cost reduction and productivity.

Access Complexity

An area of confusion emerged in the study – access complexity. Researchers found that 63% of enterprises have at least three access security solutions in play. Nearly a quarter leverage six or more access solutions. As well as raising costs, management complexity, and taking up IT time, this mess of access applications inevitably leads to security holes. Cybercriminals are eager to exploit any areas where access controls are weak or missing. Users of legacy access solutions, in particular, believed their top challenge was that their current platforms granted too much inherent trust to users. This goes against the grain of the zero-trust mindset.

The survey showed that SSE services are seen as providing a means of reducing costs. The top two legacy solutions that enterprise security teams will look to replace with SSE in the coming year will be VPN Concentrators (63%) for VPN, SSL inspection services (50%), Distributed Denial of Service (DDoS) (44%), and data loss prevention (DLP) services (42%).

Implementing Zero Trust in the Enterprise

Security vendors are coming to market with all manner of tools aimed at achieving zero trust goals. The latest version of Syxsense Enterprise forwards these goals via an integrated Zero Trust module. By using Syxsense for vulnerability detection management and remediation, organizations have no need to add additional products or tools to achieve zero trust protection. Further, Syxsense Enterprise consolidates different tools for patching, vulnerability scanning, remediation, mobile device management (MDM), and zero trust in one unified platform. It blocks users on untrusted devices, automatically triggers actions to prevent breaches, and enables endpoint compliance using Zero Trust Network Access policies (ZTNA).

The Syxsense Zero Trust module, then, serves as a trust evaluation engine for endpoints. Security teams can use it to build sophisticated access policies, apply

apply fixes and remediate issues in real time to enable (or block) access. In addition, remediation of non-compliant endpoints includes automation to take care of tasks such as deploying an urgently needed security patch, updating the anti-virus signature database, and alerting IT about unauthorized access attempts.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

New Study Highlights the Growing Role of SaaS and MSPs

By BlogNo Comments

Software-as-a-Service (SaaS) is very much in demand, according to a new survey. This is good news for vendors offering SaaS services as well as MSPs who are grabbing a steadily larger slice of the expanding as-a-Service pie. The report reveals that many companies are struggling to manage their many SaaS applications. They often don’t know which apps are running, who authorized them, who needs them, and how much they cost. Only about 40% of businesses, it turns out, comprehensively track SaaS information. The rest are seriously lacking in relevant data about their SaaS portfolio.

One of the key findings was that 30% of organizations already spend 50% of more of their software budget on SaaS. Another 40% estimate that SaaS accounts for anywhere from 25% to 50% of their software expenditure. Thus, in the modern world, only 30% of organizations have less than 25% of their annual software budget being spent on SaaS. Clearly, SaaS is here to stay. That is good news for the vendors offering it as well as MSPs who add value by taking the management, tracking, and billing burden away from user organizations. These MSPs provide the service, charge a monthly fee, and take care of everything for their clients. This frees up IT to work on strategic priorities.

The major areas where MSPs can gain ground, according to the survey, are security, compliance, and cost. Two-thirds of respondents expressed concern around security risks, data breaches, and noncompliance. No wonder MSSPs are picking up business from enterprise users to ensure their SaaS-rich environments are safeguarded. As well as taking over the running of SaaS applications for functions such as CRM, ERP, and backup, MSPs are gaining business by upselling a host of security tools such as patch management, vulnerability management, endpoint management, and more.

The survey also noted that 57% of respondents expressed concerns around wasted spending and hidden or untracked SaaS costs. Part of the problem is that 89% of companies said at least three departments were involved in SaaS management. While the IT/software asset management teams often took the lead, they typically deal with at least two other parts of the organization that want to be involved in selecting, deploying, and managing various parts of the SaaS estate. Again, this is an area where MSPs are stepping in as a means of centralizing SaaS management.

In some cases, MSPs help organizations optimize their SaaS application portfolios. 80% of companies covered in the report said they were actively optimizing their applications or were planning to. Similarly, 75% said application rationalization and consolidation was a stronger focus than before. In this arena, MSPs must compete with vendors offering application management and rationalization platforms.

Finding the Right Security Vendors

Those MSPs wanting to add security services to their current offerings are advised to choose their partners carefully. The Syxsense Managed Service provider program is designed for MSPs and MSSPs looking to provide a higher level of management services to their customers. It consolidates multiple solutions together into a single offering that includes IT Management, Patch Management, Security Vulnerability Remediation, and a robust policy-based Zero Trust product.

Syxsense provides innovative, intuitive SaaS-based endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Our unified security and endpoint management platform centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Ransomware Just Won’t Go Away

By BlogNo Comments

Historically, successful attack strategies continue until adequate defenses are assembled. For example, the Mongol hordes ravaged Asia and Eastern Europe for centuries. A simple invention – the walled town – ended their ability to ride in from the wilderness and devastate a settlement. Since then, innovation has ended the dominance of the long bow and other forms of weaponry.

Maybe there will come a time when ransomware, too, will finally go away. But it is so lucrative that the bad guys are using it for all its worth. It is up to enterprises to up their game to be able to thwart it.

Ransomware Rising

Research from NCC Group reveals that ransomware activity is rising again. December of 2022 saw 269 ransomware attacks in the US, approaching the peak levels for the year seen that was experienced back in March and April of 2022. The leading antagonist in December was Lockbit, which accounted for 19% of attacks, followed by BianLain (12%) and BlackCat (11%). BianLain saw a 113% increase in ransomware activity for the month using the rare ‘Golang’ programming language. This group can encrypt victim devices rapidly and has a playbook that is causing concern. They release victim names in stages to prompt organizations into payment. If payment is not received, they release all the names.

Researchers at Comparitech came up with similar findings. They found 335 publicly reported ransomware attacks in 2022 in the US. But they drew attention to the previous year when double the number of ransomware attacks occurred.

Why the decline in 2022? One reason could be more targeted attacks. Hackers want to catch the biggest fish. They are going after them with more tailored tactics aimed at securing the biggest paydays. Further, in the event of non-payment, they prefer big names and well-known companies where there is a major embarrassment factor when they post the data for sale on the dark web or publish it online. Thus, we have seen ransom demands drop from an average of $5.5 million in 2021 to $4.74 million 2022 – yet the business sector experienced a surge in ransom demands, from $8.4 million average in 2021 to $13.2 million in 2022. Additionally, the average number of records breached in ransomware attacks in the business sector increased from 100,000 in 2021 to almost 900,000 in 2022.

The worldwide pattern largely follows that of the US. 1,365 ransomware attacks in 2021 dropping to 769 in 2022. However, the effectiveness of attacks has risen – again showing the likelihood of more precise targeting. In 2021, 49.8 million records were impacted by ransomware attacks and that number more than doubled to 115 million in 2022. Major victims include: TransUnion South Africa (54 million records), Russia’s Digital Network Systems (16 million records), Australia-based Optus (9.8 million), Medibank (9.7 million), and AirAsia Group (5 million).

Governmental and educational organizations remained heavily targeted by cybercriminals. Government-based ransomware attacks saw average ransom demands surge from $1.7 million in 2021 to a $10.2 million in 2022. Further, the volume of records breached per attack rose from 15,327 to 39,383.

Safeguarding the Enterprise

In the modern world, there is no time to bury one’s head in the sand and hope for the best when it comes to ransomware. Organizations should expect incursion attempts to be made steadily. Therefore, they must be well prepared in advance to prevent, detect, mitigate, and cleanse all systems before major damage occurs. They must ensure that no single unspotted vulnerability or unpatched system exists across their network.

Syxsense Enterprise offers a way to stop breaches with one endpoint security solution. It encompasses:

  • Scanning for vulnerabilities: prevent cyberattacks by scanning authorization issues, security implementation, and antivirus status.
  • Device quarantining: Block communication from an infected device to the internet, isolate the endpoint, and kill malicious processes before they spread.
  • Patch Management: With support for all major operating systems, automatically deploy OS and third-party patches as well as Windows 10 Feature Updates.
  • Collaboration: IT and security teams can automatically collaborate in a single console to know and close attack vectors.
  • Mobile Device Management: Control over the devices in your organization to keep your business-critical resources secure on every single endpoint in your network.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo