Skip to main content
Tag

internet of things

|||

Endpoint Security vs. Antivirus

By Patch Management

Antivirus Software is Nice, But It’s Not Enough for Full Endpoint Security

Are your current security measures enough to protect your network’s endpoints? Explore the key differences between antivirus software and EDR tools.

As we previously pointed out in our “Endpoint Security 2020: What Your Need to Know” article: “Cyberattacks are growing more complex and difficult to prevent, and this will only accelerate in the future, thus making endpoint security a top goal in 2020.” Given the news of late, there can be no doubting the importance of this..

You probably already have information-security measures in place in your organization, such as firewalls and antivirus software. But you might be wondering if what you have in place is sufficient to properly protect all of your network’s endpoints.

Unfortunately, the question—and answers—might not be that simple. As pointed out by SolutionsReview, it’s important to understand the historical significance of antivirus software. Such tools—the origins of which date back more than 30 years—represent the wellspring from which other, more sophisticated, cybersecurity tools and techniques would emerges.

The late 1980s and early 1990s marked the debut of antivirus products from developers such as Symantec, McAfee and Sophos, in addition to the founding of cybersecurity research groups such as the Computer Antivirus Research Organization.

Now, three decades later, antivirus tools are part of standard operating procedure for virtually all professional-grade desktops and laptops—as well as a considerable number of the smartphones and tablets used by enterprise staff. Plenty of consumers also use such applications.

The Inherent Limits of Antivirus Control

In the majority cases, antivirus software exists in the background, only showing its presence when a threat is detected. While certainly valuable, there is a clear limitation to antivirus software: it only functions as a defensive measure when an active threat has made itself known. It does not have much in the way of counteroffensive tools, nor does it have the broader scope of functionality available through endpoint detection and response (EDR) tools.

Additionally, many legacy antivirus programs—and even some of the more recent versions—are all too often limited to detecting the presence of signature-based cyberthreats. While a significant number of the well-known malware and exploit tools used by modern hackers have signatures embedded in their code that an up-to-date antivirus platform can identify, there are also plenty that haven’t had their signatures cataloged yet. Malware that lacks signatures altogether is also becoming increasingly common, according to TechTarget.

Perhaps most alarming of all is that many cyberattacks today eschew files entirely. Instead, they use innocuous-looking links to trigger garden-variety programs such as Flash and Windows PowerShell, the latter of which can be compromised through remote manipulation of the command line with relative ease.

As CSO explained, these collect data from the victimized machine and relay it to the hacker who originated the attack, allowing that interloper to seize further control of a device and subsequently deliver more exploits. An entire network could be devastated this way, and many antivirus tools would most likely have never seen it coming.

The Ponemon Institute’s 2018 State of Endpoint Security Report noted that 35% of that year’s malware attacks were fileless, while projecting that figure to increase to 38% for 2019. In the years to come, it’s entirely possible that fileless exploits will constitute a significant majority of the cyberattacks deployed against all businesses and public-sector organizations, leaving antivirus tools even more in the lurch.

Moving Ahead to Endpoint Protection

Back in 2015, in a guest blog post for Politico, engineer and futurist David Evans estimated that about 127 new endpoints were being added to the internet of things every second, all over the world. More recently, Gartner projected that IoT growth had reached the point at which there would be approximately 5.8 billion endpoints in the global enterprise and automotive markets alone by the end of 2020, marking 21% growth from the previous year.

According to the SANS study “Understanding the (True) Cost of Endpoint Management,” 61% of the respondents said their organizations had more than 1,000 user endpoints, while 5% claimed to have 100,000 or more. And the risk to small businesses is no less real and significant than that facing medium-sized and enterprise-level companies. Per Verizon’s Mobile Security Index 2019, 88% of firms with 500 or fewer workers acknowledged that endpoint security was a serious hazard to their operations, and that it will only get worse.

EDR to the Rescue

EDR solutions emerged as a means of addressing the security issues created by increase in endpoints, IoT-relate or not. They are deployed according to the software-as-a-service model. Rather than continuously scanning the network and its various interconnected viruses for clear signatures of malware, EDR tools monitor user behaviors, looking for actions and operations that are out of the ordinary. This is sometimes referred to as “suspicious activity validation.”

The best EDR tools perform all of the classic functions of their cybersecurity predecessors, but leverage new methods to do so, including the use of artificial intelligence and machine learning. Furthermore, they are not limited to checking for conventional signatures to look for signs of potential malware intrusions; they also examine URLs, IP addresses, file hashes, and other data points.

How EDR from Syxsense Keeps you Protected

Cyber-attackers are not exactly the kind of folks who will limit their intrusions to business hours. Whatever they are up to—from monetary gain to state-sponsored intrusion—bad actors are always on the lookout for weak spots to take advantage of. IoT endpoints are among their favorites. Your organization deserves an EDR solution that is as constantly active—and aggressive—as cybercriminals are.

Syxsense Secure and Manage both provide enterprise users with the sort of always-on protection that is necessary to mitigate the broad spectrum of cybersecurity threats out there today. By allowing for comprehensive and real-time visibility into all endpoint activity, reporting on device inventory, quickly quarantining detected threats, and automatically patching all of your devices—be they Windows, Mac, or Linux—Syxsense solutions represent an efficient and meticulous approach to information-security needs.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Why Endpoint Detection and Response is Getting Harder in 2020

By Patch Management

Why Endpoint Detection and Response is Getting Harder in 2020

As the severity of cyberthreats increases, the demand for endpoint detection and response solutions across the globe is growing.

The demand for endpoint detection and response solutions across the globe is currently quite strong, with no signs of slowdown any time soon: Recent research by London-based firm Technavio predicts that the market for this type of cybersecurity software will grow by $7.67 billion between 2020 and 2024, representing a compound annual growth rate of 10%.

Why such robust growth in this space? The answer is both simple and unfortunately discomforting. It’s becoming more difficult for businesses, government departments and other organizations to feel secure with the endpoint protections they have in place.

No wonder, given that the severity (and sheer number) of cyberthreats out there is constantly growing. Today, we’ll take a look at what challenges organizations aiming to bolster the effectiveness of their information security may face — and how they might be able to overcome such hurdles.

More Devices = More Potential Weaknesses

Analysis from the researchers at Gartner projected in August 2019 that there would be 5.8 billion open endpoints to the internet of things around the world by the end of the following year: a 21% uptick from 2019’s number.

There’s no denying the utility and communicability that the IoT fosters for so many, but while marveling at those positive attributes you must also note the risks it poses. As the number of endpoints increases across your network — both inside and outside of the IoT realm — so do the potential points of weakness.

In fact, Infosecurity magazine reported in October 2019 that there had been more than 100 million attacks on IoT-connected devices in the first half of that year. Applications run on such devices can be particularly vulnerable.

According to TechRadar, facing up to the security threat represented by IoT device proliferation requires use of an endpoint security solution that can offer comprehensive visibility of all internal and external vulnerabilities. This vigilance must be constant and in real time.

Mounting Danger of New and Established Cyberthreats

IoT-focused cyberattacks, while relatively new in the cyberthreat landscape, have already done plenty of damage, with Wired citing the Mirai and Reaper botnet attacks of 2016 and 2017, respectively, as major examples of such malicious campaigns. The latter of those infected more than 1 million networks. The new versions of the threats coming through IoT endpoints will have the ability to be even more devastating, manifesting as complex dedicated denial of service attacks.

Other attack styles that are even more well-established, like phishing, are becoming even more dangerous in similar ways, according to Security Boulevard. Malicious actors have diversified and variegated the former’s capabilities so that these social engineering scams are no longer confined to emails that are relatively easy to detect: They can be deployed via text messages and even phone calls. AI plays a significant role here, as hackers are using it to mimic an organization’s in-house jargon and speech and thus make phishing expeditions harder to discover.

Last but not least, ransomware looks to pose a more grave threat than ever before. The extortionists using this malware saw plenty of success in 2019, attacking local governments all over the U.S., including Atlanta, Baltimore and New Orleans.

In one particularly brazen, widespread attack, hackers simultaneously hit the municipal networks of 22 Texas cities and towns, disabling countless web-based civic services and operations.

Although not all of those attacks netted hackers the ransom sums they demanded, the disturbing effectiveness of such efforts has likely emboldened cyber attackers, so bigger and more devastating ransomware campaigns are surely on the horizon for 2020. The same is almost certainly true for IoT-based and social engineering attacks. Only the strongest, most versatile threat detection and solutions will be capable of meeting major cyberthreats head-on, be they new attack types or updated versions of old standbys.

The Need for Quicker Responses to Threats

Opinions vary on how long it takes cyber attackers to breach a target that they’ve picked to bear the brunt of their hacks. Some say it falls between 15 and 10 hours, while others consider it more a matter of minutes, according to TechTarget. Either way, that’s an effectively minuscule time frame.

In an interview with Dark Reading, Dan Basile, executive director of security operations at Texas A&M University, noted that it while it’s ideal to find cyberthreats before they can do any harm — like removing a tumor before cancer metastasizes uncontrollably — this perfect-world plan of action isn’t always possible. Therefore the focus switches to quickly directing infosec defenses at a detected threat before permanent damage occurs. EDR needs to be a part of a quick-response strategy, along with application firewalls, network traffic analysis and other systems.

EDR Can’t Do It Alone

That last sentence in the section above represents another key point: EDR is (and will continue to be) more difficult if you expect it to carry the weight of all infosec responsibilities on its own. It must be deployed in concert with firewalls, encryption, multi-factor authentication, threat hunting and other tools. The support of an organizational culture aware of and focused on the gravity of contemporary cybersecurity threats is also essential.

Choosing Syxsense as your EDR solution gives businesses a considerable head start on their journey to crafting a reliably secure environment for your digital assets. Coupled with our comprehensive managed IT and patch management services, Syxsense can provide your organization the peace of mind it deserves. Contact us today to learn more or sign up for a free trial.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

FBI PSA: IoT Devices Targeted by Attackers

By News

The FBI has Released a New PSA

According to the alert, I-080218-PSA, actors with malicious intent have been actively using vulnerable IoT devices. Said devices act as proxies to route malicious traffic for cyber attacks and computer network exploitation.

This reinforces what we have been saying for a very long time. Ignoring or mismanaging IoT device security leaves organizations wide open to potentially devastating cyber attacks that could have far-reaching national and even international consequences.

The FBI warns that a large range of devices could be misused. Examples include routers, smart watches, IP phones, streaming devices, IP cameras, network attached storage devices, and network connected printers. The list goes on and on; any device connected to the internet could be targeted.

The alert states “Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.”

How can companies protect themselves?

The PSA suggests several methods for protection, but here is one to review. Detect and identify all IoT devices within your networks and then ensure they are up to date with the latest security patches.

Syxsense is the IT solution with the ability to detect IoT devices. Our discovery scan will show every device with an IP address connected to your networks. It is impossible to manage vulnerable devices if you don’t know they are there in the first place.

There’s a better way to manage IoT devices. Start your trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Ransomware in 2018 Has New Leverage

By News

Ransomware’s Unexpected Ally: GDPR

While the intentions of GDPR are positive, analysts are predicting an unintended side effect. Actors using ransomware to extort companies could use GDPR as leverage.

With the strict requirements to stay within GDPR compliance, actors can put pressure on victims to pay out as quickly as possible.

In addition, because GDPR requires the reporting of a cyber breach, reputations will be immediately damaged regardless of how the event turns out. Such reputational damage can cost entities significantly.

Insurance claims are the aftershock of ransomware

In 2017, the UK supermarket chain Morrisons faced a lawsuit regarding compromised data. Those persons who had their data compromised sought compensation, and were granted it by the court. This ruling sets the stage for any number of similar cases of people seeking damages from having their data stolen.

After having already dealt with the costs of fixing the breach and reputational damage, the ransomware event bites back again with these new costs.

The IoT is the next cyber-crime minefield

While not getting the attention it deserves, IoT ransomware attacks are on the rise. In addition, IoT devices are getting smarter, more pervasive, and starting to collect valuable data. This is an already vulnerable field that is only getting more dangerous.

Companies need to get an understanding on just how many IoT devices they have in their networks. Security can’t be maintained if it’s unclear what could be vulnerable.

The bottom line is this: cybercrime costs continue to increase rapidly and are expected to hit $2 trillion in 2019. What will you do to prepare your systems?

Syxsense is prepared to address the threats of today and tomorrow. With our Patch Manager, you can easily identify vulnerable devices and patch them immediately.

Our discovery feature can also show you just how many IoT devices sit inside your networks. With a clear picture of your environment, you can implement a solid protection strategy.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

100 Million IoT Devices Exposed

By News

Z-Wave IoT Devices Exposed

Z-Wave, a protocol primarily used for home automation, is vulnerable to security downgrade attacks.

According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart products. It is estimated that over 100 Million IoT devices are affected.

It turns out that a variant of this downgrade attack was discovered last year by cybersecurity consulting firm SensePost, but the vendor told experts at the time that the risk was being mitigated by users being notified when additional pairing of devices were established.

Manage the IoT

Syxsense will give you a simple view of all of the IoT devices and provide you the information you need to keep yourself better protected. Sign up for a free trial today to get started.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

FBI Warning: Reset Your Routers

By News

FBI, DHS, and UK Authorities issue warning over VPNFilter

The FBI, DHS and UK authorities have issued a warning for the VPNFilter malware threat. According to Alert TA18-145A, there are concerns that actors will use VPNFilter to target routers and “collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic.”

Cisco researchers have indicated the following devices are known to be vulnerable:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

The warning instructs that you install any new firmware for your routers and, after updating, reset your router. Even if you don’t have one of the listed devices, its recommended you update and reset your router as well.

Also, as a good practice and to protect yourself from repeat infection, ensure your router administration credentials are not set to the factor default.

According to Cisco’s Talos, the VPNFilter malware is known to have already infected at least 500,000 network devices across 54 countries.

This clearly illustrates an important IT lesson: relying solely on your firewall for protection isn’t enough. Malware is becoming more sophisticated and actors are looking for any way into your environment.

What to do:

IT departments need to keep their firmware up to date, but also keep patching regularly. Use a patching solution like Syxsense to ensure you’ll never have a lapse in important updates. CMS detects which devices need updates and the severity of those updates. Then you can schedule a time-frame in which to automatically deploy needed updates. This ensures every device is secured without interrupting business hours.

Check out a better way to manage your environment. Start a trial with Syxsense

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

The Rapid Rise of the IoT

By News

The IoT is Here to Stay: Risks Included

Research from Metova has revealed the current scale of smart product adoption in the United States.  According to Metova, 90 percent of U.S users now own some form of smart device.

This shows the IoT has truly reached mass adoption across the country. This also presents inherent risks to everyone connected to the Internet of Things. At this scale of growth, taking action to manage the IoT is critical and urgent.

Other observations include:

  • Over 90% surveyed have made a purchase of a connected home device.
  • Nearly 70% already have a voice-controlled system such as an Amazon Alexa or Google Home.
  • 58% percent of people who own a connected home device are concerned about how it may impact their privacy.
  • 74% of respondents think connected home devices are the wave of the future.
  • Over 30% who do not have a connected home device plan to make a purchase within the year.

Manage the IoT

Robert Brown, Director of Services for Verismic said, “As our ownership of smart technology expands, there will become a moment in time when you will no longer have the instant knowledge of the devices in your home or office which could be used to expose critical vulnerabilities, breach your network or steal your identity.

Syxsense will give you a simple view of all of the IoT devices in your home or office, and provide you the information you need to keep yourself better protected.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Third-Party Patch Update: April 2018

By News

Cisco Patches Vulnerability in WebEx

Cisco has just released a CVSS 9 rated update for its WebEx software. In their own words, the unpatched vulnerability “could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.”

The malicious party would share a Flash file via WebEx’s sharing capabilities to gain control of targeted devices.

So what is the best option here? We recommend rolling out the update or removing WebEx. Syxsense can facilitate whichever approach is best for your situation.

Our patch management solution can easily identify which devices are running the WebEx software. From there, setting up a task to deploy the updates is incredibly straight forward.

If you decide to remove WebEx, it’s almost exactly the same process, but at the last step, you select “Uninstall” instead of ‘Install.”

Use an IT management solution that works with you, not against you. Syxsense offers a simple, but powerful approach to patching. Automatically keeps desktops, laptops and remote users up-to-date with patches and software updates.

Start a free trial of Syxsense today.

Third-Party Patch Updates

Below is a table of third-party updates from April 2018:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

ActiveX: v29.0.0.140 – https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

 

Flash Player Plugin NPAPI: v29.0.0.140 – https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

 

Flash Player Plugin PPAPI: v29.0.0.140 – https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

 

N/A
 

 

Evernote Corporation  

Evernote: v6.11.2.7027 – https://evernote.com/download

 

N/A
FileZilla FTP Solution v3.32 – https://filezilla-project.org/versions.php

 

N/A
Google Browser  

Chrome: v66.0.3359.117 – https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

 

N/A
 

Malwarebytes

 

Antivirus  

Malwarebytes: v3.4.5.2467 – https://www.malwarebytes.com/support/releasehistory/

 

Oracle  

JavaJRE and JDK: v8u172 – http://www.oracle.com/technetwork/java/javase/8u172-relnotes-4308893.html

 

Wireshark Network Protocol Analyzer  

2.4.6 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html

 

N/A
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Ocean’s IoT: Casino Hacked Through Fish Tank

By News

Casino Infiltrated through Internet-Connected Fish Tank Thermometer

Picture this: Jazzy music underscores George Clooney’s Danny Ocean pulling off another daring heist. He’s gathered his crew and it’s go time. Their entry point? A fish tank in the lobby.

Okay, maybe that’s not the best physical access point, but it is how hackers stole data from an unnamed North American casino.

According to Nicole Eagan, CEO of Darktrace, malicious actors manipulated a vulnerability in an internet-connected fish tank thermometer and stole data the casino had collected on their high-roller gamblers.

This is yet another stunning example of how the IoT can create unconventional breaches.

The only way to protect your environment is to identify all connected devices. How can you expect to manage your environment if you don’t even know how many devices there are? Finding all those devices is no simple task; it’s estimated there are already over 8.4 billion connected devices!

Managing IoT Devices

Syxsense is at the forefront of IoT device management. Our discovery solution can detect every device connected to your network; not just desktops, laptops, and servers.

Plug the holes in your environment before they sink your ship.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Could Your IoT Devices be Hacked with a Google Search?

By News

Most Companies Are Unprepared for the IoT

Researchers at Ben-Gurion University warn that hackers have an unexpected resource in exploiting your environment: a Google search. IoT device manufactures set a default password for their devices, sometimes even sharing passwords between brands.

“It only took 30 minutes to find passwords for most of the devices [used in the testing] and some of them were found merely through a Google search of the brand,” said Omer Shwartz, a Ph.D. student and researcher at Ben-Gurion.

Thanks to a survey by ForeScout and CensusWide, we also have an eye-opening view into how unprepared companies are for the Internet of Things.

500 CIOs and IT managers provided data and here are the take aways:

  • Approximately 15% do no keep security patches up to date.
  • 47% don’t change the default passwords on devices.
  • Up to 46% said they did not have a full view of the devices connected to their networks.

This is startling. Nearly half of the businesses involved in the survey couldn’t even begin managing their IoT devices. With no way to see which devices are connected to their network, they wouldn’t be able to patch or manage vulnerable devices.

Myles Bray, vice president of EMEA at ForeScout, stated: “IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption.”

When asked about the results of the survey Natan Bandler, CEO and Co-Founder of Cy-OT, added “What is needed is a dedicated cybersecurity solution that is monitoring both the IoT device and its activity…By doing this, an organization will be able to detect when and which devices are at risk.”

IoT Device Management

To detect all of your IoT devices, look to Syxsense. Our product is the first to be able to scan and identify the IoT devices connected to your environments.

Learn more about our IoT capabilities with our video and by starting a trial today!

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo