Skip to main content
Tag

Cloud endpoint management

Four Top Endpoint Protection Trends

By BlogNo Comments

Four Top Endpoint Protection Trends

Endpoint protection has always been a vibrant marketplace. From the early days of intense anti-virus competition to the security package wars between McAfee, Symantec, and Trend Micro, this has never been a dull area. And as the security threat horizon continually shifts in unforeseen directions, endpoint protection has stayed in the spotlight.

Endpoint protection now takes in a wide range of tools including anti-malware, spam filtering, endpoint detection and response (EDR), patch management, data loss protection, vulnerability management, mobile threat defense, ransomware protection, and others. Some vendors offer several of these tools inside their packages; others try to provide them all.

Here are four of the top trends in endpoint protection

Smartphone and BYOD Support

The latest endpoint protection tools and platforms now offer much better smartphone and Bring Your Own Device (BYOD) support than they ever did. As a result, BYOD policies have gotten stronger, enabling more efficient and streamlined workflows between mobile and enterprise applications.

Some tools, for example, make it possible to deploy apps and accounts securely to personal devices, as well as give IT some management and enablement features for end users.

Endpoint Management Meets Patch Management

IT managers are so pushed for time and so limited in resources that they don’t have time to move from screen to screen and app to app as they address the different facets of endpoint management. They need automation and efficiency. That’s why it is now possible to find patch management and endpoint protection being combined in Syxsense and other tools.

This is good news for IT. Folding patch management into device management ultimately means better security as endpoint patching no longer remains an area of neglect.

Platforms Converge

This trend of endpoint management being combined with patch management is part of a larger convergence trend within the world of IT management and security. With threats becoming so virulent ransomware forever changing the cybersecurity landscape, and threats becoming increasingly blended, it is not enough to address one area such as endpoint anti-virus or patch management of devices.

Convergence is driving the market and is leading to all-encompassing packages that bring together patch management, vulnerability scanning, remediation of threats, general IT management, and Mobile Device Management (MDM).

Such platforms are particularly needed in light of recent vulnerabilities such as PrintNightmare. To remediate this threat, IT had to conduct a series of unifying actions: patch endpoints and then remediate two separate security misconfigurations before the issue was fully resolved. IT no longer has the time to fiddle with several systems to accomplish such tasks. They want to have one automated system that takes care of all of it.

Convergence to the Nth Degree

If anything, the tendency toward convergence is accelerating. Gartner is struggling to come up with enough acronyms to cover the amount of change and convergence taking place right now. There is Unified Endpoint Management (UEM), Unified Endpoint Security (UES), and some are now coining terms such as Unified Security and Endpoint Management (USEM), which brings together the best of UEM and UES in one package.

This new class of USEM tools offers management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google, Android, Chrome OS, Apple macOS, iPadOS, and iOS. They enable IT to apply data protection, device configuration, and usage policies that simplify endpoint management. By consolidating disparate tools and streamlining processes across devices and operating systems, deeper integration and greater protection are achieved while reducing the total cost of ownership (TCO) of endpoint device management and security.

Syxsense Enterprise brings the best of UEM and UES together. It is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. Syxsense Enterprise can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The Best of 2016: Our Year in Review

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Our Year In Review

2016 was a big year for Syxsense. As a company, we are constantly growing, adding new features and always focused on our customers.

IT systems management is frequently changing and it’s crucial to keep up with the latest news, strategies and updates. Every month, we share the latest Microsoft and third-party patches, explaining which to prioritize and how to implement the most effective patch strategy.

With plenty of changes on the way for 2017, be sure to stay on top of patching and IT systems management in the new year. Even when other tasks fill up your to-do-list and seem more important, prioritizing patching is the best New Year’s resolution for any IT manager. Explore the highlights and some of our favorite content from the past year.

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]
|Patch Tuesday

Patch Tuesday: February 2015

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”3020″ img_size=”full” alignment=”center”]

This month’s Patch Tuesday is a bit of an interesting one…

MS15-011 affects all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 RT, and Windows RT 8.1. Essentially, any domain-joined Windows Clients and Servers may be at risk.

The flaw, dubbed JASBUG, was discovered by JAS Global Advisors back in January 2014. The company however, adhered to good disclosure practices and the vulnerability wasn’t made public until Microsoft had prepared a fix. The fact that it has taken Microsoft over a year to develop a fix should indicate just how wide ranging and complex the vulnerability is.

According to JAS Global Advisors: “The fix required Microsoft to re-engineer core components of the operating system and to add several new features.”

Outlined below are the critical updates you need to be focusing on. As usual, we have cross-checked Microsoft’s own rating with US-CERT’s independent assessment of the patches so you are in the best position to choose the most important updates for your business.

MS15-011

This security update, which I mentioned above, is a remote code execution vulnerability existing in how group policy receives and applies connection data when a domain-joined system connects to a domain controller. An attacker who successfully exploits this vulnerability could take complete control of an affected system, letting them install programs; change, view, or delete data; or even create new accounts with full user rights.

MS15-010

The most severe of the six privately reported vulnerabilities could, again, allow remote code execution if an attacker is able to convince a user to open a specially crafted document, or to visit an untrusted website that contains embedded TrueType fonts.

MS15-009

This security update resolves one publicly disclosed and 40 privately reported vulnerabilities in Internet Explorer, with the most severe of these allowing remote code execution. If a user views a specially crafted web page it could allow an attacker to gain the same user rights as the current user.

Microsoft rates the remaining six patches in February’s update as Important. A full breakdown of these ratings compared to the US-CERT ratings can be found in the table below. I’d always advise to use US-CERT’s rating in conjunction with Microsoft’s, which will give you a much clearer picture of which patches you should be prioritising.

Update no.
CVSS score
Microsoft rating
Affected Software
Details
MS15-012 9.3 Important Microsoft
Office
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
MS15-011 8.3 Critical Microsoft Windows Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
MS15-010 7.2 Critical Microsoft Windows Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
MS15-009 6.8 Critical Microsoft Windows, Internet
Explorer
Security update for Internet Explorer (3034682)
MS15-017 6.8 Important Microsoft Server Software Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
MS15-015 6.0 Important Microsoft Windows Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
MS15-013 4.3 Important Microsoft
Office
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
MS15-016 4.3 Important Microsoft Windows Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
MS15-014 3.3 Important Microsoft Windows Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
CMS innovative product|

Verismic Awarded Most Innovative Product of the Year 2014

By Awards, NewsNo Comments
[vc_single_image image=”1886″ img_size=”full”]

Verismic is pleased to announce we have been awarded Most Innovative Product 2014 for Syxsense. 

Ashely Leonard, CEO said “It has been an exciting year for us with the launch of Syxsense, being recognized as one of the Top Innovative Products of 2014 is a great way to end the year.”

The Best in Biz awards honours companies teams, executives and products for their business success and is the only independent business awards program judged by members of the press and industry analysts.

One of this year’s judges Mark Huffman, Consumer Affairs said “In the Internet age, it has never been more important to ensure your customers have a positive experience and, should there be a problem, to address it. These companies “get it,” and that’s not only good for them, but good for customers too.”

|NetworkWorld|

Network World: 8 tech buzzwords that you need to know

By NewsNo Comments
[vc_single_image image=”1715″ img_size=”medium” alignment=”center”]

Impress your friends at this year’s holiday gatherings by dropping a few of these terms

By  | Network World | Nov 17, 2014 3:00 AM PT

Buzzwords are a fact of life in the technology profession. Whether you’ve been in the industry for 30 years (remember WYSIWYG?) or for five (netiquette, anyone?), it’s a good bet you’ve incorporated techspeak into your everyday conversation, maybe without even knowing it.

As the global data tsunami continues to build, and a new wave of technologies from the consumer world hits IT, it’s not surprising that the buzzword count has surged. Here’s a look at eight of the hottest buzzwords being used today.

1. IoT (Internet of Things) or IoE (Internet of Everything)

The IoT is the chatty network that’s formed when the devices and “things” we use in our everyday lives – automobiles, thermostats, appliances, fitness bands, even toothbrushes – talk to each other through embedded technology and Web connectivity. While this term has been around for at least a decade, it’s only recently that the general public has fathomed its impact on our lifestyles.

“In the not too distant future, consumers will be able to tell their house to turn on the lights, unlock the doors, open the garage and report on how much milk is left in the fridge, all from the comfort of their car on their commute,” says Jeff Remis, branch manager of the IT division at the Addison Group.

“As technology continues to evolve, the more connected and automated every aspect of our lives will be.”

As a result, IoT is almost always brought up when industry pundits discuss “disruptive” technology trends. “Working for Ericsson, I hear this almost every day. With ideas like connected vehicles, M2M, and so on, this is very relevant,” says Samuel Satyanathan, director of strategy and engagement at Ericsson.

With the number of wireless connected devices exceeding 16 billion in 2014, according to ABI Research, which is 20% more than in 2013, some prefer the term “Internet of Everything.” “This is just an expansion of the “Internet of Things” to emphasize that everything is becoming a connected device, from mobile phones, appliances and cars, to animals,” says Ken Piddington, CIO at MRE Consulting. Indeed, ABI forecasts the number of connected devices will more than double from the current level, to 40.9 billion in 2020.

2. BYOE (Bring Your Own Everything)

Of course you’ve heard of BYOD, or “bring your own device,” which is the trend among businesses to allow employees to use their own personal mobile phones, tablets and laptops for work. But with the growth of mobile devices, including wearable technologies, some say the new umbrella term will be BYOE, or “bring your own everything,” Piddington says.

Already, Cognizant Technology Solutions has coined the term BYOHD, or “bring your own health device,” referencing the growing number of embedded or wearable devices that enable patients to collect data on vital signs, genetics, health history, fitness levels, activity levels, body-mass index, sleep patterns and more.

3. Dual Persona

Thanks to BYOE, another buzzword making the rounds is “dual persona,” which refers to mobile phones that enable people to maintain separate environments for personal and business use on the same device. “Users can have both a work and home profile simultaneously, and by separating these two personas, they can segment and protect personal and corporate data,” says Ashley Leonard, president and CEO of Verismic Software, a global provider of IT management solutions delivered from the cloud.

4. Wearables

When Google first released its plans for augmented reality glasses, or Google Glass, it was met with skepticism and a healthy number of parody videos. Even today, the device is seen by many as “odd but interesting,” as one blogger puts it. Still, while commercial success eludes most forms of wearable technologies today, the idea of wearing devices that would automatically consume, share, transmit, analyze and present vital information to or about us is no longer seen as a joke.

“This is a very trending development at the moment, from health devices to new mobile technologies, and is seeing rapid expansion and advancement,” Leonard says.

The wrist has been deemed the most realistic place for a wearable to be worn; witness the assortment of activity trackers and smartwatches that have made their way to the market from industry heavyweights like Samsung, Sony and Apple. However, it seems no area of the body will go unconsidered, with companies developing smart rings,insole sensors, glucose-level detectors inserted under the skin, posture-detecting pins and more. According to IDC, wearables have moved out of the early-adopter realm, with shipments exceeding 19 million units in 2014, more than tripling last year’s sales, and swelling to 111.9 million units in 2018, resulting in a CAGR of 78.4%.

5. Quantified Self

The buzz around wearable technologies is driving interest around what some call the “quantified self,” Leonard says, which is a movement geared toward gathering data about any aspect of your daily life and using that information to optimize your behavior. Chris Dancy, a top proponent of the trend, claims to have lost 100 pounds and kicked a two-pack-per-day smoking habit by logging and analyzing data on his everyday activities, including sleeping, eating and even his moods. Numerous meetups and forums now exist to support people interested in quantifying their own lives.

“If the advent in wearable technology is any indication, this term is one that will stick around, and Iam a huge fan of this idea,” Remis says. “Wearables are emerging to track insulin levels and even the air quality around you. The smart watch will be a big-ticket item this holiday season – and it’s just the beginning.”

6. XaaS (Everything as a service)

It all started with “software as a service,” but the as-a-service trend soon spread to a multitude of areas, including platform, infrastructure, storage, communications, network, monitoring and business process as a service. It’s no wonder, then, that many now simply say “everything as a service,” or XaaS (pronounced “zaas”). “I think it will start to become more widely used, as ‘everything’ is becoming available as a service,” Piddington says, even outside the technology realm. “You’ve got cars (ZIP Cars), housing (AirBnB), legal (LegalZoom) — the list continues to go on and on.”

Others prefer the more traditional nomenclature. “Personally, I am not a fan of this word and would still rather go with specific ones, like SaaS, PaaS, etc.,” Satyanathan says. For SaaS fans, Piddington offers the verb form, “SaaSified,” or the process of taking a traditional on-premise application and moving it to the cloud or making it available as a service. “I first heard this from a vendor of mine as they were describing how they were moving their core products to the cloud. I’ve been using it ever since,” he says. At least it’s more specific than cloud-ified.

7. Small Data

Once buzzwords hit their peak on the hype-o-meter, it’s not uncommon for industry pundits to rethink the meaning behind the word and hit upon more relevant variants. This is why you may have heard talk of “small data” and even “dark data,” Piddington says. Because big data is sometimes overkill for certain purposes, more people are starting to talk about small data, which according to the Small Data Group, connects people with timely, meaningful insights (derived from big data and/or “local” sources), and is organized and packaged – often visually – to be accessible, understandable, and actionable for everyday tasks.

Dark data, meanwhile, is the operational data that businesses collect but don’t optimize for competitive purposes, Piddington says. According to Gartner and other sources, the hazards of dark data range from lost business opportunity and higher than necessary storage costs, to security risks.

8. Ransomware

Ransomware refers to malware that infects a user’s computer and typically encrypts sensitive data until a ransom has been paid, Leonard says. An example is CryptoLocker, a damaging strain of malware that uses encryption to lock the most valued files of victim users. Many malware variants are now being created, “proving that ransomware is going to be an ongoing problem for home users and businesses alike,” Leonard says.

For companies, these types of attacks could have devastating consequences as local drives and corporate network data are all potentially encrypted, he points out. “Many victims who actually paid the ransom later reported that their data was never released, demonstrating the need for requirements of good security practices and strong IT management technology that allows all network endpoints to be actively managed and patched,” Leonard says.

So, where will the next buzzwords come from? If not from tech marketers, the answer will likely come from the “digital native” set, or the younger generations who have never known what it is like to not have constant and easy connectivity to the Web. For his part, Piddington keeps his ear tuned to the conversations of his 12-year-old son and his friends. Hence his use of the word “laggy.” “This is what he and his friends call a slow Internet connection. I seem to hear it said often when a large group of them are playing Minecraft,” Piddington says.

Brandel is a freelance writer. She can be reached at [email protected]

BYOD: California Court Decides Who’s Wearing the Pants

By NewsNo Comments

Article originally featured in ITBriefcase.net

The workplace trend of BYOD (Bring Your Own Device) is nothing new. What remains unclear, however, is the burden of ownership, cost and security. When employees bring their own cell phones, laptops or tablets to work, there’s a fair chance they’ve personally purchased those devices—data plans and all. In fact, some employers today require a BYOD policy, with no intention of paying for any of it. As one CIO bluntly put it, “Well, we don’t buy their pants either, but they’re required for the office.”

Fortunately, not all employers take such a cynical approach to workplace reimbursement, nor do they subscribe to a one-size-fits-all BYOD policy. While many view the trend as a potential win-win for everyone, the need for clarity is apparent. At least that’s what the California Court of Appeals decided when it handed down a ruling in August 2014 regarding the workplace trend. In Cochran v. Schwan’s Home Service, the court stated:

“We hold that when employees must use their personal cell phones for work-related calls, Labor Code section 2802 requires the employer to reimburse them. Whether the employees have cell phone plans with unlimited minutes or limited minutes, the reimbursement owed is a reasonable percentage of their cell phone bills.” 

This ruling solidified the responsibility of employers throughout the state of California to now provide reasonable reimbursement to all employees using their personal cell phones for work-related calls.

Indirectly, the ruling opened up a Pandora’s Box, unleashing ambiguous questions and concerns regarding data security, liability and actual reimbursement percentage figures—for all devices.

Just the thought of required reimbursement has left many business owners and CIOs feeling uncertain about the reality of BYOD’s future. While the practice isn’t exactly new, the trend is contemporary enough for a few larger companies to consider the recent court decision a death knell.

Establishing Order

Before we throw the BYOD baby out with the bathwater, let’s examine the facts of this widely misunderstood case. First, the ruling pertains exclusively to employee cell phones. Second, the now-required reimbursement is based on a “reasonable” percentage—partial, not complete; and finally, California is the only U.S. state affected by this decision so far.

While the court decision will undoubtedly have an impact on BYOD practices throughout the U.S., the benefits of the trend unarguably outweigh the deficits. BYOD was established to accomplish objectives for both the employer and employee. In theory and in practice, BYOD gives employees freedom to utilize cutting-edge technology, which has the capacity to not only enhance their own job performance but also benefit the corporate entity or employer, who also garners the additional benefits of lowering overhead costs and alleviating liability for devices connecting to the corporate network.

The trend, when properly implemented and regulated, has the ability to grant employees access to enterprise data from a single device. It also potentially benefits the IT department by eliminating the need to manage these personal devices. For example, if an employee downloads a pirated movie onto a work device their employer (the owner of the device) could be held legally liable; however, with BYOD, the device is owned by the employee so the liability lies with them personally.

Down the Rabbit Hole

Perhaps the real debate lies with provisions and compliance. In response to the California court ruling, the National Law Review recently advised employers to revisit their company cell phone policies. This call for review is a good start and should prompt employers to instate more comprehensive BYOD policies designed to protect the privacy of both the employee and the corporation. Companies and employees would also greatly benefit from clearly defining their “percentage of reimbursement,” shifting the liability to the center, and firmly differentiating business and personal use. On the other hand, this could lead to more concerns regarding ownership and responsibility of home Internet connections and cable bills. Drawing a line in the sand will be an on-going challenge—at least for now.

In the meantime, enterprise solutions currently deployed by California companies need not be affected by the recent ruling, as some of the more comprehensive options—made with enterprise-grade security features in mind—have the ability to proactively monitor and manage their environment from any web browser, meaning the type of device used should have no effect on employee productivity and corporate security.

Reconfiguring the System

If BYOD vanishes from our corporate landscape, the only viable alternative will be to take a step backward. By chaining employees to outdated or unsuitable corporate-owned devices and software that require maintenance and careful monitoring, companies risk the real possibility of not only impeding an employee’s performance but also discouraging an already skittish workforce—a high price to pay.

If nothing else, the ruling will push us in another direction; one where new enterprise solutions are required in order to navigate uncharted waters. BYOD isn’t dying; it’s evolving.

Ashley 199x300 BYOD: California Court Decides Who’s Wearing the Pants

ABOUT THE AUTHOR: Ashley Leonard is the president and CEO of Verismic Software—a global industry leader providing cloud-based IT management technology and green solutions—and a technology entrepreneur with 25 years of experience in enterprise software, sales, operational leadership and marketing, including nearly two decades as a successful senior corporate executive and providing critical leadership during high-growth stages of well-known technology industry pioneers. He founded Verismic in 2012, after successfully selling his former company, NetworkD—an infrastructure management software organization. In his present role, Leonard manages U.S., Australian and European operations, defines corporate strategies, oversees sales and marketing, and guides product development. Leonard works tirelessly to establish Verismic as the leading provider of IT endpoint management solutions delivered from the cloud by building beneficial industry partnerships and creating a strong, innovation-driven culture within the Verismic workforce, all while delivering returns to Verismic’s investors. Verismic’s latest offering, Syxsense , is an agentless, cloud-based IT management software solution that is revolutionizing the way IT professionals engage in endpoint management.

ABOUT VERISMIC: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense ; Power Manager; Software Packaging and Password Reset.

Verismic Software Announces Expansion With Addition of Salt Lake City Location

By NewsNo Comments

SALT LAKE CITY, UT and ALISO VIEJO, CA–(Marketwired – Oct 22, 2014) –  Verismic — a global provider of IT management solutions delivered from the cloud — today announced the expansion of its cloud software operations with the opening of a new development center in Salt Lake City.

“Salt Lake City is an ideal location for great software development talent, allowing us to continue developing industry-leading cloud technologies,” says Verismic President and CEO, Ashley Leonard. “Our presence in the burgeoning cloud technology industry strategically positions us for growth as we continue to develop innovative solutions to complex infrastructure problems.”

Headquartered in Orange County, Calif., and with offices in the U.K. and Australia, Verismic made its mark by transforming IT management with Syxsense — an agentless, cloud-based IT management software alternative that is revolutionizing the way IT professionals engage in endpoint management. The company also offers a growing product suite of IT support and green technology solutions.

Verismic relocated its Chief Technology Officer, Mark Reed, from Florida to lead the building of the development team in the Salt Lake City region. The expanding company has hired great talent and expects to continue this growth with further staff additions through the rest of 2014 and in to 2015.

“The skill level within the Salt Lake City area is impressive, and we have been thrilled thus far with the interest in our expansion to the region,” says Reed, a Salt Lake City native.

The newest Verismic Software office is located at 175 West 200 South, Salt Lake City, UT 84101 — in the Historic Firestone Building within the heart of Salt Lake City.

For more information on Verismic’s steady growth and innovative solutions, visit www.verismic.com.

ABOUT VERISMIC:
Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, SyxsensePower Manager; Software Packaging and Password Reset. For more information, visit www.verismic.com.

Reducing Endpoint Management Bloatware

By NewsNo Comments

Originally printed at www.btc.co.uk

Ashley Leonard, President and CEO of Verismic explains his view on the imperative of simplifying Endpoint management

It’s now well accepted that employees use multiple devices in the workplace. Desktop PCs have been augmented with laptops, tablets and smartphones. The Internet of Things will make the penetration of internet connected devices into the corporate world even greater.

The risk to the corporate network caused by unmanaged and potentially unpatched devices, commonly called endpoints, is significant. After all, it only takes one rogue to create a security flaw, so thousands could wreak havoc. Traditional endpoint management tools fail to protect businesses by being cumbersome. They are too complex, function heavy, unwieldy, and too demanding of resources: especially people and infrastructure.

COMPLEXITY 
Endpoint management tools have grown in complexity. Vendors add more and more functions to their core product, often unnecessarily, and all too often failing to help organisations control endpoints quickly and efficiently.

When speaking to organisations, from the smallest to the largest, 99 per cent of the time they primarily want asset inventory and remote control tools. That’s what they need urgently and use frequently. Customers also use software deployment and patching but only in around 75 per cent of cases. The remaining functionality of endpoint management tools is generally wasted, confusing and delaying the endpoint management process.

As a result of the excessive functionality, the User Interface (UI) of traditional tools inherits this complexity too. For IT, it becomes harder to find their way around the UI, which inevitably leads to additional costs for supplier training services or even worse, administrators giving up and performing tasks the old way.

It’s also quite often the case that traditional endpoint management tools actually require dedicated people, systems administrators, to manage the tools and keep them running, such is their complexity. Without the right people how do you even know the tool is running efficiently and effectively? It might not even be running at all. If your business doesn’t have that person or team, you’ll need to hire.

That’s another unwanted cost and another delay to managing devices – and costs are not just limited to people and training either. Traditional endpoint management tools also generate additional costs for servers, software and maintenance. This is usually a significant upfront cost as well as an ongoing maintenance cost. Some of these tools even require servers at each site within the organisation.

MANAGE YOUR ENVIRONMENT, NOT YOUR MANAGEMENT TOOL
Endpoint management tools should remain simple, focused and flexible. Here’s what businesses should be demanding:

  • A product which starts with the primary requirement for asset inventory, remote control, software distribution and patching, with additional functionality available instantly 
  • They need a simple UI, but with the flexibility to interrogate the system in more detail if required
  • Naturally, they need low monthly payments with no long-term contract
  • Businesses need endpoint management tools, which are quick to deploy and provide rapid asset discovery, even for modern environments which operate BYOD policies, virtual environments and mobile device fleets. This means using endpoint management tools which operate from the internet using agentless technology, and do not require the installation of clients that require constant updates and patches
  • Finally, endpoint management tools should operate from the cloud, because today’s endpoints are inside and outside the firewall. Cloud endpoint management is also better suited to Managed Service Providers, who frequently support customers outside the firewall. 

We’re seeing fewer and fewer businesses sign up for on premise software and an increasing demand for cloud services. Businesses neither want nor need to worry about hardware costs and the recruitment of systems administrators.

In 2014, flexibility and simplicity is the name of the game. Endpoint management providers and tools which can’t demonstrate these core principles are destined for the endpoint scrapheap. NC

Patch Tuesday: Time to Lose Your Marbles!

By Patch Management, Patch TuesdayNo Comments

Microsoft’s patches this month are few, but no less important. In fact, critical in one case!

We generally compare two sources of information to understand the impact of Microsoft’s patch updates – Microsoft’s own feed plus information from an independent source, such as US-CERT [United States-Computer Emergency Readiness Team] which uses the Common Vulnerability Scoring System (CVSS) to asses the potential impact of the IT vulnerabilities. By contrasting two sources of information we can get the real picture of how the vulnerabilities affect your business.

In this latest round, announced last week, we have four updates, MS14-052, MS14-053, MS14-054 and MS14-055. Full details for each below. Now, what’s interesting here is that Microsoft has listed the latter three as Important but by using the CVSS we can actually understand that MS14-055 has a score of 7.8 out of 10. That’s pretty high and, in our experience, anything with a CVSS score that high needs to be urgently prioritised along with the Critical update MS14-052.

What’s the risk?

MS14-055 resolves vulnerabilities, which could allow a denial of service attack against Microsoft Lync Server. This is rightfully a high-scoring ‘Important’ vulnerability that could allow someone to kill the server of a communications tool so vital to the operations of many, many businesses.

As an aside, I like to think of a denial of service attack as a marble in a bucket; the bucket is being used to remove water from a swimming pool. Every time, the bucket is used, another marble finds its way in. Before long, you’re carrying a lot of marbles and not shifting much water! This vulnerability needs resolving – its time to lose your marbles.

MS14-052 has a CVSS score of 9.3. It’s a ‘rollup’ of 36 privately reported vulnerabilities, which affect all versions of Microsoft Internet Explorer. The vulnerability could allow an attacker to execute remote code. Again, it needs to be resolved.

Next steps 

Right now, we’re looking at the binary code for each patch update and moving towards testing and piloting the updates before deployment to customers. As with all our customers, we’ll be working through our agreed deployment process using Verismic Syxsense for rollout.

Feel free to leave a comment below if you have any viewpoints on the patch updates.

Microsoft score
CVSS score
Update no.
Affected software:
Critical security bulletin 9.3 MS14-052 Windows Server 2003 Service Pack 2:
– Internet Explorer 6
– Internet Explorer 7
– Internet Explorer 8
Windows Server 2003 x64 Edition Service Pack 2:
– Internet Explorer 6
– Internet Explorer 7
– Internet Explorer 8
Windows Server 2003 with SP2 for Itanium-based Systems:
– Internet Explorer 6
– Internet Explorer 7
Windows Vista Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
Windows Vista x64 Edition Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
Windows Server 2008 for 32-bit Systems Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
Windows Server 2008 Server Core installation not affected)
Windows Server 2008 for x64-based Systems Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
Windows Server 2008 for Itanium-based Systems Service Pack 2:
– Internet Explorer 7
Windows 7 for 32-bit Systems Service Pack 1:
– Internet Explorer 8
– Internet Explorer 9
– Internet Explorer 10
– Internet Explorer 11
Windows 7 for x64-based Systems Service Pack 1:
– Internet Explorer 8
– Internet Explorer 9
– Internet Explorer 10
– Internet Explorer 11
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
– Internet Explorer 8
– Internet Explorer 9
– Internet Explorer 10
– Internet Explorer 11
(Windows Server 2008 R2 Server Core installation not affected)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
– Internet Explorer 8
– Windows 8 for 32-bit Systems:
– Internet Explorer 10
– Windows 8 for x64-based Systems:
– Internet Explorer 10
– Windows Server 2012:
– Internet Explorer 10
(Windows Server 2012 Server Core installation not affected)
– Windows RT:
– Internet Explorer 10
– Windows 8.1 for 32-bit Systems:
– Internet Explorer 11
– Windows 8.1 for x64-based Systems:
– Internet Explorer 11
– Windows Server 2012 R2:
– Internet Explorer 11
(Windows Server 2012 R2 Server Core installation not affected)
– Windows RT 8.1:
– Internet Explorer 11
Impact: Remote Code Execution
Version Number: 1.0
Important security bulletin 7.8 MS14-055 – Microsoft Lync Server 2010
– Microsoft Lync Server 2013
– Impact: Denial of Service
– Version Number: 1.0
Important security bulletin 6.8 MS14-054 – Windows 8 for 32-bit Systems
– Windows 8 for x64-based Systems
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
– (Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
– (Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Windows RT 8.1
– Impact: Elevation of Privilege
– Version Number: 1.0
Important security bulletin 4.3 MS14-053 Windows Server 2003 Service Pack 2
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
Windows Server 2003 x64 Edition Service Pack 2
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
Windows Server 2003 with SP2 for Itanium-based Systems
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 4
Windows Vista Service Pack 2
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows Vista x64 Edition Service Pack 2
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows Server 2008 for 32-bit Systems Service Pack 2
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
(Windows Server 2008 Server Core installation not affected)
Windows Server 2008 for x64-based Systems Service Pack 2
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows Server 2008 Server Core installation not affected)
Windows Server 2008 for Itanium-based Systems Service Pack 2
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
Windows 7 for 32-bit Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows 7 for x64-based Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
(Windows Server 2008 R2 Server Core installation affected)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4
Windows 8 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows 8 for x64-based Systems
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows 8.1 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 4.5.1/4.5.2
Windows 8.1 for x64-based Systems
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 4.5.1/4.5.2
Windows Server 2012
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
(Windows Server 2012 Server Core installation affected)
Windows Server 2012 R2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 4.5.1/4.5.2
(Windows Server 2012 R2 Server Core installation affected)
Windows RT
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
Windows RT 8.1
– Microsoft .NET Framework 4.5.1/4.5.2
– Impact: Denial of Service
– Version Number: 1.0
Showing 1 to 4 of 4 entries