Skip to main content
Tag

cybersecurity

Unified Endpoint Management Enters the Mainstream

By BlogNo Comments

Unified Endpoint Management Enters the Mainstream

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Once upon a time, there was anti-virus. Then anti-spam, adware, malware protection, ransomware protection, mobile device protection, and on and on. As new threats appeared, the vendor community came out with a fix.

According to Gartner, the big trend these days is to bring all, or many, of these tools together in one integrated package. Known as Unified Endpoint Management (UEM), Gartner analyst Dan Wilson says UEM is entering the mainstream. It has achieved a market penetration of between 20% and 50%, depending on the vertical and the size of the organization.

“Unified endpoint management (UEM) tools provide agent-based and agentless management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google Android and Chrome OS, Apple macOS, iPadOS, and iOS,” said Wilson. “UEM tools apply for data protection, device configuration and usage policies using telemetry from identities, apps, connectivity and devices. They also integrate with identity, security and remote access tools to support zero trust.”

In essence, UEM consolidates a disparate collection of tools to bring greater simplicity to endpoint management. It streamlines a great many manually intensive tasks and processes across multiple devices, platforms, and operating systems. And the field continues to evolve. Beyond unified management of a few tools, it is heading more closely towards complete integration of identity, security and remote access services while beginning to a role in support for zero-trust security initiatives. Further, analytics, machine learning, and Artificial Intelligence (AI) are also gradually being incorporated to further the goals of end-to-end automation of scanning, deployment of agents, software, updates, and patches, and remediation of threats and other issues. This not only reduces IT overhead, it helps to improve the overall employee experience while greatly improving the organizational security profile.

Gartner listed some of the advantages:
• Location-agnostic endpoint management and patching.
• Enabling the anywhere workforce.
• Reduced total cost of ownership (TCO) of managing endpoint devices.
• Simplification of device management and support processes.
• Reduced security risk through support for more device types and OSs
• Enhances policy management.
• Integration with identity, security, and remote access tools.

“IT looks to simplify and streamline endpoint deployment, management and patching to enable provisioning of new devices for remote employees, improve device performance and reliability as well as visibility across the endpoint estate, and reduce security risk,” said Wilson.

Market Evolution
There are signs, though, that the market is evolving yet again. Two distinct branches are appearing.

• UEM tools focused on endpoint management and bringing together a diverse range of tools.
• Unified Endpoint Security to unify multiple security tools under one umbrella.

Syxsense Enterprise takes things a stage further. It unified UEM and UES to create the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.
For more information, visit …

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

By BlogNo Comments

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Endless bad news typically results in people becoming inured to it. The recent media 24-7 death counts on COVID-19 caused many people to switch off. It was just too much. Rating plummeted at CNN and other networks.

In IT security, there is a danger of the same thing happening with reports of flaws, bugs, zero-day attacks, ransomware heists, and breaches. Hardly a day goes by without a new one. Some are more virulent than others. But all gain some kind of coverage. It quickly becomes too much. People tend to gloss over it and worse, get on with business as usual.

At Syxsense, therefore, as a public-spirited gesture, we will quickly summarize some of the recent carnage into one short report. Yes, it is important to know what is going on and where to be vigilant. But most importantly, it is vital to know that something can always be done about it. Those enterprises that are the least prepared are the ones that suffer the most in dangerous times like these.

Recent Flaws and Breaches
Here is an incomplete list of some recent news on security issues:

JFrog Security Research identified hundreds of malicious packages designed to steal personally identifiable information (PII) in a large-scale typo-squatting attack from Azure users. A similar supply chain attack targeting German industrial companies such as Bertelsmann, Bosch, Stihl, and DB Schenker uses the npm repository to take control over infected machines.

A C programming library for IoT products has been found to be vulnerable to Domain Name System (DNS) cache-poisoning attacks. The bug generates incremental transaction identifiers in DNS response and request network communications. Patches are being developed to resolve these issues.
Google issued a supply chain attack warning about open-source software. Despite being a proponent of open source, Google voiced its support for the Package Analysis Project of the Open Source Security Foundation (OpenSSF). The goal is to automate the detection of malware introduced into popular open source repositories such as npm for JavaScript and PyPl for Python.

Plug-ins and extensions for content management systems (CMSs) are being increasingly used to hijack websites. Sucuri’s 2021 Website Threat Research Report called attention to potential issues with WordPress, Joomla, and Drupal due to vulnerable plugins and extensions.

Hackers are getting more patient. One group stayed inside a network for 18 months before striking – quietly waiting for the right opportunity. The group is known as UNC3524 also installs backdoors so normal security tools can’t completely eliminate it. If IT finds the malware and removes it, the bad guys can reinstall it almost immediately.

Phishing success continues. One criminal set up a website to look like a U.S. Department of Defense site and diverted $23.5 million to his bank account that was supposed to go to a jet fuel supplier. And an owner of a nail salon in California tricked a public school district in Michigan into wiring its monthly health insurance payment of $2.8 million to his bank account. Meanwhile, LinkedIn has emerged as the new favorite of scammers, according to Check Point. Apparently, more than half of all phishing attacks in one month used LinkedIn. The goal is to obtain login credentials and take it from there. And of course, phishing campaigns now seek to capitalize on the latest Ukraine news to tempt people to click on a malicious link or attachment. Finally, Phishing-as-a-Service has emerged to make it easy for non-technical criminals to profit from phishing scams. One group provides phishing services aimed at Coinbase, Netflix, Amazon, and eBay users.

Ransomware claims more victims. NCC Group reported that ransomware attacks increased 53% from the previous month with Industrials (34%), Consumer Cyclicals (21%), and Technology (7%) being the most targeted areas. Examples: Coca-Cola suffered a server breach and a hacking group claims it stole 161 GB of data. The FBI warned that the agriculture sector is suffering ransomware attacks timed to coincide with spring planting or fall harvesting periods.

Industrial control systems (ICS) are a new target. An FBI investigation found that custom tools now exist that can gain access to ICS platforms and supervisory control and data acquisition (SCADA). This particularly applies to programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers. If undetected, hackers could gradually work their way up the food chain and potentially take over control of an energy facility/

A Java vulnerability known as CVE-2022-21449 allows an attacker to intercept communication and messages that should have been encrypted, such as SSL communication and authentication processes. Fixes are now available.

Enhance Your Security Now
Perhaps the worst news among all this is that the above summary represents a small fraction of ongoing hacks, breaches, and vulnerabilities. Now is the time to upgrade your security profile by implementing automated tools. Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Mobility Linked to Surge in Cybercrime

By BlogNo Comments

Mobility Linked to Surge in Cybercrime

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. With the pandemic forcing people to work remotely and to rely on devices beyond the traditional desktop, the study found that cybercrime has jumped overall by 500% since the start of the COVID-19 era. Smartphones, laptops, and tablets became the tools of choice of the work-from-home (WFH) brigade. And this led to a much greater security risk, particularly in highly regulated industries.

The report highlighted a big area of difficult for IT: the trade-off between endpoint security and the employee experience (EX). At one extreme, things can be made so secure that almost no one can access systems or communicate to anyone else. At the other end of the scale, everything is so easy to access that criminals waltz in unannounced and undetected, steal valuable data, take over user identities, gain administrative privileges, and drain corporate bank accounts.

Researchers make the point that the explosion in mobility and WFH overstretched the capabilities of many IT departments. Security, in particular, fell badly behind in an increasingly distributed and autonomous workforce world. Not only are companies getting hacked in far greater numbers, but employee frustration has risen sharply. They are resigning in greater numbers than we have seen for decades. A talent crunch is emerging right at a time when more staff are badly needed across all functions. IT and security teams are threadbare in many cases. And good IT team members can’t be counted upon to stay loyal as headhunters are always looking to lure them elsewhere with higher pay.

Study Findings
The study discovered that relatively few employees are aware of security risks and corporate policies addressing these risks. 27% of employees only view security policies once per year or less. Similarly, 39% receive security awareness training less than once per year. Out of sight, out of mind appears to be the case. Instead of constant reminders, they get a quick dose of security training or policy awareness which is soon forgotten.

In any case, 41% believe security policies restrict the way they work. They just don’t accept that they shouldn’t use a USB drive or that they should be deprived of convenient online services. For example, 53% consider that they are more efficient using Dropbox and Gmail than their approved corporate tools.

Passwords came up as another major bone of contention. 31% of people use a password management tool. The other 69% select passwords that are easy to remember. There is a link here to EX. Most users have countless passwords, pins, logins and security safeguards they are supposed to remember. For work, most have dozens of passwords when you factor in HR, production tools, financial systems, payroll, benefits, corporate intranet, VPN, and email. And then there are personal accounts which often have to be accessed during work hours such as preferred hotel sites, airlines, personal banking, personal email, and more.

The policy may require 10-character passwords and that Xd! must be included – and must be changed every month. But when so many passwords and characters are in play and password managers aren’t trusted due to being a single point of failure, sloppiness is inevitable.

Bring Your Own Device (BYOD) reared its head as another area of big risk. The study found the use of BYOD has surged over the past two years. These days, 64% of people use personal devices for work. Unfortunately, less than a third of organizations have instituted a program to enhance BYOD security. On top of that, shadow IT has become an even bigger issue. IT has lost control of the use of the approval process for apps. As they often don’t control the devices, they don’t know what’s been put on them. Even when they do have some control, the accessibility of cloud and SaaS resources can make it hard to know if some department head or staffer has subscribed to online services. Some may be very secure. But many aren’t.

Bottom line: 72% of employees values their personal privacy over company security. In such a climate, security must rise to the challenge. It must be comprehensive, but it must also not inhibit the user from performing their duties. By automating security and delivering it over the cloud, Syxsense Enterprise provides real-time vulnerability monitoring and instant remediation for every single endpoint in an environment. This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution, Syxsense.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Passwords Will Get Hacked: Be Ready

By BlogNo Comments

Passwords Will Get Hacked: Be Ready

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

May 5th of 2022 was celebrated as World Password Day. News stories were everywhere about how to improve password security, the best ways to implement multi-factor authentication, why a stronger password policy was needed, and what tools to use to better educate users. All represent vital actions and approaches. But they won’t be enough. According to a Google study, 24% of personal and professional accounts have used “password,” “Qwerty” or “123456” as their account password. “Admin” is another popular one. And, of course, people often use their date of birth, or that of their spouse, children, or grandchildren – all of these are easily hacked.

The same Google study found that only a third of users change their passwords frequently. Most of the rest hope to never have to change a password ever again. When forced to do so by adding yet more digits as well as capitals, numbers, and symbols, they often feel resentment. Instead of enhancing security, such security policies often have a contrary effect. Some users get even sloppier: Post-It note reminders in open view; and writing down passwords in a log, or in a document in a computer file.

Meanwhile, the bad guys have gotten smarter, faster, and more devious. They have password guessing algorithms that can crack soft passwords in no time at all. That’s why users are regularly prompted to add to more digits to their password. Six digits were once enough. Then eight. Now it is ten or more.

As the number of passwords increases and they become more and more complex, the current industry solution is to use a password management tool. But Google found that less than a third of people use them. Many don’t trust them as they have then no idea about any of their passwords should an emergency arise such as losing their phone or laptop. Thus, more than two-thirds of users continue to select passwords that are relatively easy to remember. Made to use ten digits, they often choose 1Password! to get around the latest security policy inconvenience.

Helpful tips are everywhere attempting to explain to users why they must change their habits. These tips all make sense: Don’t use sequential numbers or letters, avoid the use of your birth year/month/day; combine letters, numbers, and symbols and use unrelated words; avoid the names or words found in dictionaries; use a password manager, and don’t reuse passwords. Yet user habits are proving hard to break.

Password Breaches Are Inevitable
No matter the security policies set, the number of digits demanded, or the multiple authentication factors demanded, there is one sad, inconvenient, and inevitable truth. The bad guys are going to crack a password somewhere in the enterprise – or convince some gullible person to click on a malicious link or attachment. There is no avoiding this fact.

Despite that, organizations must continue to set good password and security policy, enforce it tirelessly, and add as many safeguards as they can to minimize the chances of password breaches. But they must understand, too, that a password somewhere or other will be hacked – and maybe it already has.

That’s why organizations must regularly scan the network and all devices for potential vulnerabilities. Vulnerability scanning is a proven way to prevent cyber security attacks. Scans will quickly detect any signs of a breach: where a password has been compromised, the back doors and ports re-configured by hackers, and any signs of data exfiltration attempts. IT can then prevent serious damage. By scanning authorization issues, security implementations, and antivirus status, vulnerability scans offer insights into any misconfigurations or compliance violations that may be present. By addressing these rapidly, the organization greatly reduces its attack surface and minimizes the chances of a breach.

The Syxsense vulnerability scanner is not only a complete security management package, but it is also effortless to employ with a user-friendly interface. As it is automated, that allows IT to focus on priority tasks while it scans and secures the system. Decide how often and for how long it should run, and the scanner runs monitors and secures the entire network at the pre-determined frequency and time. It also is available in an automated and integrated suite that includes patch management, mobile device management, and IT management.
For more information:

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Case Study: How Organizations Can Affordably Gain Security Technology and Expertise

By BlogNo Comments

Case Study: How Organizations Can Affordably Gain Security Technology and Expertise

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Faced with a shocking increase in security threats – a 500% increase in cybercrime in the last two years, according to one study – many organizations have responded by making a firm decision to hire experienced IT security personnel and acquire the latest and greatest security tools. But the price tag for top talent and feature-rich security suites quickly makes them reassess their needs.

Yes, they want the very best and most experienced security executives. Yes, they need to manage their endpoints, deploy patches, make their mobility options more secure, and be able to quickly spot potential vulnerabilities. But how do they afford it?

One approach that is gaining serious traction is to outsource many of these duties as possible. That can come in the form of “hiring” a virtual security executive or using a managed service provider (MSP) to take care of many IT security functions or doing both.

H2Cyber, for example, offers virtual Chief Information Security Officer (vCISO) services in addition to cybersecurity and risk management services. This cybersecurity executive management firm operates a highly skilled and experienced team of security consultants. This wealth of talent is at the disposal of anyone paying a monthly fee to gain their own vCISO. And it’s a lot more affordable than a full-time security executive. The average salary of a CISO is $273,030 in the U.S, and states such as New York and others are now requiring organizations in certain markets must assign someone to that position.

“It is merely a matter of time before a regulatory body or threat actor comes upon your business,” said Paul Horn, Founder & CEO of H2Cyber. “Regulators will be looking to make sure you have basic cybersecurity measures in place to reduce the risk of a cyberattack as well as having required safeguards in place to protect client and customer information. Threat actors, on the other hand, will look to exploit the lack of basic safeguards regardless of your company’s size.”

H2Cyber helps its clientele avoid breaches by delivering vCISO services and offering cyber-strategy advice.

“A vCISO allows the organization to navigate through the increasing number of cybersecurity regulations by building a comprehensive cybersecurity program accounting for compliance and security,” said Paul Horn, Founder & CEO of H2Cyber. “Just because an organization is compliant doesn’t mean they are secure: it is a game of risk management.”

H2Cyber’s team makes its money in C-level advice and expertise. Its focus is squarely on the strategic and executive side of security, not on the nuts and bolts of applications such as backup and patch management. Yet its customers typically want more than a vCISO to advise on strategy as well as how to streamline interaction between business and IT. They also want recommendations about the right security tools and services to deploy to take care of potential incursions and threats such as ransomware. For that side of the business, H2Cyber outsources services to other MSPs. This enables its trained resources to focus on vCISO duties and other core competencies.

“Our customers want to know what works; they don’t have time to research and evaluate the different solutions out there, so they expect us to find the best MSP services for their needs,” said Horn.

His company operates a relatively lean infrastructure consisting of cloud services via Microsoft Azure and Amazon Web Services (AWS). It augments a small data center with MSP services, leveraging white-labeled products where possible. These services include cybersecurity compliance, antivirus, and cyber security support.

Syxsense, for example, is used by H2Cyber for vulnerability scanning, and other IT security services that help its clients remediate software and OS vulnerabilities such as incorrect or misconfigured settings. Patch management services, too, are provided by Syxsense. Horn noted that there are many patch management solutions to choose from. However, many require assets to be on-premises, only patch Windows-based systems and don’t offer management of mobile devices.

“Syxsense allows you to manage not just Windows, but Linux as well as Apple,” said Horn. “The Syxsense Secure platform allows the pushing of patches automatically and provides the necessary security and vulnerability discovery within our systems.”

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Business Email Compromise Attacks on the Rise

By BlogNo Comments

Business Email Compromise Attacks on the Rise

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Increased BEC Attacks

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. The FBI’s Internet Crime Complaint Center (IC3) reports that Business Email Compromise (BEC) schemes within the U.S rose to nearly $2.4 billion in 2021, up 33% from the previous year and up tenfold since 2015.

These attacks typically begin with a security breach of some sort – an unpatched system, an unaddressed vulnerability, or a phishing email that someone clicks on. Once the perpetrators are inside, they then rely on spoofing emails that impersonate executives, financial personnel, CEO, vendors, or partners. The goal is to request what appears to be legitimate business payments from authentic-looking emails from a known authority figure. Done well, employees comply without thinking and transfer large sums of money to an untraceable account.

Example: The CEO is in Asia working on the latter stages of an acquisition. A BEC scam might involve sending legitimate-looking emails from actual corporate email addresses (or addresses that look similar to legitimate email accounts). These messages give authorization to transfer funds NOW to a certain bank account. But it isn’t always money. Sometimes the goal is to steal an employee’s personally identifiable information, or wage, financial, or tax forms.

Nail Salon Scammer

The owner of a nail salon in California scored big with BEC by tricking a public school district in Michigan into wiring its monthly health insurance payment to its bank account. $2.8 million was stolen. Banks managed to recall about half of it.

Investigators discovered that a hacked HR identity began the event. By masquerading as the HR staffer, the person convinced the finance department to send the money to a new account. But the plot thickens in this case. The nail salon owner claimed someone in Europe convinced him to accept the funds and forward them to other accounts. The FBI countered that this is a ruse to escape conviction.

In other examples, major deals have been hijacked by scammers. A U.S. nonprofit was fooled into sending an approved grant for $650,000 to a fake account. Again, email phishing was the culprit. The email of someone in accounts was taken over by a thief, and wire details were changed at the last minute. The money went to an account in Texas and was moved on from there. Law enforcement actions to date have failed to locate the money or bring the perpetrators to justice.

Further BEC tactics utilize “deep fake” audio and video messages generated by artificial intelligence that pretend to be from executives, enticing subordinates to sending funds.

In many cases, criminals hack into corporate systems months before, using known but unmitigated vulnerabilities. They then sit tight, quietly monitor traffic, and note the best opportunity. As a deal is unfolding, they take control of an email account, send an urgent request to someone in finance, and divert the funds to the wrong destination. By the time the scam is suspected, typically the next day, the money has disappeared.

Even the federal government can fall for such tricks. The U.S. State Department was another recent target. $200,000 allocated to farmers in Tunisia was redirected to who knows where.

What to Do to Prevent BEC Attacks

To prevent this happening to you or your organization, employee education is vital, particularly about phishing and other social engineering trickery. Multi-factor authentication is another important element.

Specific to BEC, warning signs include sudden urgency injected into financial transfers, requests to use new accounts, or email addresses and domains that are almost, but not quite right. Scammers often set up fake websites and email addresses that look genuine until you look more carefully. Where money or major changes are involved, always verify using another communication method than email.

The Power of Syxsense

And back up these sensible actions with comprehensive Unified Security & Endpoint Management (USEM) protection. Syxsense Enterprise can detect and remediate breaches automatically. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread.

It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

 

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Who Is Securing Our Systems?

By BlogNo Comments

Who Is Securing Our Systems?

With distributed cloud-oriented environments, confusion is inevitable on the IT security side.

The Question of Security

With compute environments being so distributed and so cloud oriented, confusion is inevitable, particularly on the security side. Within organizations, applications and data are split between on-premises systems and the cloud. Not just one cloud. Many organizations operate multiple clouds or subscribe to services from a great many providers.

And then there is the software and services supply chain. It is no longer usual for one provider to take care of everything. A great many vendors are typically involved in various workflows and systems. Providers like Kaseya and SolarWinds, for example, provide underlying systems that other software relies upon. Remote monitoring and management systems like these are used by countless enterprises and vendors as part of their external or internal offerings.

Managed service providers (MSPs), too, rely on such applications to take care of software delivery and general remote operation. This enables them to focus on their core competencies such as backup, security, or CRM. Even internally within organizations, there tends to be a reliance on a variety of systems to be able to remote into employee devices, deliver updates, and more.

Bottom line: This labyrinth is so pervasive that it is very hard to keep track of who is exactly doing what. And who is responsible for which functions.

Cloud Insecurity

This is bad enough on general IT management. But when it comes to security, the repercussions can be disastrous. The lines of demarcation on security duties must be well known.

This problem has already come to head following some well publicized cloud breaches. Some enterprises blamed their cloud providers for attacks, only to be quoted the fine print about what the cloud provide was actually responsible for. Yes, they secure their own clouds. Yes, they provide a series of cloud features. And yes, they promote these in ways that may make it seem that they cover all aspects of security. But they don’t.

The user is usually responsible for the integrity of the files being sent to the cloud i.e., ensuring no malware lurks inside. Further, some cloud providers hold the user organization responsible for encryption of files being sent to the cloud.

In other words, the delineation of duties isn’t always clear. Hence, someone in IT might be asked, “who is securing our systems and our data?” And the response might be, “I thought the cloud provider was doing that.”

Cybercriminals Taking Advantage

The software and IT services supply chain now sprawls across all corners of the web. And the cybercriminals are capitalizing on the grey areas between providers and client organizations to find zones that “fall between chairs.” Each party thinks the other one is taking care of that security function. The Kaseya and SolarWinds hacks were only the beginning. They showed the bad guys that it was far smarter to hack one company and have its supply chain network distribute that software to large numbers of organizations.

No wonder supply chain breaches are exploding. An NCC Group paper found that cyberattacks on supply chains increased by 51% between July and December 2021, based on a survey of 1,400 cybersecurity decision-makers at organizations with over 500 employees in 11 countries. 36% believe they’re more responsible for preventing, detecting, and resolving supply chain attacks than their suppliers.

However, 53% say both their company and its suppliers are equally responsible for the security of supply chains. Nearly half say they don’t stipulate security standards for their suppliers, and a third don’t regularly monitor and risk assess their suppliers’ cybersecurity arrangements.

As more supply chain breaches happen, though, awareness of this problem area is rising. More companies are recognizing supplier risk as a key challenge. They plan to increase security budgets by an average of 10% this year.

Take Charge of Your Own IT Security

Anyone utilizing the cloud is advised to carefully weed out any ideas within the IT ranks that someone else takes care of cloud security duties. It is up to IT to secure its own systems, data, devices, and identities. And to define exactly what providers do and don’t do with regard to security. Assume it is NOT secured unless you have a guarantee in writing from the provider. Be tenacious in hunting down the facts about the division of duties.

Syxsense provides SaaS and MSP-based security services that automatically take care of functions such as endpoint management, mobile device management, patch management, vulnerability scanning, and remediation.

To take one example: In patch management, Syxsense guarantees to test and critical patches within four hours of their release. It automatically deploys patches based on a priority system to safeguard all organizational systems and devices by providing the correct updates and patches.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Gartner Predicts the Future of Endpoint Security

By BlogNo Comments

Gartner Predicts the Future of Endpoint Security

Gartner recently completed an in-depth review of the entire endpoint security landscape. What should organizations be aware of?

What’s Coming for Endpoint Security?

Gartner recently completed an in-depth review of the entire endpoint security landscape. The analyst firm delved into every facet of endpoint security to determine which technologies were rising, which were being eclipsed by more modern approaches, and what the future holds.

Researchers pointed to unified endpoint security (UES) and unified endpoint management (UEM) as being among the major waves of the security future. While these technologies are still evolving they are rising rapidly in adoption as more and more vendors manage to unite their various endpoint offerings under one fully integrated umbrella.

Traditional Endpoint Detection and Response (EDR)

Traditional endpoint detection and response (EDR) systems have become a popular way to protect enterprise endpoints from attacks and breaches, and as a means of achieving secure remote access. Some vendors are adding to EDR capabilities via extended detection and response (XDR) suites.

What is the difference? EDR focuses on protecting endpoints only. XDR takes a wider view. It integrates security across endpoints, cloud computing, email, and other areas. This is particularly important in light of the larger trend of more and more people working from home. XDR offers a broader zone of protection.

Gartner notes that endpoint security innovators have been focusing on better and more automated prevention, detection, and remediation of threats. One of the goals is to protect endpoints while enabling access from any device to any application over any network and with a good user experience in terms of performance and low latency.

Vendors are introducing, for example, UES and UEM suites that combine elements of EDR, endpoint protection platforms (EPP), and mobile threat defense (MTD) into one integrated toolset. UES suites focus on endpoint security and provide some management features. UEM, on the other hand, stresses management and typically includes good security functionality, too.

What’s changing?

The lines are blurring. These products can secure workstations, smartphones, and tablets and manage it all from a single console. They offer a way for businesses to achieve some degree of vendor consolidation, at least on security. Instead of having one vendor for patch management, another for EDR, another for mobile device management, and others for MTD, EPP, and other functions, it can all be rolled into one consolidated system.

According to Rob Smith, an analyst at Gartner, UES offers plenty of benefits and is now on the radar for up to 20% of its target market.

“Unified endpoint security brings together endpoint and protection, as well as MTD under a unified platform, with tight links to endpoint management infrastructure for end user facing devices, such as Windows 10, macOS, iOS, Android and — in some cases — also extending to Linux and Chrome OS,” said Smith. “UES has the potential to be a single best-of-breed solution for all endpoint security, provided that the unified product’s cross-device data analytics is strong.”

He recommends that organizations evaluate UES adoption based on three goals:

  • Extend detection and response beyond the laptop and desktop to mobile devices.
  • Unify endpoint security and management workflows from a single console.
  • Allow for complex, posture-based policy application along with supporting technology like secure remote access.

Organizations, therefore, should harness tools such as UES and UEM to consolidate all endpoint security onto a single suite to lower support costs and improve threat prevention and detection, and incident response.

The Power of Syxsense

Syxsense Enterprise bring the best of UEM and UES together. It is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread.

Syxsense Enterprise can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

 

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Ransomware Continues to Wreak Havoc

By BlogNo Comments

Ransomware Continues to Wreak Havoc

With ransomware attacks growing in volume, organizations need all the help they can get with managing these threats.

The Rise of Ransomware

Ransomware has been in the headlines for a couple of years now. One day, stories will be written that explain how the ransomware epidemic is now over. That day has not arrived.

Yet with all the media coverage ransomware attacks constantly attract, it would be reasonable to assume that its effectiveness and impact would lessen due to greater overall awareness of the problem. The opposite appears to be true, according to a new study by Enterprise Strategy Group (ESG). Gaps in readiness continue to make it difficult for many organizations to manage and recover from attacks.

Here are some of the statistics uncovered by ESG: 73% of organizations that experienced a ransomware attack in the past 12 months were negatively impacted. i.e., three quarters didn’t deal with it well.

Even in those organizations with big security budgets and mature security processes in place, 75% suffered significant operational disruption. These numbers call into question how organizations are defending themselves against ransomware via effective detection, prevention, mitigation, and recovery.

Bargaining with the Devil

Blackmail is one of those crimes that just won’t go away. If the victim pays, it is rare that the perpetrator doesn’t return again and again to extort yet more money. It is the same with ransomware.

According to ESG, 61% of those who paid a ransom were subjected to further extortion attempts resulting in extra payments being made on top of initial sums. The FBI’s warning never to pay a ransom clearly makes sense. You are striking a bargain with devil but paying a ransom. Yes, they said they would leave you alone, but:

  1. They usually want more money within a short time
  2. They often leave some malware inside your systems even when they provide you with decryption keys.

Among those meeting ransom demands, only 14% said they retrieved all their lost data. The only guarantee there is when paying a ransom is that more trouble from the same cybercriminals lies just over the horizon.

IT Skills Gap

Part of the reason why ransomware remains so potent is the difficulties organizations are experiencing with IT staffing. Many organizations just don’t have trained staff knowledgeable enough to effectively address the ransomware scourge. According to ESG, 45% admit to struggling to acquire or retain the skills needed to respond to ransomware breaches.

“Unfortunately, many organizations remain seriously under-prepared to effectively mitigate against the risks and impact of ransomware attacks,” said Christophe Bertrand, practice director at ESG. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned. Instead, leaders should be focusing on ransomware strategies that emphasize effective, rapid, and complete recovery.”

Finding The Right Kind of Help

With ransomware attacks growing in volume and severity and paying the ransom no longer a guarantee of recovering your data, organizations need all the help they can get in dealing with this ever-present danger.

Syxsense Enterprise provides comprehensive defense against ransomware that encompasses prevention methods, detection, and remedial action. It is the world’s first IT management and Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment.

This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates.

IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

How Cloud Anarchy Leads to Insecurity

By BlogNo Comments

How Cloud Anarchy Leads to Insecurity

Cloud is getting crowded — that poses a problem in the IT security space and it's continuing to get worse.

The Issue of “Overclouding”

The scope of some cities in Asia boggles the mind. There are places in China you never heard of that are already bigger than Los Angeles, New York, or London. Seoul, Manila, Shanghai, and Delhi all have at least 25 million people in their metropolitan sphere. Tokyo metro is up to more than 37 million. Jakarta and Delhi are rapidly catching up. One of them may soon take over as the largest urban center in the world.

There are a great many advantages to urban living. Everything is close to hand, labor is available, and economies of scale can be generated. But if you have ever driven in any of these Asian cities or in LA, New York, Houston, or London for that matter, you will have been shocked by the volume of traffic. These cities are crowded. Commutes are long. Freeways are jammed. Gridlock is the norm. Crime tends to soar in dense urban settings.

The cloud is heading in a similar direction. Laura DiDio, an IT and security analyst at ITIC, notes that that the cloud is getting crowded. Public and hybrid cloud markets are hotter and more competitive than ever. 2022 will see $1.3 trillion in cloud spending, rising to $1.8 trillion by 2025 according to Gartner, outpacing non-cloud IT spending. DiDio predicts that hybrid cloud adoption will accelerate in the coming years. Thus, IT systems will continue to be split between internal and increasingly dispersed external cloud components.

The Issue of IT Security

That poses a big problem of security. ITIC’s 2022 Global Server Hardware Security survey found that businesses suffered an 84% surge in security incidents like ransomware, email phishing scams, and targeted data breaches over the last two years. Each successful breach has a financial cost of $4.24 million, according to the Ponemon Institute. The price tag has risen by 20% in the past two years. The problem has only gotten worse as organizations deploy more cloud services across multiple clouds and as they try to support a vast network of mobile and work-from-home employees.

Overclouding Multiplies Risk

More than half of all business malware is aimed at work-from-home employees using cloud applications. Like a modern, rapidly expanding and gridlocked city, “overclouding” greatly increases the risk of a security incident.

Inside many enterprises, IT struggles to stay on top of the scope and extent of the organization’s overall cloud footprint. Never mind staying in control; some IT departments have no idea how many cloud applications are being run from various parts of the enterprise.

With cloud apps being so accessible and traditional IT procurement practices being so time consuming, cumbersome, and bogged down in red tape, line of business heads have been taking matters into their own hands. They are signing up for SaaS, and other as-a-Service options in record numbers. This is a nightmare for security vendors. How can you track, monitor, and safeguard systems and applications if you are not even aware they are running, and don’t know on how many devices?

Relieving City Congestion

Massively congested cities like Jakarta and Cairo have come up with a novel solution to the overcrowding problem. They are building new capital cities. Egypt, for example, is close to completing its new administrative capital about 45 km east of Cairo to ease congestion and make it easier to conduct the business of government. Traffic was so bad that government meetings often failed to materialize. The new capital should solve that problem and make the administration of government smoother.

IT doesn’t have that option. Until a new, wholly secure internet is invented, security issues are a fact of life. Risk and threat lurk in every email, webpage, or connection to the cloud. The best approach is to up your security game.

The Syxsense Advantage

Syxsense Enterprise is the world’s first IT management and Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment. This represents the future of threat prevention.

Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates.

IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

 

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo