Skip to main content
Tag

cybersecurity

Syxsense Names Jose Rangel as VP of Global Channels to Drive Unified Security and Endpoint Management Growth

By News, Press ReleaseNo Comments

Rangel’s extensive worldwide channel leadership experience to drive company’s hyper-growth with partners across key regions

ALISO VIEJO, Calif. November 11 2022 – Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced the addition of Jose Rangel as Vice President of Global Channels. A B2B cloud and data management industry veteran, Rangel has a proven track record of building, leading, and managing vendor sales channels across the U.S. and EMEA, and will be responsible for global channel growth.

“Syxsense has seen hyper-growth over the last two years as organizations – and the partners serving them – have realized the value of consolidating endpoint security and management into a single solution. As we’ve added new capabilities around mobile device management and Zero Trust, the interest across the channel community has exploded,” said Ashley Leonard, Founder and CEO at Syxsense. “Jose brings a level of experience and leadership that will allow us to capitalize and expand on the channel success we’ve already had and help us build a world-class channel organization that will empower partners.”

Rangel has more than 18 years of channel leadership experience revamping and transitioning channel programs from fulfillment models to partner proactive ecosystems, increasing partner-initiated pipeline and robust deal registration co-sell opportunities by more than 50%. He has worked with established channels from EMC to start-ups like Nasuni, Datadobi, and HYCU, and has extensive experience building global partner ecosystems with VARs, service providers, system integrators, and value-added distributors. Rangel and his channel programs have been recognized multiple times by leading channel publications and he was named a 2021-2022 CRN Channel Chief.

“Syxsense is fundamentally changing how organizations manage and secure endpoints, and this presents amazing opportunities for channel partners and MSPs that are looking to give customers new solutions that save time and money, while increasing security and management efficacy,” said Jose Rangel, VP of Global Channels at Syxsense. “The company is experiencing massive growth, driven by real product innovation. I’m excited to step in and work with the team to help further expand a channel organization that will drive sales, empower partners, and ensure customers success.”

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first Unified Security and Endpoint Management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

New Syxsense Zero Trust Delivers Industry’s Only End-To-End Solution for Zero Trust Solution.

By News, Press ReleaseNo Comments

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Black Hat USA, Las Vegas – August 10, 2022 – Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced Syxsense Zero Trust, a new module within Syxsense Enterprise that enables endpoint compliance with Zero Trust Network Access policies (ZTNA).  Zero Trust initiatives require a hyper-focus on endpoint protection, but traditional authentication solutions lack the ability to evaluate device health, ensure granular policy compliance, and automate risk remediation. Syxsense’s new Zero Trust module was designed to serve as an organization’s “Trust Evaluation Engine” for endpoints. Not only does it offer unparalleled visibility and control over network access policies, but also enables security teams to build sophisticated access policies and remediation workflows to ensure ZTNA compliance.

 

“As organizations work to build a Zero Trust strategy, many are facing implementation challenges. One of those challenges is the ability to ensure that endpoints accessing the network are trustworthy and conform to policies. Most solutions simply accept or deny access without an understanding of the current Device Security Posture,” said Ashley Leonard, CEO of Syxsense. “In talking with customers, they wanted the ability to evaluate endpoint access for ZTNA based on policies and if not compliant, be able to apply fixes or remediate in real time to enable proper access. Syxsense Zero Trust does just that by allowing organizations to have full control of endpoints and automating the end-to-end process.”

 

The true power of Syxsense Zero Trust lies in three key areas. First, the granularity of hundreds of parameters IT can use to report and act on device compliance. For example, is a laptop accessing your NetSuite server after hours and with an IP address from an unfamiliar location? If so, block it. Second, the power to enforce compliance with Zero Trust policies prior to granting access on an asset-by-asset basis. And third, the automated remediation of non-compliant endpoints, which could include patching the system, enabling an antivirus tool and making sure it is up to date on patterns, emailing IT about unauthorized access, and much more. When combined with the simplicity of building policy playbooks quickly and simply using the powerful workflow orchestration and automation tool of Syxsense Cortex™, these tools give organizations a uniquely powerful endpoint evaluation and network access solution for Zero Trust.

The specific features of Syxsense Zero Trust include:

  • Complete visibility into all endpoints’ configuration and state of compliance using a single agent.
  • Build sophisticated access policies based on a large array of configuration and security parameters, setting unique policies for each individual corporate asset.
  • Automate the immediate enforcement of access policy requirements and remediation of non-compliant endpoints using the Syxsense Cortex remediation engine.
  • Verify trusted user authentication requests via the Syxsense console or optionally, connect with external multi-factor authentication (MFA) tools to provide a “go, no-go” security status of devices. For example, if a customer uses Duo, Okta, or other MFA tools, simply connect those tools with the Syxsense API and it will report compliance on each endpoint looking to access corporate assets.

 

Syxsense Zero Trust will be available for purchase in late September 2022, but attendees at Black Hat on August 10th and 11th can experience a product overview at the Syxsense booth #1272. For more information about Syxsense at Black Hat click here.

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Enterprise Recognized as the Best Endpoint Security Solution in 2022 Tech Ascension Awards

By News, Press ReleaseNo Comments

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

ALISO VIEJO, Calif. August 23 2022 Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced that Syxsense Enterprise has been recognized as the Best Endpoint Security Solution in the 2022 Tech Ascension Awards. The awards recognize B2B and B2C companies and leaders that drive cutting edge, innovative technologies that solve critical challenges in the market.

Launched earlier this year, Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and facilitated remediation for every endpoint across an organization’s entire environment. It combines Syxsense Secure, Syxsense Manage, Mobile Device Manager, and newly released Zero Trust to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate endpoint vulnerabilities.

Tech Ascension recognized Syxsense Enterprise for addressing the three key elements of endpoint security – vulnerabilities, patch, and compliance. By layering on a powerful workflow automation tool called Syxsense Cortex™ , the platform remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag-and-drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more.

As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network-connected mobile endpoints rising,” said Ashley Leonard, CEO of Syxsense. “The need to manage and secure an increasing number of endpoints, including desktops, servers, virtual devices, mobile phones and other devices, is becoming more and more apparent as complex, sophisticated threats continue to grow. We are thrilled to be recognized by Tech Ascension for our work in endpoint security and look forward to continually evolving our product to keep up with the ever-changing security landscape.”

The Tech Ascension Awards recognized the very best innovations in cybersecurity. The Tech Ascension awards judged cybersecurity applicants based on technology innovation, market research, and competitive differentiators. The class-leading vendors that received recognition from these awards showcased technology that solves critical industry challenges and produces invaluable business outcomes for their customers.

“Organizations are now tasked with navigating the extreme security challenges of new remote and hybrid work environments while combatting a surge in emerging advanced threats,” said David Campbell, CEO, Tech Ascension Awards. “These recognized security industry leaders are producing innovative technology and services to drive cyber forward in a truly evolving digital environment.”

The key features of Syxsense Enterprise include:

  • Vulnerability Scanning – Prevent cyberattacks by identifying scanning authorization issues, security implementation problems, and antivirus status.
  • Patch Everything – Automatically deploy OS and third-party patches to remediate all endpoint vulnerabilities inside the network and on roaming devices outside the network.
  • Prove Compliance and Device Health – Document patching with reporting for risk assessments, vulnerable devices, task summaries and more. And scan and prioritize patching relative to risk exposure.
  • Quarantine Devices – Block communication for an infected device, isolate endpoints, and kill malicious processes before they impact the network.
  • Control All Mobile Devices – Oversee devices remotely, silently push OTA configurations, applications, and policies from iOS to Android to Windows and more.
  • Collaborate with Ease – IT and security teams can now collaborate in a single console to identify and close endpoint attack vectors quickly.
  • Newly introduced Zero Trust, the industry’s first end-to-end Zero Trust solution, allows granular access to corporate assets based on device security posture.

For more details on Syxsense Enterprise or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first Unified Security and Endpoint Management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

 

 

About the Tech Ascension Awards 

The Tech Ascension Awards elevate companies that possess cutting-edge, innovative technology that solve critical challenges in their respective markets. Tech Ascension winners rise above the crowded consumer and enterprise technology industries and receive validation from an independent organization. Applicants are judged based on technology innovation and uniqueness, market research (analyst reports, media coverage, customer case studies), hard performance stats, and competitive differentiators. The awards recognize leaders in cybersecurity, DevOps, big data and consumer technology. For information about the Tech Ascension Awards, please visit www.techascensionawards.com.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Four Big Trends In Mobile Device Management

By BlogNo Comments

Four Big Trends In Mobile Device Management

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Mobility has progressed, in recent years, to the point where some enterprise users hardly ever need to use a laptop or desktop. Many CEOs, for example, only use their phone. Any desktop duties are typically referred to an executive assistant or secretary. Sales jobs, too, can often be accomplished to a greater degree via smartphone.

Certainly, there are many other jobs where this isn’t the case. But regardless of the title, mobile devices are taking up more and more of the enterprise workload. Mobile Device Management (MDM) technology has advanced to provide the processes and tools the mobile workforce needs to stay productive and secure. Further, MDM provides IT with the ability to more easily provision mobile devices, manage them, inventory them, and protect assets and data.

Here are four of the top trends in MDM:

BYOD

Bring Your Own Device (BYOD) was an inevitable consequence of the COVID-19 pandemic. With everyone ordering home almost overnight, IT had no alternative other than to allow employees to use the laptops, desktops, tablets, and smartphones they had at home or used for personal tasks. A few of the lucky organizations (or the ones with deeper pockets) had already provided all employees with a dedicated work laptop, tablet and/or smartphone. By doing that, IT could arrange role-based access to enterprise data and email, and provide services such as a secure VPN, GPS tracking, password-protected applications, and access to a host of enterprise security applications. Beyond that, mobile chaos became the norm. BYOD continues to predominate in many organizations.

This has made MDM a more important field than ever. IT policies may have been relaxed with regard to BYOD. But in tandem, IT has had to up its game in managing mobile devices. MDM has stepped into the breach. Organizations use MDM to remotely enroll personal devices into the enterprise systems. This allows them to monitor behavior, enforce security policies, and facilitate productivity, and detect threats and breaches.

MDM Innovation

The flood of money into MDM tools has encouraged the vendor community to innovate.
MDM solutions are becoming more sophisticated. Machine learning and AI are being incorporated to enable data and systems to be subjected to analysis. MDM systems are appearing that are able to assign or enroll devices with pre-programmed data profiles, VPN access, software, access privileges, and much more. IT now has the ability to track its dispersed workforce more easily, as well as monitor, troubleshoot, and decommission devices when the need arises. Some tools can even wipe device data in the event of theft, loss, or breach.

Virtual Reality

The marriage of MDM and various forms of virtual reality (VR) is opening new doors for field service, maintenance, and technically challenging occupations. For example, augmented reality (AR) tools are emerging that use special glasses, goggles, and headsets that allow field technicians and support personnel to compare physical equipment to digital specifications, job requests, and other information.
As the technician or field rep looks at the object, component, or system, a digital representation appears within their field of vision to verify it is the right valve to inspect, the correct place to weld, or the exact piece of equipment that needs to be removed. The best systems even allow a less experienced person to show a senior engineer (sitting far away) to see the job site so they can walk the other person through the task or answer questions.

MDM Meets Security

MDM has always had some interest in security. It was unavoidable. To manage mobile devices effectively means providing certain safeguards – if only alerting others in the enterprise to a potential situation. MDM is now heading one step further. It is merging more tightly with security applications. Syxsense, for example, provides MDM within a suite that includes integrated patch management, vulnerability scanning, security threat remediation, and IT management. This greatly enhances security while keeping mobile devices safe from malware and other cyber threats. IT can use the Syxsense Enterprise platform to spot anomalous behavior, detect strange activity at ports, at exfiltration attempts, and more.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Unified Endpoint Management Enters the Mainstream

By BlogNo Comments

Unified Endpoint Management Enters the Mainstream

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Once upon a time, there was anti-virus. Then anti-spam, adware, malware protection, ransomware protection, mobile device protection, and on and on. As new threats appeared, the vendor community came out with a fix.

According to Gartner, the big trend these days is to bring all, or many, of these tools together in one integrated package. Known as Unified Endpoint Management (UEM), Gartner analyst Dan Wilson says UEM is entering the mainstream. It has achieved a market penetration of between 20% and 50%, depending on the vertical and the size of the organization.

“Unified endpoint management (UEM) tools provide agent-based and agentless management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google Android and Chrome OS, Apple macOS, iPadOS, and iOS,” said Wilson. “UEM tools apply for data protection, device configuration and usage policies using telemetry from identities, apps, connectivity and devices. They also integrate with identity, security and remote access tools to support zero trust.”

In essence, UEM consolidates a disparate collection of tools to bring greater simplicity to endpoint management. It streamlines a great many manually intensive tasks and processes across multiple devices, platforms, and operating systems. And the field continues to evolve. Beyond unified management of a few tools, it is heading more closely towards complete integration of identity, security and remote access services while beginning to a role in support for zero-trust security initiatives. Further, analytics, machine learning, and Artificial Intelligence (AI) are also gradually being incorporated to further the goals of end-to-end automation of scanning, deployment of agents, software, updates, and patches, and remediation of threats and other issues. This not only reduces IT overhead, it helps to improve the overall employee experience while greatly improving the organizational security profile.

Gartner listed some of the advantages:
• Location-agnostic endpoint management and patching.
• Enabling the anywhere workforce.
• Reduced total cost of ownership (TCO) of managing endpoint devices.
• Simplification of device management and support processes.
• Reduced security risk through support for more device types and OSs
• Enhances policy management.
• Integration with identity, security, and remote access tools.

“IT looks to simplify and streamline endpoint deployment, management and patching to enable provisioning of new devices for remote employees, improve device performance and reliability as well as visibility across the endpoint estate, and reduce security risk,” said Wilson.

Market Evolution
There are signs, though, that the market is evolving yet again. Two distinct branches are appearing.

• UEM tools focused on endpoint management and bringing together a diverse range of tools.
• Unified Endpoint Security to unify multiple security tools under one umbrella.

Syxsense Enterprise takes things a stage further. It unified UEM and UES to create the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.
For more information, visit …

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

By BlogNo Comments

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Endless bad news typically results in people becoming inured to it. The recent media 24-7 death counts on COVID-19 caused many people to switch off. It was just too much. Rating plummeted at CNN and other networks.

In IT security, there is a danger of the same thing happening with reports of flaws, bugs, zero-day attacks, ransomware heists, and breaches. Hardly a day goes by without a new one. Some are more virulent than others. But all gain some kind of coverage. It quickly becomes too much. People tend to gloss over it and worse, get on with business as usual.

At Syxsense, therefore, as a public-spirited gesture, we will quickly summarize some of the recent carnage into one short report. Yes, it is important to know what is going on and where to be vigilant. But most importantly, it is vital to know that something can always be done about it. Those enterprises that are the least prepared are the ones that suffer the most in dangerous times like these.

Recent Flaws and Breaches
Here is an incomplete list of some recent news on security issues:

JFrog Security Research identified hundreds of malicious packages designed to steal personally identifiable information (PII) in a large-scale typo-squatting attack from Azure users. A similar supply chain attack targeting German industrial companies such as Bertelsmann, Bosch, Stihl, and DB Schenker uses the npm repository to take control over infected machines.

A C programming library for IoT products has been found to be vulnerable to Domain Name System (DNS) cache-poisoning attacks. The bug generates incremental transaction identifiers in DNS response and request network communications. Patches are being developed to resolve these issues.
Google issued a supply chain attack warning about open-source software. Despite being a proponent of open source, Google voiced its support for the Package Analysis Project of the Open Source Security Foundation (OpenSSF). The goal is to automate the detection of malware introduced into popular open source repositories such as npm for JavaScript and PyPl for Python.

Plug-ins and extensions for content management systems (CMSs) are being increasingly used to hijack websites. Sucuri’s 2021 Website Threat Research Report called attention to potential issues with WordPress, Joomla, and Drupal due to vulnerable plugins and extensions.

Hackers are getting more patient. One group stayed inside a network for 18 months before striking – quietly waiting for the right opportunity. The group is known as UNC3524 also installs backdoors so normal security tools can’t completely eliminate it. If IT finds the malware and removes it, the bad guys can reinstall it almost immediately.

Phishing success continues. One criminal set up a website to look like a U.S. Department of Defense site and diverted $23.5 million to his bank account that was supposed to go to a jet fuel supplier. And an owner of a nail salon in California tricked a public school district in Michigan into wiring its monthly health insurance payment of $2.8 million to his bank account. Meanwhile, LinkedIn has emerged as the new favorite of scammers, according to Check Point. Apparently, more than half of all phishing attacks in one month used LinkedIn. The goal is to obtain login credentials and take it from there. And of course, phishing campaigns now seek to capitalize on the latest Ukraine news to tempt people to click on a malicious link or attachment. Finally, Phishing-as-a-Service has emerged to make it easy for non-technical criminals to profit from phishing scams. One group provides phishing services aimed at Coinbase, Netflix, Amazon, and eBay users.

Ransomware claims more victims. NCC Group reported that ransomware attacks increased 53% from the previous month with Industrials (34%), Consumer Cyclicals (21%), and Technology (7%) being the most targeted areas. Examples: Coca-Cola suffered a server breach and a hacking group claims it stole 161 GB of data. The FBI warned that the agriculture sector is suffering ransomware attacks timed to coincide with spring planting or fall harvesting periods.

Industrial control systems (ICS) are a new target. An FBI investigation found that custom tools now exist that can gain access to ICS platforms and supervisory control and data acquisition (SCADA). This particularly applies to programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers. If undetected, hackers could gradually work their way up the food chain and potentially take over control of an energy facility/

A Java vulnerability known as CVE-2022-21449 allows an attacker to intercept communication and messages that should have been encrypted, such as SSL communication and authentication processes. Fixes are now available.

Enhance Your Security Now
Perhaps the worst news among all this is that the above summary represents a small fraction of ongoing hacks, breaches, and vulnerabilities. Now is the time to upgrade your security profile by implementing automated tools. Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Mobility Linked to Surge in Cybercrime

By BlogNo Comments

Mobility Linked to Surge in Cybercrime

An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. How can IT teams better manage the trade-off between endpoint security and the employee experience?

An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. With the pandemic forcing people to work remotely and to rely on devices beyond the traditional desktop, the study found that cybercrime has jumped overall by 500% since the start of the COVID-19 era. Smartphones, laptops, and tablets became the tools of choice of the work-from-home (WFH) brigade. And this led to a much greater security risk, particularly in highly regulated industries.

The report highlighted a big area of difficulty for IT: the trade-off between endpoint security and the employee experience (EX). At one extreme, things can be made so secure that almost no one can access systems or communicate to anyone else. At the other end of the scale, everything is so easy to access that criminals waltz in unannounced and undetected, steal valuable data, take over user identities, gain administrative privileges, and drain corporate bank accounts.

Researchers make the point that the explosion in mobility and WFH overstretched the capabilities of many IT departments. Security, in particular, fell badly behind in an increasingly distributed and autonomous workforce world. Not only are companies getting hacked in far greater numbers, but employee frustration has risen sharply. They are resigning in greater numbers than we have seen for decades. A talent crunch is emerging right at a time when more staff are badly needed across all functions. IT and security teams are threadbare in many cases. And good IT team members can’t be counted upon to stay loyal as headhunters are always looking to lure them elsewhere with higher pay.

Study Findings
The study discovered that relatively few employees are aware of security risks and corporate policies addressing these risks. 27% of employees only view security policies once per year or less. Similarly, 39% receive security awareness training less than once per year. Out of sight, out of mind appears to be the case. Instead of constant reminders, they get a quick dose of security training or policy awareness which is soon forgotten.

In any case, 41% believe security policies restrict the way they work. They just don’t accept that they shouldn’t use a USB drive or that they should be deprived of convenient online services. For example, 53% consider that they are more efficient using Dropbox and Gmail than their approved corporate tools.

Passwords came up as another major bone of contention. 31% of people use a password management tool. The other 69% select passwords that are easy to remember. There is a link here to EX. Most users have countless passwords, pins, logins and security safeguards they are supposed to remember. For work, most have dozens of passwords when you factor in HR, production tools, financial systems, payroll, benefits, corporate intranet, VPN, and email. And then there are personal accounts which often have to be accessed during work hours such as preferred hotel sites, airlines, personal banking, personal email, and more.

The policy may require 10-character passwords and that Xd! must be included – and must be changed every month. But when so many passwords and characters are in play and password managers aren’t trusted due to being a single point of failure, sloppiness is inevitable.

Bring Your Own Device (BYOD) reared its head as another area of big risk. The study found the use of BYOD has surged over the past two years. These days, 64% of people use personal devices for work. Unfortunately, less than a third of organizations have instituted a program to enhance BYOD security. On top of that, shadow IT has become an even bigger issue. IT has lost control of the use of the approval process for apps. As they often don’t control the devices, they don’t know what’s been put on them. Even when they do have some control, the accessibility of cloud and SaaS resources can make it hard to know if some department head or staffer has subscribed to online services. Some may be very secure. But many aren’t.

Bottom line: 72% of employees values their personal privacy over company security. In such a climate, security must rise to the challenge. It must be comprehensive, but it must also not inhibit the user from performing their duties. By automating security and delivering it over the cloud, Syxsense Enterprise provides real-time vulnerability monitoring and instant remediation for every single endpoint in an environment. This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution, Syxsense.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Passwords Will Get Hacked: Be Ready

By BlogNo Comments

Passwords Will Get Hacked: Be Ready

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

May 5th of 2022 was celebrated as World Password Day. News stories were everywhere about how to improve password security, the best ways to implement multi-factor authentication, why a stronger password policy was needed, and what tools to use to better educate users. All represent vital actions and approaches. But they won’t be enough. According to a Google study, 24% of personal and professional accounts have used “password,” “Qwerty” or “123456” as their account password. “Admin” is another popular one. And, of course, people often use their date of birth, or that of their spouse, children, or grandchildren – all of these are easily hacked.

The same Google study found that only a third of users change their passwords frequently. Most of the rest hope to never have to change a password ever again. When forced to do so by adding yet more digits as well as capitals, numbers, and symbols, they often feel resentment. Instead of enhancing security, such security policies often have a contrary effect. Some users get even sloppier: Post-It note reminders in open view; and writing down passwords in a log, or in a document in a computer file.

Meanwhile, the bad guys have gotten smarter, faster, and more devious. They have password guessing algorithms that can crack soft passwords in no time at all. That’s why users are regularly prompted to add to more digits to their password. Six digits were once enough. Then eight. Now it is ten or more.

As the number of passwords increases and they become more and more complex, the current industry solution is to use a password management tool. But Google found that less than a third of people use them. Many don’t trust them as they have then no idea about any of their passwords should an emergency arise such as losing their phone or laptop. Thus, more than two-thirds of users continue to select passwords that are relatively easy to remember. Made to use ten digits, they often choose 1Password! to get around the latest security policy inconvenience.

Helpful tips are everywhere attempting to explain to users why they must change their habits. These tips all make sense: Don’t use sequential numbers or letters, avoid the use of your birth year/month/day; combine letters, numbers, and symbols and use unrelated words; avoid the names or words found in dictionaries; use a password manager, and don’t reuse passwords. Yet user habits are proving hard to break.

Password Breaches Are Inevitable
No matter the security policies set, the number of digits demanded, or the multiple authentication factors demanded, there is one sad, inconvenient, and inevitable truth. The bad guys are going to crack a password somewhere in the enterprise – or convince some gullible person to click on a malicious link or attachment. There is no avoiding this fact.

Despite that, organizations must continue to set good password and security policy, enforce it tirelessly, and add as many safeguards as they can to minimize the chances of password breaches. But they must understand, too, that a password somewhere or other will be hacked – and maybe it already has.

That’s why organizations must regularly scan the network and all devices for potential vulnerabilities. Vulnerability scanning is a proven way to prevent cyber security attacks. Scans will quickly detect any signs of a breach: where a password has been compromised, the back doors and ports re-configured by hackers, and any signs of data exfiltration attempts. IT can then prevent serious damage. By scanning authorization issues, security implementations, and antivirus status, vulnerability scans offer insights into any misconfigurations or compliance violations that may be present. By addressing these rapidly, the organization greatly reduces its attack surface and minimizes the chances of a breach.

The Syxsense vulnerability scanner is not only a complete security management package, but it is also effortless to employ with a user-friendly interface. As it is automated, that allows IT to focus on priority tasks while it scans and secures the system. Decide how often and for how long it should run, and the scanner runs monitors and secures the entire network at the pre-determined frequency and time. It also is available in an automated and integrated suite that includes patch management, mobile device management, and IT management.
For more information:

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Case Study: How Organizations Can Affordably Gain Security Technology and Expertise

By BlogNo Comments

Case Study: How Organizations Can Affordably Gain Security Technology and Expertise

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Faced with a shocking increase in security threats – a 500% increase in cybercrime in the last two years, according to one study – many organizations have responded by making a firm decision to hire experienced IT security personnel and acquire the latest and greatest security tools. But the price tag for top talent and feature-rich security suites quickly makes them reassess their needs.

Yes, they want the very best and most experienced security executives. Yes, they need to manage their endpoints, deploy patches, make their mobility options more secure, and be able to quickly spot potential vulnerabilities. But how do they afford it?

One approach that is gaining serious traction is to outsource many of these duties as possible. That can come in the form of “hiring” a virtual security executive or using a managed service provider (MSP) to take care of many IT security functions or doing both.

H2Cyber, for example, offers virtual Chief Information Security Officer (vCISO) services in addition to cybersecurity and risk management services. This cybersecurity executive management firm operates a highly skilled and experienced team of security consultants. This wealth of talent is at the disposal of anyone paying a monthly fee to gain their own vCISO. And it’s a lot more affordable than a full-time security executive. The average salary of a CISO is $273,030 in the U.S, and states such as New York and others are now requiring organizations in certain markets must assign someone to that position.

“It is merely a matter of time before a regulatory body or threat actor comes upon your business,” said Paul Horn, Founder & CEO of H2Cyber. “Regulators will be looking to make sure you have basic cybersecurity measures in place to reduce the risk of a cyberattack as well as having required safeguards in place to protect client and customer information. Threat actors, on the other hand, will look to exploit the lack of basic safeguards regardless of your company’s size.”

H2Cyber helps its clientele avoid breaches by delivering vCISO services and offering cyber-strategy advice.

“A vCISO allows the organization to navigate through the increasing number of cybersecurity regulations by building a comprehensive cybersecurity program accounting for compliance and security,” said Paul Horn, Founder & CEO of H2Cyber. “Just because an organization is compliant doesn’t mean they are secure: it is a game of risk management.”

H2Cyber’s team makes its money in C-level advice and expertise. Its focus is squarely on the strategic and executive side of security, not on the nuts and bolts of applications such as backup and patch management. Yet its customers typically want more than a vCISO to advise on strategy as well as how to streamline interaction between business and IT. They also want recommendations about the right security tools and services to deploy to take care of potential incursions and threats such as ransomware. For that side of the business, H2Cyber outsources services to other MSPs. This enables its trained resources to focus on vCISO duties and other core competencies.

“Our customers want to know what works; they don’t have time to research and evaluate the different solutions out there, so they expect us to find the best MSP services for their needs,” said Horn.

His company operates a relatively lean infrastructure consisting of cloud services via Microsoft Azure and Amazon Web Services (AWS). It augments a small data center with MSP services, leveraging white-labeled products where possible. These services include cybersecurity compliance, antivirus, and cyber security support.

Syxsense, for example, is used by H2Cyber for vulnerability scanning, and other IT security services that help its clients remediate software and OS vulnerabilities such as incorrect or misconfigured settings. Patch management services, too, are provided by Syxsense. Horn noted that there are many patch management solutions to choose from. However, many require assets to be on-premises, only patch Windows-based systems and don’t offer management of mobile devices.

“Syxsense allows you to manage not just Windows, but Linux as well as Apple,” said Horn. “The Syxsense Secure platform allows the pushing of patches automatically and provides the necessary security and vulnerability discovery within our systems.”

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Secure Wins Global InfoSec Award for Most Comprehensive Endpoint Security Solution at RSA Conference 2022

By News, Press ReleaseNo Comments

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Syxsense Secure is the first Unified Endpoint Security Management platform to centralize vulnerabilities, patch, and compliance management

 

ALISO VIEJO, Calif. – [June 6, 2022] – Syxsense, a global leader in IT and security management solutions, today announced that Syxsense Secure has won the Global InfoSec Award for Most Comprehensive Endpoint Security Solution at the RSA Conference 2022. The Global InfoSec Awards, presented by Cyber Defense Magazine (CDM), honor leading infosec companies and products from around the globe. Judges are CISSP, FMDHS, CEH, certified security professionals that voted based on their independent review of company submitted materials.

“Syxsense embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

Syxsense Secure is the first Unified Endpoint Security Management platform that centralizes the three key elements of endpoint security management – vulnerabilities, patch, and compliance. The product includes a powerful workflow automation tool and engine called Syxsense Cortex™ that remediates and eliminates endpoint security weaknesses by giving customers access to pre-built remediation workflows that they can simply approve and apply in their own environment (or customers can also quickly create custom workflows). This is all done through a single, cloud-based, drag and drop management interface. This gives security and IT teams comprehensive vulnerability detection, automated workflow intelligence, accurate patch vulnerability detection, complete real-time remediation and much more, all through a secure centralized cloud solution that delivers 100 percent visibility and asset management.

“Organizations are under increasing stress to secure data on the network and at endpoints due to the shift to remote and hybrid work models. This is driving security teams to deploy emerging and advanced endpoint protections that can streamline the identification of security vulnerabilities, and manage configuration and software compliance,” said Ashley Leonard, Founder and CEO at Syxsense. “Being recognized by CDM as the Most Comprehensive Endpoint Security Solution is further validation that our efforts are resonating with teams looking to consolidate functionality and streamline security process.”

For information about the RSA Conference 2022 visit https://www.rsaconference.com/usa.

For a demo of Syxsense Secure or the new Syxsense Enterprise, click here.

About CDM InfoSec Awards

This is Cyber Defense Magazine’s tenth year of honoring InfoSec innovators from around the Globe. Our submission requirements are for any startup, early stage, later stage, or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at www.cyberdefenseawards.com

 

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

 

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo