Skip to main content
Tag

cyberattack

patch management

Patch Management Solutions: What Matters in a Vendor

By Blog, Patch Management

Far too many successful cyberattacks have involved known vulnerabilities that were allowed to go unaddressed.

While it’s clear that no organization can afford to approach patch management haphazardly, the reality is few IT teams have the time or resources to do anything other than pick and choose which urgent tasks will receive their attention. To avoid this conundrum, savvy organizations will look to the various commercially available patch management solutions to help their IT departments take a more comprehensive approach to this highly critical mission.

What are the Hard & Soft Metrics?

It’s important to understand that not all patch management tools are created equal. Careful consideration is essential to ensure that a particular vendor and its solutions will meet an organization’s needs amid a backdrop of ever-evolving cyber threats.

Evaluation should initially focus on the “hard metrics” to determine how a prospective vendor’s core product features stack up against an organization’s key technical criteria. Designating specific criteria – patch coverage, support for third-party patches, ease of deployment, etc. – as “table stakes” will allow an IT team to quickly and easily identify solutions that align with their needs and eliminate other vendors from as the evaluation process progresses.

From there, IT leaders and operations teams can move to reviewing solutions for “soft metrics.”

These include patch coverage and other attributes crucial to comprehensive patch management, as well as the “decision trigger” features that have the potential to impact an organization significantly. For example, many IT teams would find the ability to run patch management from the cloud to be a considerable advantage, especially when devices are dispersed beyond their organization’s network, as is common in today’s remote and hybrid work environments.

What are the Solution’s Reporting Capabilities?

The importance of reporting can’t be overstated when evaluating potential patch management solutions. When reporting is optimal, IT staff will spend far less time compiling documentation for their organization’s Board and other key decision-makers.

Merely reporting a complex list of vulnerabilities can make a report almost unintelligible. The best patch management solutions allow organizations to draw actionable insights from their reporting to drive valuable security improvements. In most cases, unified solutions will enable better reporting. This is especially true when an organization’s coverage needs extend beyond assets that patching would traditionally cover, such as hardware devices on the IOT side

Bottom line: If a choice must be made between key product features and reporting capabilities, organizations will be better served by sacrificing some technical criteria for the sake of optimal reporting.

Where is a Vendor Directing Future Investments?

It’s essential to know if a vendor is investing for the future (they all are), but also whether or not they’re investing in the direction of where market demand is headed and at a pace that will keep up with that demand.

Firmware patch management, for example, is quickly becoming a critical problem within the IOT space, as doing so within its interface and with its reporting simply isn’t scalable because it’s poised to become an essential feature for many – if not most – organizations moving forward, a prospective vendor should already be directing investment toward that area.

It’s also essential to determine whether or not a vendor is striking a good balance between maturing their existing patch management platform and introducing new features, as those that are will be better able to reduce some of the disruptions that can accompany future innovation.

What About Automation and AI?

More than a buzzword, automation has become a significant driver of conversations surrounding patch management. With IT staff constantly being asked to do more with less, organizations are prioritizing anything that will alleviate the load and increase satisfaction in their day-to-day work. By this point and in this environment, every vendor should be focusing on developing automation capabilities that will allow IT teams to spend less time setting up patch deployment and management.

While AI is not currently impacting the patch management space, it is poised to do so in the very near future. Current AI isn’t 100% accurate but does exceptionally well when solving incredibly complex issues where accuracy isn’t important. If it can help move the needle in terms of prioritizing tasks, identifying change, and automating tuning of the dial, patch management would be an ideal space for utilizing AI

Take Away

Patch management should never be left to chance.

By taking the time to identify the right patch management tool and vendor for their needs, organizations will be much better positioned to ward off cyberattacks and ensure business continuity even in the face of ever-evolving security threats.

For more insight on choosing a patch management solution, check out this webinar with GigaOm CTO and research analyst, Howard Holton: Analysts Insights: Gigaom Radar for Patch Management.

|||||

How Deadly is Ransomware?

By Patch ManagementNo Comments

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||||

10 Ways To Protect Your Organization From Cyberattacks

By News, Patch ManagementNo Comments

10 Ways To Protect Your Organization From Cyberattacks

While your first line of defense is always common sense, there are 10 actions that should be implemented to secure your organization.

This article originally appeared on ypo.org.

Many CEOs don’t want to think about cybersecurity. That’s why you hire a chief technology officer (CTO) or chief information security officer (CISO). But cybersecurity is now a board-level issue. While your first line of defense is always common sense, below are 10 actions every CEO should be implementing to secure their organization, with the help of the IT team.

 

1. Enable Two-Factor Authentication

If it has a password, make sure it supports two-factor authentication, which is a one-time code that is sent by SMS Text, email or an app on your phone like Google Authenticator (we don’t recommend SMS Text). A password is no longer enough to protect yourself. Passwords can be compromised by phishing attacks (emails asking you to enter your password) or stolen from other websites, where you might reuse the same or similar passwords.

Many companies now use Microsoft Office 365 for email and will often synchronize this with local usernames and passwords (Active Directory). If you have a breach in Microsoft Office 365, not only is Office 365 exposed, but now the attacker may have access to your local physical network.

 

2. Use Products Like Duo to Allow Two-Factor Authentication

Today Microsoft Windows and Apple Mac operating systems do not have two-factor authentication to control logons to laptops, desktops, servers, RDP, etc. By implementing tools like Duo (recently acquired by Cisco) you can add a second factor to all your physical and virtual devices. As an added bonus, you can also limit which devices accept a user’s logon.

 

3. Use a Password Manager

It is vital to have different passwords for every system you use. There have been many large-scale hacks of online services like LinkedIn (164 million accounts stolen), Adobe (152 million accounts stolen), Myspace (359 million accounts stolen), and more. This data is being used to create databases of usernames and passwords which can then be used to hack other systems. By having unique passwords for every system, you can protect against this. How do you remember all those passwords? Use a password manager like 1Password.

 

4. Make Sure You Have Backups

Backup everything! If your organization has a breach and ransomware is distributed, make sure you have backups of all your data. By far the easiest way to recover from ransomware is to wipe your devices and restore backups of data.

 

5. Disable SMB Outbound

The U.S. National Cybersecurity and Communications Integration Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the firewall – Ports 137/139/445.

A recent hack has been identified that leverages Windows’ ability to automatically logon to remote devices when connecting to a share. This is very useful when connecting to devices within your corporate network, however, it is a huge security hole when used by a hacker.

“Approximately 80 percent of breaches occur because IT has not kept up with software updates.”

7. Limit Access to Everything by Limiting IP Addresses

Many cloud solutions allow you to lock down security by limiting access from only certain IP addresses. For example, you might include your office public IP address and home.

 

8. Instruct Your Accounting Department to Verify Instructions to Pay or Transfer Funds by Phone

An attacker sets up an email address very similar to the CEO or CFO and then sends an email directly to the accounting team instructing them to urgently pay an invoice by wire. Implement a policy that all wires require a phone approval before payment.

 

9. Buy Cyber Insurance

This is a relatively new form of insurance and we have seen it being included in Errors and Omissions policies recently. It is vital that your organization purchases cyber insurance. This will cover the costs of investigation, responding to a breach, as well as business interruption and maybe even reputational losses.

Big Tip: If your organization experiences a breach, as soon as you finish an emergency response — like taking devices off the network — contact your insurance company, a lawyer that specializes in IT security, and let them hire all the IT security investigators. By letting your lawyers hire the IT security investigators, the results of the investigations become privileged information, legally limiting who can access details about what happened.

 

10. Encrypt Confidential Data

Many organizations use services like Dropbox to share and back up data. While these services are great and typically encrypt the data in the cloud, this data can still be decrypted by them. Also, services like Dropbox might sync the data across multiple devices, essentially creating local unencrypted versions of your data.

One approach to protect your data is to use full disk encryption, but you would need to make sure this is enabled across all your devices. Hint: IT management tools like Syxsense will tell you which devices do not have BitLocker enabled. However, this still leaves your data at risk if Dropbox has a breach. Products like BoxCryptor offer the ability to put an extra layer of encryption on the content, which protects your confidential data in the cloud and on local devices.

Patch Everything

Approximately 80 percent of breaches occur because IT has not kept up with software updates. It’s more important than ever to patch all devices, operating systems and applications, and more recently, IoT devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Ransomware Crashes Airport Displays

By NewsNo Comments

Bristol Airport Hit By Cyberattack

According to officials from the Bristol Airport, the attack started Friday morning.

It took out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights.

Illustrated by photos posted by travellers on Twitter, airport officials were forced to use whiteboards and paper posters to announce information for flights and luggage pickup points.

“We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible,” the airport tweeted on Sunday.

This is not the first case of an airport being targeted by ransomware, nor will it be the last. Cyber criminals are striking harder and bolder at any network they find vulnerable.

Organizations must act now and implement a proactive approach to securing their networks. An IT solution like Syxsense will facilitate a comprehensive patching strategy to ensure all systems are up to date.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo