Skip to main content
Tag

GigaOm

Deploying Real Time Device Attestation and Configuration Compliance with Syxsense Cortex

May Spotlight Webinar: Vulnerability Management

By Spotlight Webinar, Video, Webinars

The Syxsense Spotlight Webinar Series is dedicated to teaching the fundamentals of cybersecurity.

In May’s class Syxsense’s Pre-Sales Manager, Graham Brooks, will demonstrate how to deploy and manage device trust using Syxsense Cortex.

Webinar on Demand

Graham Brooks

Hosted by: Graham Brooks, Syxsense Pre-Sales Manager

Graham is currently a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last 7 years. Before working at Syxsense he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCSA and Security Plus certifications.

April Spotlight Webinar: Vulnerability Management

By Spotlight Webinar, Video, Webinars

The Syxsense Spotlight Webinar Series is dedicated to teaching the fundamentals of cybersecurity.

In April’s class Syxsense’s Pre-Sales Manager, Graham Brooks, demonstrates how Syxsense eliminates “all those red lines” with real-time alerting, immediate device quarantining, automated remediation, and compliance reporting.

Webinar on Demand

Graham Brooks

Hosted by: Graham Brooks, Syxsense Pre-Sales Manager

Graham is currently a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last 7 years. Before working at Syxsense he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCSA and Security Plus certifications.

patch management

Patch Management Solutions: What Matters in a Vendor

By Blog, Patch Management

Far too many successful cyberattacks have involved known vulnerabilities that were allowed to go unaddressed.

While it’s clear that no organization can afford to approach patch management haphazardly, the reality is few IT teams have the time or resources to do anything other than pick and choose which urgent tasks will receive their attention. To avoid this conundrum, savvy organizations will look to the various commercially available patch management solutions to help their IT departments take a more comprehensive approach to this highly critical mission.

What are the Hard & Soft Metrics?

It’s important to understand that not all patch management tools are created equal. Careful consideration is essential to ensure that a particular vendor and its solutions will meet an organization’s needs amid a backdrop of ever-evolving cyber threats.

Evaluation should initially focus on the “hard metrics” to determine how a prospective vendor’s core product features stack up against an organization’s key technical criteria. Designating specific criteria – patch coverage, support for third-party patches, ease of deployment, etc. – as “table stakes” will allow an IT team to quickly and easily identify solutions that align with their needs and eliminate other vendors from as the evaluation process progresses.

From there, IT leaders and operations teams can move to reviewing solutions for “soft metrics.”

These include patch coverage and other attributes crucial to comprehensive patch management, as well as the “decision trigger” features that have the potential to impact an organization significantly. For example, many IT teams would find the ability to run patch management from the cloud to be a considerable advantage, especially when devices are dispersed beyond their organization’s network, as is common in today’s remote and hybrid work environments.

What are the Solution’s Reporting Capabilities?

The importance of reporting can’t be overstated when evaluating potential patch management solutions. When reporting is optimal, IT staff will spend far less time compiling documentation for their organization’s Board and other key decision-makers.

Merely reporting a complex list of vulnerabilities can make a report almost unintelligible. The best patch management solutions allow organizations to draw actionable insights from their reporting to drive valuable security improvements. In most cases, unified solutions will enable better reporting. This is especially true when an organization’s coverage needs extend beyond assets that patching would traditionally cover, such as hardware devices on the IOT side

Bottom line: If a choice must be made between key product features and reporting capabilities, organizations will be better served by sacrificing some technical criteria for the sake of optimal reporting.

Where is a Vendor Directing Future Investments?

It’s essential to know if a vendor is investing for the future (they all are), but also whether or not they’re investing in the direction of where market demand is headed and at a pace that will keep up with that demand.

Firmware patch management, for example, is quickly becoming a critical problem within the IOT space, as doing so within its interface and with its reporting simply isn’t scalable because it’s poised to become an essential feature for many – if not most – organizations moving forward, a prospective vendor should already be directing investment toward that area.

It’s also essential to determine whether or not a vendor is striking a good balance between maturing their existing patch management platform and introducing new features, as those that are will be better able to reduce some of the disruptions that can accompany future innovation.

What About Automation and AI?

More than a buzzword, automation has become a significant driver of conversations surrounding patch management. With IT staff constantly being asked to do more with less, organizations are prioritizing anything that will alleviate the load and increase satisfaction in their day-to-day work. By this point and in this environment, every vendor should be focusing on developing automation capabilities that will allow IT teams to spend less time setting up patch deployment and management.

While AI is not currently impacting the patch management space, it is poised to do so in the very near future. Current AI isn’t 100% accurate but does exceptionally well when solving incredibly complex issues where accuracy isn’t important. If it can help move the needle in terms of prioritizing tasks, identifying change, and automating tuning of the dial, patch management would be an ideal space for utilizing AI

Take Away

Patch management should never be left to chance.

By taking the time to identify the right patch management tool and vendor for their needs, organizations will be much better positioned to ward off cyberattacks and ensure business continuity even in the face of ever-evolving security threats.

For more insight on choosing a patch management solution, check out this webinar with GigaOm CTO and research analyst, Howard Holton: Analysts Insights: Gigaom Radar for Patch Management.

weak passwords

Don’t Let Weak Passwords Plague Your Enterprise

By Blog

The 2023 Weak Password Report once again highlighted how the breach of a password or user credential is one of the weakest links in enterprise security. When coupled with inconsistent patching, misconfigurations, and lack of vulnerability scanning, bad password practices are an easy path for malicious hackers.

In the report, researchers analyzed more than 800 million breached passwords worldwide to find the key trends, common denominators, and lessons learned.

These include:

  • 88% of passwords used in successful attacks consisted of 12 characters or less.
  • The most commonly breached passwords consisted of 8 characters.
  • Passwords containing only lowercase letters were the most common character combination found, making up 18.82% of passwords used in attacks.
  • The most common base terms used in passwords were: ‘password’, ‘admin’, ‘welcome’, and ‘p@ssw0rd’.
  • 83% of compromised passwords did not satisfy the length and complexity requirements of compliance or cybersecurity standards such as NIST, PCI, ICO for GDPR, HITRUST for HIPAA, and Cyber Essentials for NCSC.

Brute Force Attacks Remain Effective

A brute force attack is where an attacker tests different character combinations until they find the correct login information. These began with guesswork on the part of the hacker. Although still done that way using dates of birth and child names as clues, the modern approach is to computer-generate huge numbers of potential passwords until the right one is found. Another common tactic is to take passwords available on the dark web and test them on other websites used by that individual to see if they can gain access to additional accounts. This has a decent degree of success due to people reusing the same passwords or word/number combinations.

Unfortunately, even in large, sophisticated IT organizations, weak password hygiene is commonplace. The 2022 Nvidia breach, for example, unveiled thousands of employee passwords. They included the likes of ‘Nvidia’, ‘qwerty’ and ‘nvidia3d’ among them. The reality is that most individuals see passwords as a barrier to getting their work done or getting the information or systems they need. They aren’t going to choose technically complex passwords because it makes their lives more difficult.

Weak Password Examples That Many Think Are Strong

  • MyDog’sName123
  • Birthdate!9876
  • Password123!
  • Qwerty123456
  • ILoveYouForever
  • MyNameIsJohn
  • LetMeIn2023
  • Sunshine!123
  • 1Qazxsw2!
  • Abcdefgh12345

These weak password examples may incorporate a combination of letters, numbers, and special characters, as well as personal information. However, they are still weak because they can be easily guessed or targeted through common password-cracking techniques. It’s crucial to create unique and complex passwords that are not related to personal information or easily identifiable patterns.

Best Practices for Passwords

This is why organizations need to adopt security best practices that can enforce strong password security, such as:

  • Issue a clear policy on password hygiene, including the minimum number of characters and the use of upper case, lower case, numbers, and symbols.
  • Determine an acceptable period for password changes and enforce it. Most organizations choose 90 days, but standards vary on this subject, so you should check with the most relevant compliance requirements for your industry.
  • Use Security Awareness Training to educate users regularly on password best practices.

 Vulnerability Scanning Provides an Extra Layer of Protection

As is the case with most areas of cybersecurity, one system or methodology is never enough. A multi-layered approach is required. Password protection policies, technologies, and best practices must be supported by vulnerability scanning to ensure all devices and systems on the network are scanned regularly for potential vulnerabilities on endpoints that could be easily exploited with compromised credentials. Syxsense can help detect key signs of a potential attack by alerting IT and security operations teams to events or risks such as:

  • Multiple failed login attempts
  • Misconfigured or open ports
  • Outdated antivirus signatures
  • Disabled firewalls
  • Unpatched systems
  • Compliance violations

Syxsense vulnerability scans detect any weak spots on your endpoints that can put your enterprise and data at risk of getting stolen or altered. We mitigate risk by putting IT back in control of every device used in your organization. By highlighting potential issues, your organization can reduce its attack surface and minimize the chances of a breach.

The vulnerability scanner built into Syxsense Secure and Syxsense Enterprise is effortless to employ and has a user-friendly interface. Its automation features enable IT to focus on priority tasks while it scans and secures systems and data.

For more information, join us for a Lunch and Learn demo.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
business wire

Syxsense to Showcase New Endpoint Security and IT Management Automation Workflow Capabilities at RSA Conference 2023

By Cybersecurity, News, Press Release

Other activities include in-booth GigaOm analyst, Howard Holton, Blanton’s Bourbon 8 Bottle Horse Collection Giveaway, a Cortex Pub Crawl, and more.

NEWPORT BEACH, Calif.–(BUSINESS WIRE)–Syxsense, a global leader in Unified Security and Endpoint Management (USEM) solutions, today announced that it will showcase new updates to its flagship endpoint security and IT management platform, Syxsense Enterprise, at the RSA Conference in Booth #4339 in the South Expo at the Moscone Center in San Francisco, CA, on April 24-27.

Attendees can swing by the booth to get a demo of new and existing features. Syxsense is the first software vendor to unify vulnerability, patch, and compliance management, and layer on a powerful automation and workflow engine called Syxsense Cortex to improve the efficiency of IT operations and security teams. This unified solution allows organizations to better manage the endpoint vulnerability gap by utilizing workflows, pre-built playbooks, and sequences to automate the complexities of vulnerability detection and remediation. In addition to the new Syxsense Cortex updates, attendees visiting the Syxsense booth can also learn more about performance enhancements around device scanning, unmanaged device discovery, agent lockdown, and more.

“As the threat landscape grows and attackers become more sophisticated, organizations need to be able to quickly identify, assess, and remediate endpoint security and IT management issues,” said Ashley Leonard, Founder and CEO at Syxsense. “Syxsense gives customers that visibility and control, and we are excited to showcase some of our new capabilities at RSA. For organizations looking to reduce the burden of endpoint security and management, increase their security posture, and ensure compliance, Syxsense delivers the most powerful capabilities and automation technology for unified security and endpoint management.”

The RSA Conference is one of the largest international conference series designed to help IT and cybersecurity professionals strengthen their skillsets and improve organizational resiliency. Syxsense is proud to host Howard Holton, Chief Technology Officer and Analyst at GigaOm, in the Syxsense booth South Hall #4339 on Tuesday, April 25 from 4-6 PM PT, where he will be answering attendee questions about endpoint management, cybersecurity trends, and more.

Learn more about Syxsense Enterprise https://www.syxsense.com/enterprise.

About Syxsense

Syxsense is a leading software vendor providing endpoint security and IT operations management solutions to Managed Service Providers (MSPs), enterprises, and government organizations. Its solutions provide real-time visibility and control over endpoint devices, networks, and cloud infrastructure, helping organizations to protect against cyber threats, improve IT operations, and reduce risk. Syxsense is the first Unified Security and Endpoint Management (USEM) platform that centralizes the three key elements of endpoint security management: security and patch vulnerability management, remediation, and compliance controlled by a powerful drag-and-drop workflow automation technology called Syxsense Cortex™. Syxsense is a single cloud-based platform supporting Windows, Linux, Mac, and mobile devices on-premises and in the cloud. For more information, visit www.syxsense.com.

Contacts

PR Contact
Raymond Fenton
Voxus PR
rfenton@voxuspr.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The Zero Trust Mindset for Endpoints Webinar

By Video, Webinars, Zero Trust

Zero Trust with Charles Kolodgy and Ashley Leonard

The Zero Trust security framework is being embraced as a solution to address the most pressing cybersecurity concerns and has developed into a comprehensive strategy which requires close interaction between all types of security solutions, including Unified Endpoint Management, security automation, analytics, and threat intelligence.

Fill out the form to the right to view this webinar. Charles J. Kolodgy of Security Mindsets LLC and Ashley Leonard, Syxsense CEO discuss the Zero Trust mindset, its evolution from concept to implementation, the compatibility of a Zero Trust architecture and Unified Endpoint Management, and how device hygiene can be achieved through a comprehensive solution that fits within Zero Trust.

Upon Filling out the form for this Webinar,  you will receive a download of Charles Kolodgy’s white paper “Embracing the Zero Trust Mindset for Endpoints.”

Watch the Webinar

Ransomware Governments Under Attack

Ransomware on the Rise: Local Governments Under Attack

By Blog

Ransomware attacks against local governments are an increasingly common occurrence in recent years. According to a recent report, 330 ransomware attacks have been carried out against government systems over the past four years, with more than half a million individual records affected. These attacks also often disrupt essential services, such as online portals and payment systems. This can have serious consequences for local governments, as well as for those who rely on the services they provide.

Recent Attacks on Local Governments Highlight the Need for Stronger Cybersecurity Measures

There have been several recent ransomware attacks against local government organizations in the U.S. in recent years.

  • In August 2019, in a coordinated attack, 22 municipalities in Texas were simultaneously infiltrated by hackers, resulting in significant impact to their computer systems and disruption to local services.
  • In December 2019, the city of Pensacola, Florida, was hit by a ransomware attack that impacted its email and phone systems and online payment systems.
  • In May 2021, the city of Tulsa, Oklahoma, was hit by a ransomware attack that impacted more than 18,000 city files, some of them including information such as names, dates of birth, addresses, and driver’s licenses.
  • Just this month, the city of Oakland, California, was hit by a ransomware attack that exposed personal confidential data and took down the city’s computer systems for weeks.

The FBI’s Cyber Crime Center noted that “phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities” were “the top initial infection vectors for ransomware attacks in 2022.

The aftermath of attacks such as these makes one thing clear: local governments need stronger cybersecurity measures and more robust vulnerability and risk assessment. With continuous vulnerability scanning and comprehensive endpoint management, local governments can reduce their attack surface and give criminals one less entry point to launch an attack.

Limited Resources Pose a Challenge for Maintaining Secure IT Infrastructure

Consistently tight budgets have left local governments particularly vulnerable to ransomware attacks. Many local government organizations must use older hardware and software because they do not have the luxury of upgrading to newer technology. This can lead to systems and applications that may no longer be supported by vendors, with vendors supplying security updates or patches. Limited staffing resources have only compounded this issue, leaving many local government agencies unable to keep up with patching and other IT or security operations such as regular vulnerability scanning.

Many local government organizations have limited resources, small IT teams, and tight budgets, which make it difficult to keep up with the maintenance and support of current and older systems. With more devices being used to get work done, hastened by the pandemic and work-from-home initiatives, many IT and security teams don’t have a clear picture of how many devices are connected to the enterprise, much less whether those devices are up-to-date on patches and other security measures. This means they cannot monitor the health of devices accessing sensitive information, scan for potential issues on the devices, deploy patches, or enforce security controls that would limit their attack surface and reduce their exposure to these types of attacks.

While there are many challenges local governments face in managing and securing their endpoints, it is crucial that they do so. The best way for government organizations to prevent crippling cyber-attacks like ransomware is to implement best practices around patch management and vulnerability scanning.

Leveling the Playing Field

While attackers are targeting local governments more frequently due to outdated and vulnerable systems and limited resources, this does not mean that government organizations must be victims. Tools that consolidate management and security with automation can make these organizations less vulnerable to cyberattacks and reduce the burden on their budgets and staff. By implementing these measures with a tool that does the work for them, they can ensure their systems and sensitive data remain secure and protected.

Implementing best practices around patch management and vulnerability scanning is particularly important in these environments. Older devices may have unpatched operating system vulnerabilities or use software that has reached end-of-life from vendors that no longer release updates, leaving the devices exposed to risk. This does not mean that they should simply be left as-is, though. Other mitigations, especially policy-based security controls, can help reduce the risk from older devices and applications. Unified security and endpoint management (USEM) tools make it easy to implement these best practices by enabling patch management best practices, regularly scanning for vulnerabilities, and remediating vulnerabilities automatically. This ensures that the devices employees use to work and access sensitive data are managed and secure, while cutting off device access if it does not have the proper management and security profile.

Automating vulnerability scanning and patch management can make local governments less of a target for attackers. When vulnerabilities are quickly identified and addressed and software is regularly updated, the risk of a successful cyberattack is significantly reduced, making governments less likely targets in the future.

Find out how Syxsense helps local governments strengthen cybersecurity measures and keep endpoints secure. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
iot vulnerabilities in healthcare

Healthcare Under Attack

By Blog

According to a report by Comparitech, the healthcare field is attracting a lot of attention from cybercriminals; ransomware, in particular, has created chaos across the sector. In 2021 alone, there were more than 100 ransomware attacks that impacted around 2,300 healthcare organizations, including 20 million patient records. The 2022 report comes out later this year, but the forecast looks grim.

Estimates of the cost of these attacks is upwards of $8 billion and that’s just in downtime. The average number of days of downtime was six, although some organizations were offline a lot longer. In addition to this price tag were ransomware payments that varied anywhere from $250,000 to $5 million, such as TriValley Primary Care’s payment of $250,000, Allergy Partners payment of $1.75 million, and UF Health Central Florida’s payment of $5 million.

It’s clear that medical organizations are being targeted by cybercriminals. While the sheer size of the attack surface can make it seem impossible to change, this doesn’t have to be the case.

The Harm of Ransomware in Healthcare

Ransomware is a dangerous form of malware for any organization. But for the medical sector, it is particularly harmful because patient health and privacy is at risk. The effects of an attack can disrupt key systems or even shut them down, leaving healthcare providers without access to patient data and medical records. In addition, the already high cost of medical care will only increase as organizations struggle to operate efficiently due to ransomware disruption and payouts.

The financial repercussions from regulatory agencies when healthcare organizations fail to secure their systems and a breach occurs can be severe. The Health Insurance Portability and Accountability Act (HIPAA) regulations stipulate security policies to protect patients from unauthorized access to health records and medical history. Failing to comply with HIPAA regulations can leave businesses facing fines of up to $1.5 million, in addition to any payouts related to a resulting breach.

Such attacks are becoming all too common: Scripps Health, a network of five hospitals and 19 outpatient clinics in California, was infiltrated by ransomware in 2021 to the cost of more than $100 million. Two of its hospitals lost access to electronic medical record systems and offsite servers, leaving several units unable to provide care and requiring patients to be diverted to other facilities. Though the initial access vector for the breach remains unverified, an internal email distributed after the attack noted that Scripps added multi-factor authentication processes for remote access and mobile devices and new security software on 98% of all Scripps devices. This suggests that access rights to high-value databases and assets were not protected by foundational cybersecurity controls.

Protecting Hospitals and Patients from Ransomware

Medical organizations can take steps to prevent the spread of ransomware by updating security policies and ensuring the burden of compliance isn’t left to busy healthcare workers. While doctors and nurses provide care to patients, organizations can rely on tools that consolidate vulnerability scanning, patch management, and compliance reporting to monitor and secure their environment.

In the case of Scripps Health, a unified security and endpoint management (USEM) solution with user- and device-based, multifactor authentication controls and integration with existing IT infrastructure, such as Active Directory, could have ensured compliance with security policies that restrict access to confidential records. With USEM, healthcare organizations could automatically verify that users and devices had multifactor authentication set up and up-to-date security controls in place before users could gain access to critical data.

USEM solutions enable healthcare organizations to achieve and maintain compliance with regulations such as HIPAA, ensuring that patient data is protected, and healthcare organizations aren’t subject to the financial burden of fines and payouts.

Find out how Syxsense helps healthcare organizations identify, manage, and secure their endpoints. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
ransomware, msps, mssps

Ransomware Prevention with the help of MSPs/MSSPs

By Blog

In 2022, malicious actors carried out nearly 400 ransomware attacks on U.S. organizations, affecting over 21 million individual records, according to Comparitech.

With an average ransom demand of more than $4 million dollars, the cost of a ransomware attack continues to balloon. This figure does not take into account expenses tied to recovery costs, lost revenue because of operational downtime, and the loss of customer confidence that can follow an attack. On average, a business in the US lost nine days of operation due to ransomware-induced downtime, although some were locked out of their networks for several months.

Malicious hackers can easily scan the internet to find open ports and vulnerabilities to exploit. If a business fails to patch a program or update an operating system, or if IT systems are not configured properly, attackers can utilize these attack vectors to gain entry to systems and mount a ransomware attack.

Companies can be easily overwhelmed by the IT management and cybersecurity tasks that help keep their businesses running. They need to apply their skills to their core competencies, but they are having to throw more and more resources at cyber-defense. Instead of investing in the business to forward their strategic ambitions, budgets are getting eaten up by security expenditures.

It is easy to see how, for some businesses (especially small businesses), a ransomware attack can be catastrophic. Some never recover and permanently close their doors. It’s not surprising then that many businesses are turning to managed services providers and managed security service providers (MSPs/MSSPs) to help safeguard their business environments.

What Are MSPs: MSPs Make It Easy to Protect Your Business

MSPs/MSSPs have the flexibility to quickly bring on skilled resources and partner with innovative technology vendors to deliver management and security in one simple package. Further, partnering with MSPs/MSSPs take the burden of finding, vetting, purchasing, implementing, and managing IT systems and security products off of the company, leaving business owners to focus on their business.

MSPs/MSSPs are already leveraging Syxsense Enterprise, for example, to automate asset discovery, patch and endpoint management, mobile device management, and vulnerability management – all in one easy-to-use product. These services help businesses to avoid ransomware attacks by inventorying every endpoint on their networks, detecting all unpatched systems, vulnerabilities, and misconfigurations, and remediating them rapidly. And because of the automation built into the product, MSPs/MSSPs can utilize less staff to manage more customers. MSPs wishing to begin offering security services should select solutions and products that place the least technical and staffing burden on existing personnel.

For more information, schedule a demo today and find out how Syxsense can help MSPs/MSSPs grow their service offerings and drive greater customer value.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

March Spotlight Webinar: Vulnerability Remediation

By Spotlight Webinar, Video, Webinars

Syxsense Spotlight Webinar:

Vulnerability Remediation

Syxsense Senior Solutions Architect Graham Brooks will speak on Vulnerability Remediation, presenting the process of scanning for a specific vulnerability, and then remediating and reporting on that vulnerability.

Watch the Webinar