Skip to main content
Tag

IT security

6 Rules for Securing Your Endpoints

6 Simple Rules for Securing Your Endpoints

By Patch ManagementNo Comments

6 Simple Rules for Securing Your Endpoints

It's never been more critical to manage and secure your endpoints. Here are six important rules for protecting your organization from IT security threats.

1. Always Be Patching

Managing software updates—and specifically patching endpoints—secures your organization from known threats. The appearance of new endpoint types—such as Internet of Things (IoT), Bring Your Own Device (BYOD), and other operating system and software vulnerabilities—requires countless patches. Always be patching if you want to stay ahead of the bad actors.

2. Seek Out All Endpoints

Think about your company’s network—how many devices are out there? Is the number of staggering? You had better give it some thought, because endpoints account for the vast majority of security breaches—estimates put the number at about 70 percent. And if you don’t know you have them, you can’t secure them.

3. Stay Current

You must adapt to the increasing complexity of hackers and their cyberattacks. Bad actors never sleep—they continually work to improve their cyberattacks, constantly evolving the threat landscape. Your organization, therefore, must deploy endpoint security solutions that will keep up with the deluge of malware that can be expected in the future.

4. Be Resilient

Experts suggest that companies must aim to be resilient, assuming that breaches are inevitable. Since endpoints are said to account for about 70 percent of all breaches, being able to find and fix an attack at an endpoint while continuing to operate your business effectively is the key to resilience. A threat or breach to an endpoint must not be allowed to demobilize your entire business.

5. Be Strategic

Many organizations have an inconsistent approach to endpoint security. Companies, today, must manage endpoint security strategically and begin to fully comprehend the risks associated with all endpoints. Not doing so can result in inadequacies in processes and procedures leaving endpoints open to attack and breaches.

6. Make It a Priority

Overall, endpoint security and cybersecurity need to become a priority in your organization’s business plans. Endpoint security doesn’t just protect your business—it preserves your reputation, reassures your customers, and streamlines your business processes. Without the necessary prioritization that cybersecurity demands, your endpoint security will most likely fail.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 29, 2022
Love0
||

The Great Resignation Requires Security Vigilance and Automation

By BlogNo Comments

The Great Resignation Requires Security Vigilance and Automation

From an IT security perspective, consequences from The Great Resignation demand extra vigilance and a greater degree of automation.

How the Great Resignation Is Affecting IT Departments

Many IT and security personnel quit or were laid off during the pandemic. And according to the Microsoft 2021 Work Trend Index, many more resignations are to be expected in the coming months. Some are even calling it the “Great Resignation.”

The Microsoft study found that 40% of people plan to change jobs. In IT:

  • 14% of those switching jobs want to move to a different company.
  • 11% plan to open a business.
  • 11% plan to go part-time.
  • 10% intend to move locations or become a contractor.
  • 8% intend to abandon IT.

There are a couple of important consequences of this from a security perspective that demand extra vigilance as well as a greater degree of automation.

IT Security Vigilance

IT and security are areas where personnel numbers have largely dwindled over the last decade or so. Organizations constantly demanded for more to be done by far fewer personnel. Whereas IT teams used to be split into networking, compute, application, storage, and security teams, the IT generalist has become the norm in many places. There are fewer people covering a lot more territory.

The cloud has accelerated this trend. Companies now dump a lot of traffic onto hyperscalers and convince themselves that they can make do with a threadbare internal crew.

But with one wave of personnel exits behind us and another one coming soon, the likelihood of internally generated breaches magnifies. Aberdeen Group recommends extra vigilance related to departing personnel taking data or IP with them. According to the research study, at least one in three (33%) reported data breaches involve an insider.

With the Great Resignation upon us, that number is likely to increase.

IT Security Automation

“Never was so much owed by so many to so few,” said British prime minister Winston Churchill during the Battle of Britain in 1940.

If he was a CIO today, that might be paraphrased to, “Never was so much been dumped onto the shoulders of so few.”

Threadbare IT and security departments are scrambling to cope with a surge of ransomware and a colossal increase in phishing and other threats. They typically work in an IT department where they are expected to generate apps like a genie in a magic lantern granting wishes to insatiable Line of Business (LOB) heads.

At the same time, they are told to digitize the business tomorrow, move everything to the cloud, and allow LOB managers to run their own cloud operations – while supporting a largely remote workforce. So, what is to be done?

Churchill also said: “If you’re going through hell, keep going.”

In today’s overstrained security environment, he may well have said, “If you’re going through hell, keep going – and automate.”

The only way to cope in this climate is to implement technologies that reduce the IT and security workload. Automation is the key. As many security duties as possible should be automated to relieve the burden on IT.

As much as possible, the security duties should be streamlined. Minimize the number of screens and dashboards that have to be reviewed. Find some way to cut the time it takes to go through logs – some systems analyze them automatically and provide IT with recommendations and summaries.

How Syxsense Can Help

Syxsense can help, too. It brings together IT management, vulnerability scanning and patch management in one integrated console. With the possibility of data exfiltration growing, it can help vulnerabilities that make it easier to transmit data out of the organization.

It can also spot open ports and other vulnerabilities that can be used to breach enterprise data. From a patching standpoint, Syxsense is the ideal way to automate patch management. It tests, prioritizes and deploys patches throughout the enterprise efficiently with minimal input from IT.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 25, 2021
Love0
|||

Microsoft Azure Vulnerability Affects Millions

By NewsNo Comments

Microsoft Azure Vulnerability Affects Millions

Microsoft warned that its Azure cloud computing platform had a vulnerability that potentially exposed data to hackers for years.

Microsoft Warns of Azure Vulnerability

Microsoft Azure is big business. It generates about 120,000 new subscriptions per month. Azure Active Directory currently hosts around three quarters of a million users. And 85% of Fortune 500 companies use Azure for their cloud computing needs. We are talking about brands such as Coca Cola, IBM, Gartner, Liberty Mutual Insurance, ExxonMobil, Walgreens, and Salesforce.com.

So it must have been quite a shock for the IT departments in some of these companies to wake up to a warning from Microsoft a few days ago that its Azure cloud computing platform had a vulnerability that had potentially been exposing their data to hackers for the past two years.

A recent blog post by Wiz outlined the flaw in Microsoft’s Azure Cosmos DB database that provided attackers with unrestricted access. A new visualization feature introduced in 2019 inadvertently opened that door. To make matters worse, that same feature was turned on by default after a Microsoft update at the beginning of 2021.

What is the Microsoft Azure vulnerability?

Researchers at Wiz warned that this is a very serious cloud vulnerability impacting the central database of Azure. Intruders can use it to swiftly obtain customer databases. Once published, Microsoft was quick to run interference on the breaking news. It claims there is no evidence that the vulnerability led to any illicit data access or exploitation by malicious actors.

But that doesn’t say the bad guys haven’t been using it. It simply means the company has failed to uncover concrete examples of unauthorized access during its ongoing investigations. There may be more revelations to come as investigators dig deeper, and the impacted companies check their own logs and systems.

Already in the Wild

The vulnerability has been in the wild for two years. And widespread news of it has been out there for about a month. Even though the faulty feature update has now been fixed and that route of entry has been disabled, there is still plenty of room for cyber-mischief.

It is a well-known fact that criminals find the most success by exploiting well-publicized security holes. For a variety of reasons, companies fail to take effective remedial action in a timely manner despite being warned about such issues. In some cases, they let high-priority security patches go undeployed for months. The reasons behind this range from overwork, cumbersome testing processes, and manual patching, to in some cases neglect.

In the case of this Azure problem, the companies impacted by the exploit are still required to manually change their primary access keys to mitigate exposure. The sad fact is that many won’t.

There is also the fact that if cybercriminals managed to gain entry before Microsoft fixed the problem, they could easily have installed other malware or backdoors to enable them to continue their nefarious actions.

What’s the Solution?

  1. Companies must take the required remedial action as required by Microsoft such as changing their access keys.
  2. All patches, especially high priority patches must be deployed, and verified to be in place.
  3. Vulnerability scans must immediately be conducted to determine if there is any anomalous behavior, unusual patterns, or other evidence of the presence of malware.
  4. Anything found must be investigated and remedied rapidly.

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. It also offers a way to consolidate IT management, vulnerability scanning, and patch management into one integrated suite.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 13, 2021
Love0
|||

How to Address Security Overwhelm

By NewsNo Comments

How to Address Security Overwhelm

Many businesses are breaking point when it comes to dealing with security incursions. What's the best way to deal with the overwhelm?

Security Overwhelm Is Impacting Businesses

Many businesses are at the breaking point when it comes to dealing with security incursions. They are overwhelmed. Instead of spending their time expanding the business, generating sales, devising strategies, and developing new products, they find themselves inundated with security threats. Viruses, spam, ransomware – it seems that every day another user is infected, or another system compromised.

The situation has deteriorated even further during the pandemic. With so many people working from home, the attack surface has greatly increased. Whether it’s a home computer, a consumer-grade router, or misguided browsing habits, the work-from-home brigade suffer from breaches for more than when they were in a more controller office environment – and that’s saying something.

Before Covid-19 emerged, office workers fell victim to phishing and other scams at alarming rate. It was not uncommon for corporate email addresses to be hijacked and all employees to suddenly get a message from the finance department prompting them to provide their login and banking details. But regardless of how poor the security picture in the office appeared, it is much worse at home. A study by Deloitte revealed that as many as 47% of home workers fall for phishing scams. The average cost of the resulting data breaches is places as high as $137,000.

Balancing Security Technology and Profitability

Email security comes up again and again as a top concern among SMBs. Ransomware, too, is a big concern. But SMBs are at a loss as to how to find the time and resources to fix such problems. The more people they hire (if they can hire them at all) to work on IT security, the more hours managers spend trying to enhance security, and the more security tools they deploy, the lower their profit margins go.

In some ways, it is similar to looking after a home. Yes, a few DIY lovers happily spend their weekends with tools in hand. But most are either too busy, want to focus their attention on the family or the game, or lack the skillsets to tackle home maintenance. Thus, they bring in outside help to clean their houses, attend to the garden, and fix the gutters.

Similarly, in business, most companies want to spend their time on their core competencies. If they are a mortgage broker, they want to work diligently from 9 until 5 administering as many real estate transactions as they can. If their days are interrupted by having to disinfect all employee laptops, or worse, being locked out of all systems by ransomware, they don’t get work done and profits falter. Just like homeowners, they need outside assistance. 

Outsource Your Security Services

That’s where managed security services come in. Syxsense offers managed services to take care of some of the most critical areas in the fight against cybercrime – patch management and vulnerability scanning.

  • Yes, internal SMB resources can manually review, test, and deploy patches across all servers and laptops. But that eats up a lot of time.
  • Yes, the boss, or the assigned person responsible for IT, can watch YouTube videos on how to conduct vulnerability scans – you can also watch videos on how to fly a jumbo jet. But who would attempt it in reality?

Security, these days, is such a complex area that it requires highly skilled resources. Increasingly, those resources have become too scarce or too expensive for most SMBs.

Syxsense Active Secure is a managed service that takes care of automated patch management, vulnerability scanning, and IT management duties.

By turning over those functions to Syxsense, the company can focus its attention on core duties and create expansion – and perhaps even free up enough time to tend to the garden!

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 2, 2021
Love0
||||||

Whitepaper: Avoiding Patch Doomsday

By Patch ManagementNo Comments

Whitepaper: Avoiding Patch Doomsday

In order to avoid Patch Doomsday, it is important for every organization to implement a strong patch management process.

Patch Management is More Critical than Ever

IT problems of any kind can have a negative impact on business success. At the same time, it can be shocking to learn that unpatched operating systems and application software are often responsible for the most IT problems.

Patches that resolve these problems are available—they are simply not being applied.

To reduce all of these issues and avoid Patch Doomsday, it is important for every organization to implement a strong patch management process.

Whitepaper

Avoiding Patch Doomsday

Unpatched applications and systems not only expose security risks, they also open the door to data loss and corruption, as well as performance and availability issues. Read our whitepaper to explore our best patch management practices and strategies.

Download PDF Guide

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
May 27, 2020
Love0
|||||||See and Stop Every Cyber Threat with Syxsense

The Cyber Impact of Coronavirus

By BlogNo Comments

The Cyber Impact of Coronavirus

With the rise of COVID-19, prepare for the cyber risks that your network could become exposed to when employees start working from home.

Work-from-Home Security with Coronavirus

For offices around the world, the possibility of having to send employees home indefinitely as the virus spreads is becoming very real. If your organization hasn’t needed work-from-home policies in place before now, it’s time to start building them. Here are some considerations to ensure your technology and security are ready for the cyber risks that your network becomes exposed to when employees work from home.

In recent weeks, precautions have been published by national health authorities in response to the Coronavirus (COVID-19) outbreak, as the World Health Organization declared the virus an international pandemic emergency on March 11, 2020.

The virus—a flu-like illness with a higher R0 score–has recently made its way to the U.S and Europe. This has caused a surge in organizations that are examining the risks involved with allowing employees to work from home.

Big corporations like Facebook and Microsoft are seeing the outbreak’s effects first. These were some of the first to send employees out to work from home—closing down entire office locations in some areas to prevent the spread of the virus. But for smaller organizations and those that haven’t incorporated remote working before now, haphazardly trying to have all employees work from home is a serious security risk.

As CDC professionals work to get a handle on this human virus, Syxsense combats the types of computer viruses that will undoubtedly affect remote workers and organizations during the coming influx of work-from-home.

What are the cybersecurity risks of working from home?

  • Home devices are likely to have unpatched and out-of-date software
  • Exposing sensitive corporate data
  • Wider attack vector for attackers

Preparing for Remote Users

A great first step is to think about and protect the endpoint from which the employee will be working.

Is it a laptop that belongs to your organization? It should already be subject to your organization’s cyber protections, including security software, rules regarding local admin access, web filtering, and application control. If you don’t have those protections in place, this is where you need to start.

For endpoint security, we recommend focusing on implementing key security solutions: patch management to quickly remediate potential security gaps, endpoint detection and response (EDR) to monitor for cyberattack activities on the endpoint device. In addition, we also recommend Two-factor Authentication (2FA) on important accounts, especially your remote access tool.

MFA is becoming more critical as organizations grow more digitally connected. Enabling MFA on user accounts, most-used online solutions, and other business tool accounts can ensure that a “hacked” password or a lucky guess isn’t the only layer of defense that stands between your accounts and a “bad guy” on the other end.

Patching is Critical

As more business infrastructure gets connected, Juniper Research data suggests that cybercrime will cost businesses over $2 trillion total. Nearly 60% of companies have experienced web-based attacks, phishing, social engineering attacks, malicious code, and botnets. 43% of attacks target small businesses with an average of 39 seconds between attacks.

Combining security scanning and patch management in a single console, Syxsense is the only product that not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.

If you’re not able to provide your employees with laptops or workstations they can take home, then you’ll need to make sure you have some way to protect their personal devices with standards similar to those of your corporate environment. This is vital, because there is a very real chance that some of your employees’ home devices may already be compromised.

The majority of home users, despite expressing security concerns, fail to follow cybersecurity best practices in their digital lives outside of work. In addition, many home laptop and desktop computers remain unprotected from malware and computer viruses, with one estimate showing that about 1/3 of computers worldwide become infected with malware (750 million in 2018).

Consider making your company’s security software available for your employees to install on their home systems, with emphasis on your Malware Prevention or AV. While this incurs some additional cost and administrative overhead, it may protect you from an easily-exploited attack vector. For added visibility into endpoint activity and security, consider adding an Endpoint Detection and Response (EDR) solution to alert on abnormal device behavior and signs of malicious attack activity.

Be aware that having your teams work from home using personal computers can introduce security risk factors that are out of your control—by allowing personal device use for company work, you are accepting that risk.

Provide Remote Access

  • Will you be using a remote desktop solution?
  • Are you going to allow direct connectivity to your corporate servers from remote employees?
  • Do most of your employees only require connectivity to a few cloud-based applications?

Your answers to these questions will dictate what sort of protections you need to put in place and what regulations to implement on the connectivity between your remote users and your internal infrastructure.

Ideally, you’ll want to put as many of the same protections in place for remote workers as you have for in-office workers. Make sure you’re scanning and logging all possible sessions, including VPN (Virtual Private Network) and RDP (Remote Desktop Protocol) logins, web traffic, SMB (Server Message Block) protocol access. If your firewall/VPN solution allows it, you should scan and log all sessions between your remote user and your internal systems, as well as restrict traffic to only what is necessary for each remote worker’s job role.

Whether your users will be working from company devices or whatever they’ve got at home, you want to ensure that you’re protected against data loss and theft as they access and share files across networks. This could mean implementing secure Remote Desktop solutions for users to work from and allowing users to use a corporate VPN to secure their connection when working from public or home wireless networks. If users’ traffic is as protected as possible, the risk of remote connectivity decreases significantly.

If possible, use web content filtering to continue to protect your remote employees from malicious websites and to preserve productivity.

Take advantage of two factor authentication everywhere possible. Specifically, protect your remote VPN, cloud applications, and admin sessions. While a token-based MFA solution like Google authenticator or FortiToken is best, any secondary authentication like SMS or email-based will be better than single factor logins.

Have a Support Plan for Remote Users

Your IT staff will likely need some remote support tools and be familiar with them when the time comes—especially if your work force isn’t used to working remotely. The number of calls to your support desk will increase dramatically, so make sure you’re ready to handle the influx of users struggling with new technologies for the first time.

An organization with a well-designed security policy and disaster recovery plan may find they already have a lot of these solutions in place. Working from home need not be any less secure than your office environment – just be sure to do some planning, set up some policies, and put effective measures in place.

In summary, here are some key Do’s and Don’ts for incorporating remote working into your organization:

Don’t:

  • Let your users use their home devices, if possible
  • Allow high-level asset access from remote users
  • Leave port 3389 (RDP) open and unsecured to the internet
  • Allow remote access to any administrative functions without requiring MFA. If possible, secure ALL remote connectivity with MFA.

Do:

  • Provide remote assistance options. End-users will most likely require aid while working remotely and Syxsense effortlessly provides remote control and monitoring tools, regardless of where the device(s) reside.
  • Log all remote access. If possible, log all sessions from VPN users to internal resources. Syxsense can be configured to allow remote users to securely remote connect back to corporate resources with end-user access, while ensuring the required authentication steps as well as logging all access.
  • Use MFA on every platform that supports it. The Syxsense console itself supports 2FA through Google Authenticator and email, as well as single sign-on through Okta and Azure.
  • Provide locked-down, encrypted systems (laptops, desktops or tablets) for your employees’ use. Syxsense always leverages a highly-secure connection back to the cloud to protect each and every device from external threats. Syxsense can also proactively monitor potential vulnerabilities while on external networks, but also quarantine devices should they offend corporate policy.
  • Keep all remotely accessible systems fully patched. Syxsense can easily schedule-up patch deployments for OS and third-party updates whenever desired, whether on-demand or on a routine basis whenever the device is best available. This ensures the latest vulnerabilities are remediated in a timely manner, even with zero-day situations or upgrades to Windows.

Turn to Syxsense for More Secure Endpoints

Endpoint security is a complex and multifaceted issue requiring vigilance and cooperation across all departments within any given organization. Turning to the broad complement of endpoint security solutions offered by Syxsense will be an excellent place for you to start.

  • For a “one-stop-shop” with vulnerability scanning, patch management and endpoint detection and response in one package, look no further than Syxsense Secure. Available as a standalone software product or alongside 24/7 managed services from our dedicated, experienced team.
  • The similarly comprehensive Syxsense Manage solution offers additional endpoint, OS and patch management oversight to complete the picture of meticulous and wide-ranging threat management.

Begin your organization’s journey toward airtight endpoint security with a free trial of Syxsense’s products and services.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 11, 2020
Love0
|||

Why You Should Combine Your IT Management and Security Operations Strategy

By Patch ManagementNo Comments

Why You Should Combine Your IT Management and Security Operations Strategy

The current IT security landscape is changing dramatically. How will the shift to endpoint detection and response (EDR) change your strategy?

How IT Security is Changing

Companies initially put up firewalls and installed antivirus software to prevent security breaches. But it wasn’t long before ransomware came along and shattered the status quo, shifting the focus to endpoint detection and response (EDR).

With that, the market for endpoint-security software exploded.

However, organizations are forced to cobble together a variety of barely compatible vendors to meet all of their cybersecurity needs. Multiple solutions with their own infrastructure, deployment processes, training, and ongoing management. With skyrocketing costs, one thing became crystal clear: Companies are searching for an option that combines systems management tools, EDR, and vulnerability/threat management in a single, seamless platform.

Being in the vanguard of systems and patch management, Syxsense is the first to combine endpoint management and security that provides greater efficiency between IT management and security teams. In today’s rapidly changing digital landscape, Syxsense is at the forefront of a security revolution.

With AI-driven threat protection, Syxsense enables customers to have a “sixth sense” for security vulnerabilities and breaches. That is the power of complete endpoint visibility and predictive technology.

The Current Security Landscape

A recent article by Enterprise Strategy Group (ESG) confirms this scenario: “ESG research shows that 77% of companies surveyed plan to move to an integrated security suite with a preference towards a single vendor, with an even split between companies who are looking to next-gen providers and those looking to the large, established security players.”

While security vendors continue to increase the efficacy of their preventative solutions, security users are demanding simplification in the security stack, wanting to work with fewer tools and vendors. ESG concluded that “this means that organizations will need to depend on today’s tools providers to bring together at least the core prevention, detection, and response capabilities, in addition to managed services to assist in the implementation and management of these functions.”

The Syxsense Advantage

Our strategy is to simplify technology, which includes the consolidation of siloed endpoint security tools into a single agent for centralized security functions; merging of endpoint protection platforms (EPP) and EDR; and combining pre-execution prevention, post-execution detection, and response/remediation.

Syxsense believes the time is right to include endpoint management in the EPP/EDR mix. This creates an opportunity for consolidated technology that unifies the essential pieces across all three functions for greater efficiency, collaboration, and reduced costs—especially for SMB and mid-market enterprises.

Cyber criminals never stop working, and neither does Syxsense. We will help you secure your network from criminals who never give up on finding new ways to steal your company’s data and cripple your business. That’s why we’ve created an end-to-end solution that combats security threats, start to finish. Built for businesses that have limited resources but still need innovative security technology, Syxsense has brought together all of the essential components required to secure your enterprise quickly and easily—today.

Until now, what this all meant to the IT and security teams looking to stay on top of things was chaos in the market for security software.

Simplifying Endpoint Security

Syxsense has done everything it can to end this chaos and simplify endpoint security in the 2020s. New endpoint types, such as Internet of Things (IoT), workforce trends such as Bring Your Own Device (BYOD), and operating system and software vulnerabilities that require countless patches across increasingly complex networks, make endpoint management a real slog.

Endpoint management challenges increase the risk for exposure to threats. If businesses fail at endpoint management, they will fall victim to a security breach that could have been avoided.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 18, 2020
Love0
|||

Endpoint Security vs. Antivirus

By Patch ManagementNo Comments

Antivirus Software is Nice, But It’s Not Enough for Full Endpoint Security

Are your current security measures enough to protect your network’s endpoints? Explore the key differences between antivirus software and EDR tools.

As we previously pointed out in our “Endpoint Security 2020: What Your Need to Know” article: “Cyberattacks are growing more complex and difficult to prevent, and this will only accelerate in the future, thus making endpoint security a top goal in 2020.” Given the news of late, there can be no doubting the importance of this..

You probably already have information-security measures in place in your organization, such as firewalls and antivirus software. But you might be wondering if what you have in place is sufficient to properly protect all of your network’s endpoints.

Unfortunately, the question—and answers—might not be that simple. As pointed out by SolutionsReview, it’s important to understand the historical significance of antivirus software. Such tools—the origins of which date back more than 30 years—represent the wellspring from which other, more sophisticated, cybersecurity tools and techniques would emerges.

The late 1980s and early 1990s marked the debut of antivirus products from developers such as Symantec, McAfee and Sophos, in addition to the founding of cybersecurity research groups such as the Computer Antivirus Research Organization.

Now, three decades later, antivirus tools are part of standard operating procedure for virtually all professional-grade desktops and laptops—as well as a considerable number of the smartphones and tablets used by enterprise staff. Plenty of consumers also use such applications.

The Inherent Limits of Antivirus Control

In the majority cases, antivirus software exists in the background, only showing its presence when a threat is detected. While certainly valuable, there is a clear limitation to antivirus software: it only functions as a defensive measure when an active threat has made itself known. It does not have much in the way of counteroffensive tools, nor does it have the broader scope of functionality available through endpoint detection and response (EDR) tools.

Additionally, many legacy antivirus programs—and even some of the more recent versions—are all too often limited to detecting the presence of signature-based cyberthreats. While a significant number of the well-known malware and exploit tools used by modern hackers have signatures embedded in their code that an up-to-date antivirus platform can identify, there are also plenty that haven’t had their signatures cataloged yet. Malware that lacks signatures altogether is also becoming increasingly common, according to TechTarget.

Perhaps most alarming of all is that many cyberattacks today eschew files entirely. Instead, they use innocuous-looking links to trigger garden-variety programs such as Flash and Windows PowerShell, the latter of which can be compromised through remote manipulation of the command line with relative ease.

As CSO explained, these collect data from the victimized machine and relay it to the hacker who originated the attack, allowing that interloper to seize further control of a device and subsequently deliver more exploits. An entire network could be devastated this way, and many antivirus tools would most likely have never seen it coming.

The Ponemon Institute’s 2018 State of Endpoint Security Report noted that 35% of that year’s malware attacks were fileless, while projecting that figure to increase to 38% for 2019. In the years to come, it’s entirely possible that fileless exploits will constitute a significant majority of the cyberattacks deployed against all businesses and public-sector organizations, leaving antivirus tools even more in the lurch.

Moving Ahead to Endpoint Protection

Back in 2015, in a guest blog post for Politico, engineer and futurist David Evans estimated that about 127 new endpoints were being added to the internet of things every second, all over the world. More recently, Gartner projected that IoT growth had reached the point at which there would be approximately 5.8 billion endpoints in the global enterprise and automotive markets alone by the end of 2020, marking 21% growth from the previous year.

According to the SANS study “Understanding the (True) Cost of Endpoint Management,” 61% of the respondents said their organizations had more than 1,000 user endpoints, while 5% claimed to have 100,000 or more. And the risk to small businesses is no less real and significant than that facing medium-sized and enterprise-level companies. Per Verizon’s Mobile Security Index 2019, 88% of firms with 500 or fewer workers acknowledged that endpoint security was a serious hazard to their operations, and that it will only get worse.

EDR to the Rescue

EDR solutions emerged as a means of addressing the security issues created by increase in endpoints, IoT-relate or not. They are deployed according to the software-as-a-service model. Rather than continuously scanning the network and its various interconnected viruses for clear signatures of malware, EDR tools monitor user behaviors, looking for actions and operations that are out of the ordinary. This is sometimes referred to as “suspicious activity validation.”

The best EDR tools perform all of the classic functions of their cybersecurity predecessors, but leverage new methods to do so, including the use of artificial intelligence and machine learning. Furthermore, they are not limited to checking for conventional signatures to look for signs of potential malware intrusions; they also examine URLs, IP addresses, file hashes, and other data points.

How EDR from Syxsense Keeps you Protected

Cyber-attackers are not exactly the kind of folks who will limit their intrusions to business hours. Whatever they are up to—from monetary gain to state-sponsored intrusion—bad actors are always on the lookout for weak spots to take advantage of. IoT endpoints are among their favorites. Your organization deserves an EDR solution that is as constantly active—and aggressive—as cybercriminals are.

Syxsense Secure and Manage both provide enterprise users with the sort of always-on protection that is necessary to mitigate the broad spectrum of cybersecurity threats out there today. By allowing for comprehensive and real-time visibility into all endpoint activity, reporting on device inventory, quickly quarantining detected threats, and automatically patching all of your devices—be they Windows, Mac, or Linux—Syxsense solutions represent an efficient and meticulous approach to information-security needs.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 10, 2020
Love0

Why Cybersecurity is a Challenge for Highly Distributed Enterprises

By Patch ManagementNo Comments

Why Cybersecurity is a Challenge for Highly Distributed Enterprises

Most enterprises are becoming highly distributed, and they must find a way to secure and defend their businesses.

There is no longer any doubt that one of the major challenges for enterprises of all sizes as we enter the ‘20s is information and network security. Simply put, “enterprises have a lot to worry about,” according to a recent article on InformationAge. And the job of dealing with cybersecurity continues to get increasingly complex.

To compound the problem, in today’s digital economy, an enterprise’s traditional boundaries are constantly being stretched. For instance, it’s estimated that there are more than 1.6 million remote or branch offices in the United States. And especially highly distributed enterprises must secure systems and data scattered across, not only these remote operations, but headquarters, the cloud, and elsewhere, as well. According to the article, every perimeter and endpoint must be protected, and networks must be continuously monitored to detect and mitigate attacks.

“This growing legion of remote offices and employees accessing systems and data on corporate networks and in public clouds . . . are creating opportunities for cyberattacks by exposing new entry points and unsecured devices, data, and applications,” writes Nick Ismail, the author of the InformationAge article. IT departments typically put a lot of focus on protecting the networks and systems within the four walls of their company HQ, he explains, but the branch offices and remote employees can introduce risky exposures that, if breached, can cause a great deal of damage.

Identifying Security Processes a Struggle

While companies agree that it is in the organization’s best interest to invest in solutions for all their offices and remote employees to prevent breaches, they struggle to identify straightforward and workable network-security processes. Often, remote workers and branch offices get short shrift. This is dangerous, says Ismail, since attackers often target the weakest link in an organization—including remote offices—in order to get to the larger corporate prizes. Given the many challenges involved in securing highly distributed enterprises, organizations must choose carefully when it comes time to select a security solution.

Bob Violino, writing for Security Boulevard, explained further: “A recent report from the Infosys Knowledge Institute (IKI) provides a clear picture of how important cyber security has become:

‘In today’s hyperconnected and digitized world, cyber security has become an important strategic imperative owing to the sophistication of cybercrime. Digital businesses require complex and distributed interactions among people, applications, and data—on-premise, off- premise, on mobile devices and in the cloud. The result is an increase in the attack surfaces that are hard to protect and defend.” In other words, most, if not all, enterprises are becoming highly distributed, and they must find a way to secure and defend.

Further, according to the IKI study cited, to help address these threats, organizations are deploying products and services such as security incident management, risk and compliance, and security awareness training.

To overcome some of these challenges, more than half of the organizations are focusing on adopting integrated security platforms and are working with technology and service integrator partners. Network segregation, threat intelligence platforms, and advanced threat protection are the most commonly implemented security tools.

Among the top trends that will shape the future of cyber security, according to the survey, are artificial intelligence; privacy and personal data protection; and blockchain and deception technologies.

Operational technology (OT) and the Internet of Things (IoT) “massively expand the scope of security strategy and operations.” As the enterprise perimeter continues to diminish and all enterprises become highly distributed, the study concluded, visibility into the environment will become tougher.

The Simple & Powerful Solution

Syxsense lets you see and manage all endpoints inside and outside the network, with coverage for all major operating systems and endpoints, including IoT devices.

Experience a complete solution to manage your environment anywhere, anytime. The intuitive features include software distribution, patch management and more—start your free trial today.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
October 29, 2019
Love0

Microsoft Warns Windows 10 1803 Users to Upgrade

By NewsNo Comments

Microsoft Warns Windows 10 1803 Users to Upgrade

Microsoft has started to display a warning to users running Windows 10 1803 that states the version is nearing end of support.

Support for Microsoft Windows 10 Version 1803 (April 2018 Update), on consumer-based licenses, will be ending in just a few weeks. Microsoft has already started recommending an update to all end-users before the forced upgrade begins.

“Windows 10, version 1803 will reach the end of servicing on November 12, 2019. This applies to the following editions* of Windows 10 released in April of 2018: Windows 10, version 1803, Home, Pro, Pro for Workstations, and IoT Core,” Microsoft published on their website. “These editions will no longer receive security updates after November 12, 2019. Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 to remain supported.”

Despite this only applying to non-enterprise licenses of Windows 10, since Enterprise and Education licenses will expire on November 10, 2020, it’s still imperative for all unsupported versions to be upgraded as soon as possible. Any unsupported devices will not receive the latest and greatest quality updates from Microsoft and will be left open to vulnerabilities until upgraded.

Earlier this year, Microsoft officials stated that they were putting AI algorithms in place that would automatically update those on older variants of Windows 10 directly to 1903, the May 29109 Update via the Windows Update service.

As of July 16, Microsoft started to initiate this upgrade for devices “that are at or nearing end of service and have not yet updated their device,” Microsoft’s documentation states.  “Based on a large number of devices running the April 2018 Update, that will reach end of 18 months of service [in November], we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process.”

Although this started back in June and we can only hope many personal devices have been automatically upgraded, end-users always seem to choose their own path and have been known to ‘turn-off’ the Windows Update services. Whether a personal device in a non-enterprise setting or versions of Windows 10 Pro being used within an organization, it’s still possible these consumer versions may exist within the industry and could potentially be left out-of-date as well as a major vulnerability within the network.

Leverage a Cloud-Based Solution

Trusting Windows Update alone, or even WSUS with Pro versions, may or may not bring these devices to a supported version.

Using a cloud-based solution to bring older Windows 10 devices up-to-date ensures success and standardization, whether devices are inside or outside the network.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
October 18, 2019
Love0