Skip to main content
Tag

Guides

Zero trust project

Driving a Successful Zero Trust Project

By Zero TrustNo Comments
What is the Zero Trust mindset, and what are the basics of implementing a Zero Trust framework for IT security?

Zero Trust is commonly misunderstood as a single framework that can be deployed as an out-of-the-box solution for all your cybersecurity needs. In fact,

Zero Trust is a comprehensive and flexible trust model that eliminates the principle of implicit trust from inside and outside your network perimeter.

Download the eBook

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

2023 Endpoint Protection Guide

By Endpoint SecurityNo Comments

2023 Endpoint Protection Guide

As today's threat landscape becomes more unpredictable than ever, how do you mitigate risk? See the top strategies for protecting your endpoints in 2023.

Read the 2023 Endpoint Protection Guide

Today’s threat landscape is more unpredictable than ever in the wake of the COVID-19 pandemic and the ensuing “Work From Home” and hybrid work models, leaving organizations vulnerable to an increasing number of cyberattacks. See the top ways to protect your endpoints and mitigate risk in 2023.

Download the 2023 Endpoint Protection Guide

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Buyers Guide

2023 Patch Management Buyers Guide

By Patch ManagementNo Comments

2023 Patch Management Buyers Guide

How do you choose a patch management tool? See our list of essential questions that should be asked of vendors to identify the benefits of each system.

Read the 2023 Patch Management Buyers Guide

Selecting a new or replacement IT management or patch management system can be difficult, with many vendors offering what seems like similar features. This guide aims to provide a list of essential questions that should be asked of vendors to identify the benefits of each system.

Patch Management Buyers Guide 2023

Download the 2023 Patch Management Buyers Guide

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
syxsense scores high in gigaom report

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

By Endpoint Security, News, Patch ManagementNo Comments

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

We are excited to announce that Syxsense has been named a Fast Mover in the GigaOm Radar Report for Patch Management. This report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria, and provides a forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution.

This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic, which plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation, and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.

As a Fast Mover in Patch Management, Syxsense provides full coverage of Windows, macOS, and Linux desktops and servers, as well as mobile devices and remote systems. Our strengths lie in lifecycle management, patch testing, patch deployment, patch prioritization, and a large number of third-party applications. Syxsense also supports an API, allowing integration with other systems such as ITSM and CMDB. Our Patch Management solution is deployed as a SaaS application with agents installed on your organization’s endpoints, and is a good fit for market segments including mid-market, large enterprises, and MSPs.

To see the full report breakdown, fill out the form below:

syxsense award

Download the Full Report

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

By Endpoint SecurityNo Comments

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

Five ways to bolster your endpoint security defenses quickly

For years overstretched and under-resourced organizations have contended with a lack of robust cybersecurity expertise to defend their networks and data, leaving them ripe for attack or internal mutiny. As far back as 2016, 46% of businesses reported a “problematic shortage” of their current cybersecurity talent, which ballooned to more than 2.72 million in 2021. Not only is hiring a nightmare but getting talent proficient in cybersecurity is more challenging than ever.

When it comes to ensuring your endpoints and networks are secure, you can’t spend long cycles onboarding and training new talent. Threats don’t wait. You don’t have years! You need solutions that are simple to deploy, manage, and maintain. Threat actor tactics evolve quickly. Your endpoint defense must as well. This ebook will dive into the scary realities of overstretched and under-resourced teams, provide some tips on how you can improve endpoint security with limited staff, and offer a glimpse into how Syxsense helps automate your entire endpoint defense.

Download the eBook

Embracing the Zero Trust Mindset for Endpoints

By Zero TrustNo Comments

Embracing the Zero Trust Mindset for Endpoints

What is the Zero Trust mindset, and what are the basics of implementing a Zero Trust framework for IT security?

Zero Trust is a strategic security mindset that combines multiple security disciplines into a comprehensive solution. This white paper was written for Syxsense by Charles Kolodgy of Security Mindsets LLC. In the report, he explains the Zero Trust mindset, documents how it has evolved from concept to implementation, and walks through some basics around implementing a Zero Trust framework that you can utilize in your organization.

Embracing the Zero Trust Mindset for Endpoints

Download the White Paper

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||||

How to Automate BitLocker Encryption For Your Business

By NewsNo Comments

How to Automate BitLocker Encryption For Your Business

Enabling BitLocker across a fleet of remote machines can be a big undertaking. Find out how to manage and automate the process for your business.

Automate Bitlocker Encryption

Syxsense Cortex is the one-stop shop automation framework for managing Windows, MacOS and Linux devices. Syxsense Cortex is included in Syxsense Secure and comes with a ton of build-in functionality.

For now, we will be covering how you can use a Syxsense Cortex workflow to safely provision BitLocker hard drive encryption on a remote endpoint. Hard drive encryption is one part of the larger set of work required to keep your company data secure. If a laptop or desktop computer is stolen and the device does not have an encrypted hard drive, the perpetrators will then have immediate access to the contents of the hard drive. Adding encryption eliminates or drastically reduces the risk to the data stored on the stolen device.

Unfortunately, enabling BitLocker across an entire fleet of remote machines can be a huge undertaking. This is especially true if those devices don’t check into the corporate network frequently. Each endpoint will need to report in that has not been encrypted. Then, an appointment must be scheduled with the end user to configure encryption on their device.

Following this, a technician gets to encrypt the endpoint. And then finally the device needs to reboot before it can be returned to the end user. This process can take hours, days or even weeks to coordinate. That timeline provides a significant window of risk while the device remains unencrypted.

How to Remotely Manage BitLocker Encryption

Syxsense Cortex provides the solution to that unmaintainable workflow by automating the whole process. Below is a full workflow which performs the entire BitLocker provisioning process, step by step to completion.

There are three primary phases to this workflow: Initiation (Phase 1), Roll-Out (Phase 2), and Completion (Phase 3).

Phase 1: Initiation

Below is shown the first stage of this Syxsense Cortex workflow. Each block represents a specific task which is being performed during the workflow.

To trigger this workflow, a policy is deployed to the affected endpoints. The policy is set to run any time that an endpoint changes its network. Once triggered, the endpoint immediately checks to see if it is on the corporate network.

To do this, the endpoint performs a ping request against a known IP address or hostname which is located on the corporate network. If the endpoint is able ping that address successfully, the task will end, as we can assume that the endpoint is currently located in an office and is not a high-risk device. Having confirmed the status, the task will end.

Note: In this example we are assuming that this task will run before the endpoint connects to any corporate VPN. If that is not the case, we could include additional logic during Phase One to verify whether the endpoint is connected to the corporate network over a VPN.

If the ping request comes back negative, the device is likely a remote device. The Cortex workflow will then trigger a system check to verify the status of BitLocker. If BitLocker is enabled, the task will again quietly end. If BitLocker is not enabled, an email will be passed to an administrator distribution list. This email prompts the administrators to approve or deny the next phase of the workflow. Because of the disruptive nature of this workflow, maintaining this pause and check task will decrease the likelihood of a negative outcome.

The administrators will then need to verify that the endpoint does in fact need BitLocker activated. Once the request is verified and the owner of the device has been alerted, the workflow can then be approved for Phase 2.

Phase 2: Role Out

Once the initiation phase completes, the device now moves into the roll-out phase.

During the roll-out phase, the endpoint is temporarily quarantined. When quarantined, the end-user will be informed of the quarantine status. Then, a PowerShell script initiates on the endpoint, enabling BitLocker encryption. Once the device is encrypted, the end user is prompted to reboot their computer. For this workflow, we opted to allow the end user to delay the Reboot for up to 4 hours.

If at any point during the configuration phase, the task sequence fails, an email will be sent to the administrator distribution list, informing them of the failure. They can then choose to manually end the active quarantine, or manually finish the task sequence. Once the reboot is finished, the device moves into phase 3.

Phase 3: Completion

Once the device successfully reboots from the roll-out sequence, the endpoint will then enter the final phase of the workflow:

First, the device is removed from the quarantine. Then, a final success email gets generated and sent to the administrator distribution list. The administrator can then use the Syxsense Console to confirm that the device inventory for that endpoint now has an active BitLocker encryption status.

Experience the Power of Syxsense

In addition to Syxsense Cortex, here at Syxsense, we’re also dedicated to providing IT security solutions that integrate all the tools you need into one, easy-to-use interface. As the first IT management and security solution that brings together vulnerability scanning and patch management capabilities into a single interface in the cloud, Syxsense Secure is yet one more way that you can harden your IT security against all threats.

We call it the future of threat prevention, but all you need to know is that you’ll get the ability to stop breaches, patch and quarantine devices and collaborate with others in the IT department to identify and close attack vectors. With the Syxsense line of products, you can stay informed, manage, and take action with the click of a button.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Beginner’s Guide To Endpoint Security Software

By Patch ManagementNo Comments

Beginner’s Guide To Endpoint Security Software

Endpoint security software can be a critical tool for defending your organization from cyber attacks, vulnerabilities, and ransomware.

In 2018, 62% of businesses experienced a cyber attack, and in the first half of 2019 data breaches exposed 4.1 billion records.

We know that cybersecurity is a problem, but often we don’t know what to do about it, and unfortunately, the statistics show that the vast majority of companies are not prepared for attacks.

And the cause is that most businesses simply don’t know what to do to counter the cyberattacks. The answer is endpoint security.

What is Endpoint Security?

Endpoint security, as the name suggests, refers to securing endpoints. What are endpoints? They are end-user devices, such as computers, laptops, tablets, phones–even smart watches. Any computer that someone uses, no matter how small it may appear, is susceptible to attack and must be secured.

Endpoint security software is used by businesses, as opposed to individuals and homes who generally just use an antivirus software. The difference between a home’s antivirus software and a businesses endpoint security is big, but the main and critical difference is that endpoint security software secures an entire network, with all of that network’s endpoints responding in unison, via the cloud, rather than independently.

What Does Endpoint Security Software Do?

When a threat is detected, the endpoint’s user is notified and the software kicks into gear, activating its automatic protective measures. Some of these capabilities include, but are not limited to, antivirus management, integrated firewalls, network access control, whitelisting, intrusion detection and response, and root cause analysis.

The faster a security software is able to counter a threat and begin remediation, the lower the chances are that the threat will both spread and expose more breaches. It lowers the risk of downtime, which lowers the cost of the attack.

What Threats Does Endpoint Security Software Address?

Phishing

Phishing is one of the most common types of cyberattack. The attacker pretends to be someone or something else, trying to get the user to click on a malicious link or enter sensitive data.

For example, a phishing attack may send an email that appears to be from a company you trust, giving you a link to go to their website and login–but the email and website are fake, and by entering your login information you are handing over your login and password to the attacker. This type of attack has been used successfully to get access to corporate computers, to bank accounts, to email accounts, and much more.

Ransomware

Ransomware is an attack that targets the endpoint user’s files on their computer, encrypting them. Once the files have been encrypted, the user will get a ransom demand that they either pay a certain amount to regain access to their files, or the files will forever be lost. Often, these cyberattackers demand payment in the form of cryptocurrency like Bitcoin.

Data Theft

Perhaps the type of attack that gets the most news attention is data theft, where a cyberattacker will enter a user’s system and access data that belongs to the business. Often this data is customer data, including names, personal information, and payment information.

By doing this, the thieves can steal identities as well as sell the credit card or bank account numbers. These types of attack make the news because they impact so many people–often hundreds of millions of customers, such as in the Yahoo! breach, or the Equifax breach.

What’s the Difference Between Anti-Virus Software and Endpoint Security Software?

The main difference between anti-virus software and endpoint security software is in its scope. Anti-virus software will protect from many of the same things that endpoint security software does, but anti-virus software merely protects a single computer from these threats, its automated services locking down the computer and trying to isolate the problem.

While the anti-virus software may connect online to its company, like Norton or Kaspersky, and get information about the attack from them, it only solves the problem on that specific device.

Endpoint security software, on the other hand, protects the entire network, immediately going into defensive mode to find other malware and viruses. When one endpoint device is compromised, all of the devices are inspected.

Another difference is that endpoint security software is not necessarily installed on every computer, but is software attached to the network, whereas antivirus software is installed on each machine.

What Makes Endpoint Security Software So Important?

Endpoint security software is so important because businesses and organizations are under attack more than they ever have been before. Since 2014, security breaches have increased by 67%, and the average cost of a data breach is $3.92 million.

Some of the most notable breaches have been incredibly costly, such as the Equifax breach in 2017, which affected 147 million consumers and cost the company $4 billion.

And lest it be thought that these attacks only happen to big companies with millions of users, it is reported that 82% of small and medium sized businesses have had malware attacks that have successfully broken through their traditional antivirus solutions.

This problem is big, and it is expensive, both in dollars lost and in reputation damaged. And the problem is getting bigger all the time. Malware, viruses, and phishing attacks are all on the rise, and newer attacks, especially targeting mobile devices, are skyrocketing.

By getting an endpoint security system that is prepared for these attacks, companies are able to combat the threat of a single user accidentally infecting an entire workplace through one wrong click. It is far less expensive to act on this threat now, than wait until your computer system is the one under attack, being ransomed, or having been breached.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||Linux Screen||

The Best Way to Patch Linux OS

By Patch ManagementNo Comments

The Best Way to Patch Linux OS

Linux is generally considered a more reliable OS to apply updates to, but not patching will expose your environment just like any other operating system.

How to Patch Linux

If you ever visit a Patch Tuesday article, you will often find comments about using Linux because of its reliability and lack of updates. This is often a huge misconception in the Linux community. Each Linux OS is different and some of the examples below show updates that are needed only a week after the servers were last fully patched.

Installing individual updates for Linux is relatively easy, but it requires you to know the name of the update you want to install.

The following process takes some time due to the use of the command line scripts. However, we recommend you learn the basics of “bash” (Bourne Again Shell), which is the Unix shell since it will greatly help the understanding of the process.

Both experts and the community are correct that the updates are more reliable with almost no Blue / Black Screen of Death (BSOD), but that doesn’t mean Linux doesn’t need to be updated.

Getting Started

  1. Establish a secure SSH remote console to the server, e.g. Putty or Telnet
  2. Run the following command line: apt list –upgradable | grep “-security”

Understanding the resultant screen shot above is essential, as each line records details of the package name, the version it upgrades to and the version installed. For example, the screen shot includes the following:

apparmor/xenial-updates,xenial-security 2.10.95-0ubuntu2.11 amd64 [upgradable from: 2.10.95-0ubuntu2.10]

Legend

Red: Name of package

Green: Name of upgraded package

Purple: Installed version of package

Where is the Severity and Update Description?

If you are used to Microsoft Windows Update (WSUS), you will notice the output of the script only produces the name of the missing update package. In fact, unless you search for the package name on the specific Linux OS website you will never know what are more important than others, or what the package is actually fixing.

Many industry experts believe this knowledge is essential when choosing which to prioritize, especially since many don’t have the time to install packages which are actually not security-related or very low in severity.

On the other hand, how would a Linux administrator know which package fixes a zero-day vulnerability or were absolutely essential to apply? Let’s continue with the install process:

  1. Identify the update(s) you wish to install (copy and paste is really useful)
  2. Run the following command line: sudo apt-get install <package name>=<version> For example, sudo apt-get install apparmor=2.10.95-0ubuntu2.11

Security Privileges

Because you are making changes to the system, your account must have SUDO security privileges, e.g. supervisor. Also pay attention to the spaces above as the command line needs to be exact in order to pass correctly to the Unix shell.

If you wish to install many updates at the same time, use a comma and paste the next update onto the line.

If you want to update a package to the latest version and not necessarily the version which has been detected, you can omit the version. However, this is not recommend or considered best practice due to the testing of specific versions of packages on your servers.

For example: sudo apt-get install apparmor

By default, all Linux packages are installed without a reboot.

Linux is generally considered a more reliable OS to apply updates to, but even so, the lack of patching will expose your environment just like any other operating system.

Patching Linux OS with Syxsense

Syxsense has many automation benefits to the manual patching methodology above. With the discovery process, all Linux devices can be detected and inventoried. Our Patch Manager displays the packages missing just like the scripts above, only we include additional information that is important to IT managers like the description, the vendor severity, and the independent CVSS score which is the cutting edge of vulnerability severity assessment.

Identifying zero-day updates is made easy with the color coding of the interface. The scheduler used to deploy the updated packages allowed flexible timing and reboot behavior to be set with ease. Enable your Linux Administrator to utilize their resources more efficiently by allowing them to automate and report on the patching of your Linux environment.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||||||

The Ultimate Strategy for Server Patching

By Patch ManagementNo Comments

The Ultimate Strategy for Server Patching

Patching server environments is critical for preventing internal and external attacks. Discover the key success factors and strike a balance between effectiveness and efficiency.

Patching for Servers

Remediating server environments is crucially important to secure the environment from internal and external attacks as well as ensure stability and performance. Downtime, duration, and frequency are key factors for patching servers, as well as a healthy balance between effectiveness and efficiency.

When patching servers, downtime must always be minimized. A suitable downtime strategy should be utilized so that reboots are only performed when necessary, ensuring a faster operational turnaround when many updates are needed.

An effective patching strategy requires devices to be successfully remediated with few or no pending issues. It also means that the devices have been targeted with little downtime or resources, but no clear measure of success.

Ensuring an effective and efficient approach allows the end goal (a healthy environment) to be achieved at the lowest cost possible.

Change Management

One important factor in patching and also to achieve an effective remediation strategy is change management. This provides awareness about the upcoming changes in the environment and also to help from an auditing perspective.

Every organization attains a defined process based on their relative business needs. It’s highly recommended to use the Standard Change Template since remediation is a mandatory activity to be performed on a monthly basis.

Scheduling

Frequency and duration are additionally important to ensure efficiency. As mentioned, downtime must be minimized and scheduling appropriately helps to mitigate this risk.

For example, Microsoft recommends patching servers monthly; not quarterly. Plan the various scopes for patching and segregate the environment accordingly, such as Development, then User Acceptance, then Production, then Disaster Recovery.

When taking this approach and preparing any stakeholders/users for downtime, notifications may be sent beforehand so that the audience can best prepare. Gathering all information beforehand also allows for scheduling to be a simple process so that each additional month is easier than the last.

Ensure a proper communication channel is supplied so that there are no surprises.

Compliance and Reporting

Realtime task functionality displays where each and every server device is at its remediation stage, whether detecting, applying updates, or rebooting.

Pre-and Post-patching reports provided in numerous templates, including:

  • Detected Patches by Device
  • Top X Vulnerable Devices
  • Patch Deployment History by Device/Patch
  • HIPAA Compliance
  • SOX Compliance
  • PCI & DSS Compliance
  • Security Risk Assessment

Where Syxsense Manage Fits

Syxsense Manage allows all aspects of the patching process to be easily organized and prepared. Every patching task addresses the high level questions in a step-by-step format: where, what, and when.

Where

By organizing the inventory beforehand, the question of “where” is easily prepared. This also doesn’t need to be re-created every month. Leveraging site locations or dynamic filters based on inventory and/or logical organization data, the question of “where” only needs to be asked on the front-end.

What

Following change management procedures, patch content can be easily organized using patch groups. This ensures only the approved patches are deployed with each scheduled deployment task.

Keeping things easy: skipping an approval strategy can also be done by leveraging Syxsense Manage’s built-in detection logic so that only the applicable updates are deployed where the non-applicable updates are simply skipped.

Patch filters can also be used to dynamically deploy updates that share a common value, such as “Critical Patches”, leaving out the other updates of lower severity.

When

The toughest question is “when” and of course: when is best?

Every organization is different and Syxsense Manage provides multiple avenues for scheduling, such as on-demand, recurring in weekly intervals with missed-task options, as well as formal maintenance windows and blackout hours.

The most widely used option for server patching is maintenance windows. These establish pre-approved frequencies that may be re-used with every following month, but also protecting the users with schedule duration.

Maintenance windows can be scheduled at various times of day, daily, weekly, and monthly.

Reboots

Rebooting servers is where the concept of downtime comes into play.

Reboots can be forced for all, or none; however, reboots will typically be required every single month and must apply to secure the device with the latest updates.

Going back to the “where” step, devices can be targeted based on which require a reboot and which do not, ensuring only those that do will receive the reboot and others will not be touched.

Validating with end-users: although servers may not have an end-user, custom messages and timers can always be supplied so that the reboot may be postponed by the administrator.

Measuring downtime: by using realtime task functionality, Syxsense Manage can always visualize the reboot duration and end user choices.

Types of Servers

  • Physical
  • Virtual
  • On-Premise (Private)
  • Cloud (Public or Hybrid)

Operating Systems Supported

Windows

  • Windows Server 2008 R2
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Linux

  • Redhat 5.6, 5.7, 6.0, 6.5, 6.6, 6.8, 6.10, 7.1, 7.4, 7.6, 7.7, 8.1
  • Debian 6, 7, 8.5, 9, 10
  • SUSE 12,15
  • Oracle 5.8, 6.4, 6.7, 6.8, 7.0
  • Ubuntu 14, 16, 18
  • CentOS 6.8, 6.10, 7, 7.5
  • Fedora 13, 14

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo