Skip to main content

cyber attack

patch management

Patch Management Solutions: What Matters in a Vendor

By Blog, Patch Management

Far too many successful cyberattacks have involved known vulnerabilities that were allowed to go unaddressed.

While it’s clear that no organization can afford to approach patch management haphazardly, the reality is few IT teams have the time or resources to do anything other than pick and choose which urgent tasks will receive their attention. To avoid this conundrum, savvy organizations will look to the various commercially available patch management solutions to help their IT departments take a more comprehensive approach to this highly critical mission.

What are the Hard & Soft Metrics?

It’s important to understand that not all patch management tools are created equal. Careful consideration is essential to ensure that a particular vendor and its solutions will meet an organization’s needs amid a backdrop of ever-evolving cyber threats.

Evaluation should initially focus on the “hard metrics” to determine how a prospective vendor’s core product features stack up against an organization’s key technical criteria. Designating specific criteria – patch coverage, support for third-party patches, ease of deployment, etc. – as “table stakes” will allow an IT team to quickly and easily identify solutions that align with their needs and eliminate other vendors from as the evaluation process progresses.

From there, IT leaders and operations teams can move to reviewing solutions for “soft metrics.”

These include patch coverage and other attributes crucial to comprehensive patch management, as well as the “decision trigger” features that have the potential to impact an organization significantly. For example, many IT teams would find the ability to run patch management from the cloud to be a considerable advantage, especially when devices are dispersed beyond their organization’s network, as is common in today’s remote and hybrid work environments.

What are the Solution’s Reporting Capabilities?

The importance of reporting can’t be overstated when evaluating potential patch management solutions. When reporting is optimal, IT staff will spend far less time compiling documentation for their organization’s Board and other key decision-makers.

Merely reporting a complex list of vulnerabilities can make a report almost unintelligible. The best patch management solutions allow organizations to draw actionable insights from their reporting to drive valuable security improvements. In most cases, unified solutions will enable better reporting. This is especially true when an organization’s coverage needs extend beyond assets that patching would traditionally cover, such as hardware devices on the IOT side

Bottom line: If a choice must be made between key product features and reporting capabilities, organizations will be better served by sacrificing some technical criteria for the sake of optimal reporting.

Where is a Vendor Directing Future Investments?

It’s essential to know if a vendor is investing for the future (they all are), but also whether or not they’re investing in the direction of where market demand is headed and at a pace that will keep up with that demand.

Firmware patch management, for example, is quickly becoming a critical problem within the IOT space, as doing so within its interface and with its reporting simply isn’t scalable because it’s poised to become an essential feature for many – if not most – organizations moving forward, a prospective vendor should already be directing investment toward that area.

It’s also essential to determine whether or not a vendor is striking a good balance between maturing their existing patch management platform and introducing new features, as those that are will be better able to reduce some of the disruptions that can accompany future innovation.

What About Automation and AI?

More than a buzzword, automation has become a significant driver of conversations surrounding patch management. With IT staff constantly being asked to do more with less, organizations are prioritizing anything that will alleviate the load and increase satisfaction in their day-to-day work. By this point and in this environment, every vendor should be focusing on developing automation capabilities that will allow IT teams to spend less time setting up patch deployment and management.

While AI is not currently impacting the patch management space, it is poised to do so in the very near future. Current AI isn’t 100% accurate but does exceptionally well when solving incredibly complex issues where accuracy isn’t important. If it can help move the needle in terms of prioritizing tasks, identifying change, and automating tuning of the dial, patch management would be an ideal space for utilizing AI

Take Away

Patch management should never be left to chance.

By taking the time to identify the right patch management tool and vendor for their needs, organizations will be much better positioned to ward off cyberattacks and ensure business continuity even in the face of ever-evolving security threats.

For more insight on choosing a patch management solution, check out this webinar with GigaOm CTO and research analyst, Howard Holton: Analysts Insights: Gigaom Radar for Patch Management.


10 Ways To Protect Your Organization From Cyberattacks

By News, Patch ManagementNo Comments

10 Ways To Protect Your Organization From Cyberattacks

While your first line of defense is always common sense, there are 10 actions that should be implemented to secure your organization.

This article originally appeared on

Many CEOs don’t want to think about cybersecurity. That’s why you hire a chief technology officer (CTO) or chief information security officer (CISO). But cybersecurity is now a board-level issue. While your first line of defense is always common sense, below are 10 actions every CEO should be implementing to secure their organization, with the help of the IT team.


1. Enable Two-Factor Authentication

If it has a password, make sure it supports two-factor authentication, which is a one-time code that is sent by SMS Text, email or an app on your phone like Google Authenticator (we don’t recommend SMS Text). A password is no longer enough to protect yourself. Passwords can be compromised by phishing attacks (emails asking you to enter your password) or stolen from other websites, where you might reuse the same or similar passwords.

Many companies now use Microsoft Office 365 for email and will often synchronize this with local usernames and passwords (Active Directory). If you have a breach in Microsoft Office 365, not only is Office 365 exposed, but now the attacker may have access to your local physical network.


2. Use Products Like Duo to Allow Two-Factor Authentication

Today Microsoft Windows and Apple Mac operating systems do not have two-factor authentication to control logons to laptops, desktops, servers, RDP, etc. By implementing tools like Duo (recently acquired by Cisco) you can add a second factor to all your physical and virtual devices. As an added bonus, you can also limit which devices accept a user’s logon.


3. Use a Password Manager

It is vital to have different passwords for every system you use. There have been many large-scale hacks of online services like LinkedIn (164 million accounts stolen), Adobe (152 million accounts stolen), Myspace (359 million accounts stolen), and more. This data is being used to create databases of usernames and passwords which can then be used to hack other systems. By having unique passwords for every system, you can protect against this. How do you remember all those passwords? Use a password manager like 1Password.


4. Make Sure You Have Backups

Backup everything! If your organization has a breach and ransomware is distributed, make sure you have backups of all your data. By far the easiest way to recover from ransomware is to wipe your devices and restore backups of data.


5. Disable SMB Outbound

The U.S. National Cybersecurity and Communications Integration Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the firewall – Ports 137/139/445.

A recent hack has been identified that leverages Windows’ ability to automatically logon to remote devices when connecting to a share. This is very useful when connecting to devices within your corporate network, however, it is a huge security hole when used by a hacker.

“Approximately 80 percent of breaches occur because IT has not kept up with software updates.”

7. Limit Access to Everything by Limiting IP Addresses

Many cloud solutions allow you to lock down security by limiting access from only certain IP addresses. For example, you might include your office public IP address and home.


8. Instruct Your Accounting Department to Verify Instructions to Pay or Transfer Funds by Phone

An attacker sets up an email address very similar to the CEO or CFO and then sends an email directly to the accounting team instructing them to urgently pay an invoice by wire. Implement a policy that all wires require a phone approval before payment.


9. Buy Cyber Insurance

This is a relatively new form of insurance and we have seen it being included in Errors and Omissions policies recently. It is vital that your organization purchases cyber insurance. This will cover the costs of investigation, responding to a breach, as well as business interruption and maybe even reputational losses.

Big Tip: If your organization experiences a breach, as soon as you finish an emergency response — like taking devices off the network — contact your insurance company, a lawyer that specializes in IT security, and let them hire all the IT security investigators. By letting your lawyers hire the IT security investigators, the results of the investigations become privileged information, legally limiting who can access details about what happened.


10. Encrypt Confidential Data

Many organizations use services like Dropbox to share and back up data. While these services are great and typically encrypt the data in the cloud, this data can still be decrypted by them. Also, services like Dropbox might sync the data across multiple devices, essentially creating local unencrypted versions of your data.

One approach to protect your data is to use full disk encryption, but you would need to make sure this is enabled across all your devices. Hint: IT management tools like Syxsense will tell you which devices do not have BitLocker enabled. However, this still leaves your data at risk if Dropbox has a breach. Products like BoxCryptor offer the ability to put an extra layer of encryption on the content, which protects your confidential data in the cloud and on local devices.

Patch Everything

Approximately 80 percent of breaches occur because IT has not kept up with software updates. It’s more important than ever to patch all devices, operating systems and applications, and more recently, IoT devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Ransomware Disrupts Massive Shipping Company

By NewsNo Comments

Cyberattack Causes Shipping Industry Disaster

COSCO, one of the world’s largest shipping companies, has experienced a ransomware attack on their US network. Their Long Beach terminal reported that their website and telephone network went down on July 25.

The company initially downplayed the event, however it quickly became apparent this was much more than a technical difficulty.

There is a legitimate fear this current attack is “a proxy for the entire industry.” Hackers might be testing the waters for lessons learned after the NotPetya attacks in June 2017. The losses and response times will be studied closely by many companies, and future malicious actors.

With the increasing rate of cybercrime, many are starting to accept these attacks as an unavoidable hazard of running a business. But there is a way to combat such threats and mitigate risk. Keeping up to date on patching is the #1 strategy for protecting your company from ransomware.

Syxsense has a comprehensive patch manager. With a quick scan, you can see what devices need updates and the severity of those patches. The deployment task is easily configured and can be set to happen on demand or scheduled around business hours.

There’s a better way to manage your environment. See how with a trial of Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo