Skip to main content



Beyond the British Monarchy: Ransomware Goes Royal

By Blog

The trials and tribulations of the British royal family are not the only royalty making headlines these days. The Royal ransomware group, believed to have evolved from the notorious and now defunct Conti ransomware group, is making waves across the U.S. and the United Kingdom.

In its heyday, Conti claimed responsibility for multiple high-profile cyber-attacks, including the Costa Rican and Peruvian government systems, several well-known retailers, and the Irish healthcare service. However, Conti saw its operations effectively shut down over the summer of 2022 for a variety of reasons, including receiving too much government attention which had put a target on the group’s back. Many of the group’s members, though, remained at large. And many believe some of those members have formed the Royal group.

Royal started small and focused their attention on attacking the healthcare sector. But more recently, the Royal gang has risen to prominence. So much so that it is being labeled as one of the most active and dangerous ransomware gangs in the world today. To elevate the seriousness of the Royal gang, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory alerting critical infrastructure providers to review their ransomware prevention and detection strategies and providing insight into the technical details of how Royal members gain access and execute their attacks.

One reason for Royal’s success is the evolution of new techniques and ransomware variants. This makes it much easier for them to infiltrate and infect Linux hosts and VMware ESXi servers, for example. Hence the latest #StopRansomware advisory from CISA that lays out their tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs).

How the Royal Gang Gets Access to Your Enterprise

Some facets of the Royal ransomware variant are unique. But the tactics used to gain initial access to an enterprise are unsurprising. According to CISA, Royal used phishing attacks on two-thirds of its recent victims to gain entry. While there are some technical approaches that can remove phishing emails from the inbox, security awareness training is critical.

Another major attack vector for the Royal gang is to exploit the Remote Desktop Protocol (RDP). CISA found that 13.3% of Royal incidents used RDP for initial access. Other vectors of initial entry include exploitation of public-facing applications (such as a customer or client portal) and harvesting virtual private network (VPN) credentials from stealer logs or using brokers for initial access.

What Happens Under Royal’s Rule

Once Royal gains access to your enterprise, they launch a custom-made file encryption program. The malware disables antivirus software and exfiltrates large amounts of data before deploying ransomware, encrypting systems, and demanding funds. Ransom demands have ranged from $1 million to $11 million.

The most significant tactical shift in Royal ransomware is how files are encrypted to evade detection. Instead of encrypting all the data in all files, which can set off alarms with anomalous traffic patterns, files are only partially encrypted. Current ransomware protection defenses are not architected to spot partial encryption of files. CISA also noted that Royal utilizes double extortion – both demanding a ransom and threatening to publicly release sensitive data if the ransom is not paid.

After gang members have gained a beachhead in the enterprise, they use command and control (C2) infrastructure to download various tools to strengthen their foothold in the victim’s network. They can also take over remote monitoring and management software to move laterally across a network. Further, they can even harness legitimate pen testing tools like Cobalt Strike for data exfiltration.

Protecting Your Organization Against Royal Ransomware Gang

As part of the advisory, CISA issued several recommendations to mitigate cyber threats from ransomware in general, such as enabling and enforcing multifactor authentication, reviewing security awareness training on phishing emails, and more.

With the Royal gang, in particular, organizations should:

  • Keep all operating systems, software, and firmware up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.
  • Prioritize remediating known exploited vulnerabilities.
  • Review, monitor, and if possible, disable protocol and port usage.

Royal has proven that they can exploit RDP to gain initial access to enterprises and to infect out-of-date Linux devices to exploit ESXi virtual machines. Because of this, ensuring your endpoints and devices are up to date with the latest patches is critical. Patching can be cumbersome, but it doesn’t have to be difficult. Some patch management solutions provide a three-hour turnaround for the testing and delivery of new patches – and come equipped with technology to send software and patches across the wire once.

Taking your security processes a step further to monitor risky services or ports across your endpoints will only strengthen your security posture. Enterprises with a unified security and endpoint management (USEM) solution can implement these preventive measures quickly. USEM solutions easily discover all devices across your network and enable you to manage and patch any endpoints that are out of date – regardless of whether those devices are running Windows, Linux, or Mac. And, within the same product, you can run a vulnerability scan to identify risky services and ports that may be vulnerable to exploitation. For example, you can see a snapshot below from the Syxsense platform of devices that are running RDP without robust security controls in place.

If your organization is still struggling to manage endpoints, prioritize patching, and unsure if you have weak points that threat actors are looking to exploit, let’s have a conversation. You can schedule a one-on-one demo to find out how to improve your chances against a sophisticated ransomware group like Royal.

weak passwords

Don’t Let Weak Passwords Plague Your Enterprise

By Blog

The 2023 Weak Password Report once again highlighted how the breach of a password or user credential is one of the weakest links in enterprise security. When coupled with inconsistent patching, misconfigurations, and lack of vulnerability scanning, bad password practices are an easy path for malicious hackers.

In the report, researchers analyzed more than 800 million breached passwords worldwide to find the key trends, common denominators, and lessons learned.

These include:

  • 88% of passwords used in successful attacks consisted of 12 characters or less.
  • The most commonly breached passwords consisted of 8 characters.
  • Passwords containing only lowercase letters were the most common character combination found, making up 18.82% of passwords used in attacks.
  • The most common base terms used in passwords were: ‘password’, ‘admin’, ‘welcome’, and ‘p@ssw0rd’.
  • 83% of compromised passwords did not satisfy the length and complexity requirements of compliance or cybersecurity standards such as NIST, PCI, ICO for GDPR, HITRUST for HIPAA, and Cyber Essentials for NCSC.

Brute Force Attacks Remain Effective

A brute force attack is where an attacker tests different character combinations until they find the correct login information. These began with guesswork on the part of the hacker. Although still done that way using dates of birth and child names as clues, the modern approach is to computer-generate huge numbers of potential passwords until the right one is found. Another common tactic is to take passwords available on the dark web and test them on other websites used by that individual to see if they can gain access to additional accounts. This has a decent degree of success due to people reusing the same passwords or word/number combinations.

Unfortunately, even in large, sophisticated IT organizations, weak password hygiene is commonplace. The 2022 Nvidia breach, for example, unveiled thousands of employee passwords. They included the likes of ‘Nvidia’, ‘qwerty’ and ‘nvidia3d’ among them. The reality is that most individuals see passwords as a barrier to getting their work done or getting the information or systems they need. They aren’t going to choose technically complex passwords because it makes their lives more difficult.

Weak Password Examples That Many Think Are Strong

  • MyDog’sName123
  • Birthdate!9876
  • Password123!
  • Qwerty123456
  • ILoveYouForever
  • MyNameIsJohn
  • LetMeIn2023
  • Sunshine!123
  • 1Qazxsw2!
  • Abcdefgh12345

These weak password examples may incorporate a combination of letters, numbers, and special characters, as well as personal information. However, they are still weak because they can be easily guessed or targeted through common password-cracking techniques. It’s crucial to create unique and complex passwords that are not related to personal information or easily identifiable patterns.

Best Practices for Passwords

This is why organizations need to adopt security best practices that can enforce strong password security, such as:

  • Issue a clear policy on password hygiene, including the minimum number of characters and the use of upper case, lower case, numbers, and symbols.
  • Determine an acceptable period for password changes and enforce it. Most organizations choose 90 days, but standards vary on this subject, so you should check with the most relevant compliance requirements for your industry.
  • Use Security Awareness Training to educate users regularly on password best practices.

 Vulnerability Scanning Provides an Extra Layer of Protection

As is the case with most areas of cybersecurity, one system or methodology is never enough. A multi-layered approach is required. Password protection policies, technologies, and best practices must be supported by vulnerability scanning to ensure all devices and systems on the network are scanned regularly for potential vulnerabilities on endpoints that could be easily exploited with compromised credentials. Syxsense can help detect key signs of a potential attack by alerting IT and security operations teams to events or risks such as:

  • Multiple failed login attempts
  • Misconfigured or open ports
  • Outdated antivirus signatures
  • Disabled firewalls
  • Unpatched systems
  • Compliance violations

Syxsense vulnerability scans detect any weak spots on your endpoints that can put your enterprise and data at risk of getting stolen or altered. We mitigate risk by putting IT back in control of every device used in your organization. By highlighting potential issues, your organization can reduce its attack surface and minimize the chances of a breach.

The vulnerability scanner built into Syxsense Secure and Syxsense Enterprise is effortless to employ and has a user-friendly interface. Its automation features enable IT to focus on priority tasks while it scans and secures systems and data.

For more information, join us for a Lunch and Learn demo.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Ransomware Governments Under Attack

Ransomware on the Rise: Local Governments Under Attack

By Blog

Ransomware attacks against local governments are an increasingly common occurrence in recent years. According to a recent report, 330 ransomware attacks have been carried out against government systems over the past four years, with more than half a million individual records affected. These attacks also often disrupt essential services, such as online portals and payment systems. This can have serious consequences for local governments, as well as for those who rely on the services they provide.

Recent Attacks on Local Governments Highlight the Need for Stronger Cybersecurity Measures

There have been several recent ransomware attacks against local government organizations in the U.S. in recent years.

  • In August 2019, in a coordinated attack, 22 municipalities in Texas were simultaneously infiltrated by hackers, resulting in significant impact to their computer systems and disruption to local services.
  • In December 2019, the city of Pensacola, Florida, was hit by a ransomware attack that impacted its email and phone systems and online payment systems.
  • In May 2021, the city of Tulsa, Oklahoma, was hit by a ransomware attack that impacted more than 18,000 city files, some of them including information such as names, dates of birth, addresses, and driver’s licenses.
  • Just this month, the city of Oakland, California, was hit by a ransomware attack that exposed personal confidential data and took down the city’s computer systems for weeks.

The FBI’s Cyber Crime Center noted that “phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities” were “the top initial infection vectors for ransomware attacks in 2022.

The aftermath of attacks such as these makes one thing clear: local governments need stronger cybersecurity measures and more robust vulnerability and risk assessment. With continuous vulnerability scanning and comprehensive endpoint management, local governments can reduce their attack surface and give criminals one less entry point to launch an attack.

Limited Resources Pose a Challenge for Maintaining Secure IT Infrastructure

Consistently tight budgets have left local governments particularly vulnerable to ransomware attacks. Many local government organizations must use older hardware and software because they do not have the luxury of upgrading to newer technology. This can lead to systems and applications that may no longer be supported by vendors, with vendors supplying security updates or patches. Limited staffing resources have only compounded this issue, leaving many local government agencies unable to keep up with patching and other IT or security operations such as regular vulnerability scanning.

Many local government organizations have limited resources, small IT teams, and tight budgets, which make it difficult to keep up with the maintenance and support of current and older systems. With more devices being used to get work done, hastened by the pandemic and work-from-home initiatives, many IT and security teams don’t have a clear picture of how many devices are connected to the enterprise, much less whether those devices are up-to-date on patches and other security measures. This means they cannot monitor the health of devices accessing sensitive information, scan for potential issues on the devices, deploy patches, or enforce security controls that would limit their attack surface and reduce their exposure to these types of attacks.

While there are many challenges local governments face in managing and securing their endpoints, it is crucial that they do so. The best way for government organizations to prevent crippling cyber-attacks like ransomware is to implement best practices around patch management and vulnerability scanning.

Leveling the Playing Field

While attackers are targeting local governments more frequently due to outdated and vulnerable systems and limited resources, this does not mean that government organizations must be victims. Tools that consolidate management and security with automation can make these organizations less vulnerable to cyberattacks and reduce the burden on their budgets and staff. By implementing these measures with a tool that does the work for them, they can ensure their systems and sensitive data remain secure and protected.

Implementing best practices around patch management and vulnerability scanning is particularly important in these environments. Older devices may have unpatched operating system vulnerabilities or use software that has reached end-of-life from vendors that no longer release updates, leaving the devices exposed to risk. This does not mean that they should simply be left as-is, though. Other mitigations, especially policy-based security controls, can help reduce the risk from older devices and applications. Unified security and endpoint management (USEM) tools make it easy to implement these best practices by enabling patch management best practices, regularly scanning for vulnerabilities, and remediating vulnerabilities automatically. This ensures that the devices employees use to work and access sensitive data are managed and secure, while cutting off device access if it does not have the proper management and security profile.

Automating vulnerability scanning and patch management can make local governments less of a target for attackers. When vulnerabilities are quickly identified and addressed and software is regularly updated, the risk of a successful cyberattack is significantly reduced, making governments less likely targets in the future.

Find out how Syxsense helps local governments strengthen cybersecurity measures and keep endpoints secure. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
iot vulnerabilities in healthcare

Healthcare Under Attack

By Blog

According to a report by Comparitech, the healthcare field is attracting a lot of attention from cybercriminals; ransomware, in particular, has created chaos across the sector. In 2021 alone, there were more than 100 ransomware attacks that impacted around 2,300 healthcare organizations, including 20 million patient records. The 2022 report comes out later this year, but the forecast looks grim.

Estimates of the cost of these attacks is upwards of $8 billion and that’s just in downtime. The average number of days of downtime was six, although some organizations were offline a lot longer. In addition to this price tag were ransomware payments that varied anywhere from $250,000 to $5 million, such as TriValley Primary Care’s payment of $250,000, Allergy Partners payment of $1.75 million, and UF Health Central Florida’s payment of $5 million.

It’s clear that medical organizations are being targeted by cybercriminals. While the sheer size of the attack surface can make it seem impossible to change, this doesn’t have to be the case.

The Harm of Ransomware in Healthcare

Ransomware is a dangerous form of malware for any organization. But for the medical sector, it is particularly harmful because patient health and privacy is at risk. The effects of an attack can disrupt key systems or even shut them down, leaving healthcare providers without access to patient data and medical records. In addition, the already high cost of medical care will only increase as organizations struggle to operate efficiently due to ransomware disruption and payouts.

The financial repercussions from regulatory agencies when healthcare organizations fail to secure their systems and a breach occurs can be severe. The Health Insurance Portability and Accountability Act (HIPAA) regulations stipulate security policies to protect patients from unauthorized access to health records and medical history. Failing to comply with HIPAA regulations can leave businesses facing fines of up to $1.5 million, in addition to any payouts related to a resulting breach.

Such attacks are becoming all too common: Scripps Health, a network of five hospitals and 19 outpatient clinics in California, was infiltrated by ransomware in 2021 to the cost of more than $100 million. Two of its hospitals lost access to electronic medical record systems and offsite servers, leaving several units unable to provide care and requiring patients to be diverted to other facilities. Though the initial access vector for the breach remains unverified, an internal email distributed after the attack noted that Scripps added multi-factor authentication processes for remote access and mobile devices and new security software on 98% of all Scripps devices. This suggests that access rights to high-value databases and assets were not protected by foundational cybersecurity controls.

Protecting Hospitals and Patients from Ransomware

Medical organizations can take steps to prevent the spread of ransomware by updating security policies and ensuring the burden of compliance isn’t left to busy healthcare workers. While doctors and nurses provide care to patients, organizations can rely on tools that consolidate vulnerability scanning, patch management, and compliance reporting to monitor and secure their environment.

In the case of Scripps Health, a unified security and endpoint management (USEM) solution with user- and device-based, multifactor authentication controls and integration with existing IT infrastructure, such as Active Directory, could have ensured compliance with security policies that restrict access to confidential records. With USEM, healthcare organizations could automatically verify that users and devices had multifactor authentication set up and up-to-date security controls in place before users could gain access to critical data.

USEM solutions enable healthcare organizations to achieve and maintain compliance with regulations such as HIPAA, ensuring that patient data is protected, and healthcare organizations aren’t subject to the financial burden of fines and payouts.

Find out how Syxsense helps healthcare organizations identify, manage, and secure their endpoints. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
ransomware, msps, mssps

Ransomware Prevention with the help of MSPs/MSSPs

By Blog

In 2022, malicious actors carried out nearly 400 ransomware attacks on U.S. organizations, affecting over 21 million individual records, according to Comparitech.

With an average ransom demand of more than $4 million dollars, the cost of a ransomware attack continues to balloon. This figure does not take into account expenses tied to recovery costs, lost revenue because of operational downtime, and the loss of customer confidence that can follow an attack. On average, a business in the US lost nine days of operation due to ransomware-induced downtime, although some were locked out of their networks for several months.

Malicious hackers can easily scan the internet to find open ports and vulnerabilities to exploit. If a business fails to patch a program or update an operating system, or if IT systems are not configured properly, attackers can utilize these attack vectors to gain entry to systems and mount a ransomware attack.

Companies can be easily overwhelmed by the IT management and cybersecurity tasks that help keep their businesses running. They need to apply their skills to their core competencies, but they are having to throw more and more resources at cyber-defense. Instead of investing in the business to forward their strategic ambitions, budgets are getting eaten up by security expenditures.

It is easy to see how, for some businesses (especially small businesses), a ransomware attack can be catastrophic. Some never recover and permanently close their doors. It’s not surprising then that many businesses are turning to managed services providers and managed security service providers (MSPs/MSSPs) to help safeguard their business environments.

What Are MSPs: MSPs Make It Easy to Protect Your Business

MSPs/MSSPs have the flexibility to quickly bring on skilled resources and partner with innovative technology vendors to deliver management and security in one simple package. Further, partnering with MSPs/MSSPs take the burden of finding, vetting, purchasing, implementing, and managing IT systems and security products off of the company, leaving business owners to focus on their business.

MSPs/MSSPs are already leveraging Syxsense Enterprise, for example, to automate asset discovery, patch and endpoint management, mobile device management, and vulnerability management – all in one easy-to-use product. These services help businesses to avoid ransomware attacks by inventorying every endpoint on their networks, detecting all unpatched systems, vulnerabilities, and misconfigurations, and remediating them rapidly. And because of the automation built into the product, MSPs/MSSPs can utilize less staff to manage more customers. MSPs wishing to begin offering security services should select solutions and products that place the least technical and staffing burden on existing personnel.

For more information, schedule a demo today and find out how Syxsense can help MSPs/MSSPs grow their service offerings and drive greater customer value.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cyber heists

Cyber Heists Continue to Grow, Financial Institutions Remain a Key Target

By Blog

Everyone loves a good heist movie, which is why Hollywood keeps bringing out new ones. The Ocean’s Eleven series, the Italian Job, Die Hard, the Fast, and the Furious series – the list goes on and on. Yet the story is largely the same – a group decides to steal the diamonds, the gold, the money, or what’s in the safe deposit boxes. They face adversity along the way yet eventually pull off the job.

In the modern era, such physically intensive heists are becoming less common. That’s because criminals can now target organizations via cyber-attacks without having to show their faces and easily cover their digital tracks to escape the consequences. While it may seem like cybercrime is only being perpetrated by the technically savvy, this is no longer true. In a study conducted in late 2022, Cybersecurity Ventures found that cybercrime is set to cost the world $8 trillion USD in 2023. For reference, if it were its own country, it’d be the third largest economy after the U.S. and China.

Another recent report from Contrast Security, Cyber Bank Heists, dove deeper into the cybersecurity threats facing the financial services sector. Some of the statistics worth noting included:

  • 60% of financial institutions have been victimized by malware attacks
  • 48% report an increase in wire transfer fraud
  • 50% have detected campaigns to steal non-public market information

With cyber fraud, phishing, ransomware attacks, account takeovers, and business email compromises (BEC) growing steadily in recent years, these numbers are likely to continue to rise.

Furthermore, cybercriminals are taking advantage of the fact that the business systems across banking and financial services are complex. They span on-premise, legacy systems, such as mainframes, to modern, cloud-native applications. Transactions often traverse a complex route from transactional systems to customer portals delivered from the cloud, other online systems, and back again. The range of devices and applications is vast, and this complexity increases the attack surface for financial organizations. Effective management and implementation of robust security controls to protect against damaging attacks can seem like a difficult, never-ending task.

Defending Against Cyber Heists

Identifying, managing, and securing an enterprise doesn’t have to be difficult, though. Financial services enterprises are already under watchful regulatory and compliance eyes, and most are spending significant funds on meeting these requirements. This is why being able to leverage the same tools for compliance, management, and security should be something IT and security teams look into.

Today, many IT and security teams tend to struggle to manage and integrate a hodgepodge of disparate tools as they seek to defend against infiltration attempts. With a unified security and endpoint management (USEM) solution, financial services enterprises can have real-time alerting, immediate device quarantining, patch management, vulnerability scanning, and automated remediation, along with real-time reporting to prove compliance.

With USEM, everything can be managed from one console: IT managers can set automated processes that ensure critical patches are deployed in a timely manner, without having to rely on end users, that attempted breaches are caught before they can do damage, that endpoints stay secure, and much more.

Find out how Syxsense helps financial institutions identify, manage, and secure their endpoints. Schedule a demo today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The Danger of Unknown, Unpatched, and Miscategorized Open-Source Vulnerabilities

By Blog

The profile of Common Vulnerabilities & Exposures (CVEs) has risen in recent years. Organizations now pay far more attention to them than they used to. Of course, there are still plenty of cases on record of companies getting hacked due to failing to patch a CVE from a year or more ago. There are endless examples of companies taking weeks and sometimes months to act once a high-priority CVE after it is issued.

Nevertheless, in the vast majority of cases, CVEs are given almost gospel-like status in organizations. Some build their security response programs largely around issued CVEs. For example, if a CVE has a rating of 7 or above in severity, companies tend to put it to the head of the queue, leaving lower priority patches to be deployed at a later date – or in many cases not at all.

There are numerous flaws in this mode of operation. Cybercriminals have grown wise to this tactic. Yes, hackers search carefully for endpoints and systems that have failed to deploy high priority patches to address CVEs – and they rub their hands in glee when they find yet another inattentive victim. But they also now mount multi-faceted attacks that take advantage of lower-priority flaws that they know are often ignored. Thus, they will launch a campaign simultaneously probing for higher priority and lower-priority CVEs that are unpatched. If only the lower ones are available, they can be used to gain a foothold into the enterprise from which they can exact further damage.

New Research Asserts Open-Source Threats Overrated

JFrog just announced another shortcoming in CVE-oriented security defense programs. Their researchers analyzed the top 10 most prevalent open-source software vulnerabilities in 2022. Their findings? The severity ratings of most CVEs for open-source systems were overrated.

Severity ratings within the National Vulnerability Database (NVD) follow this scoring rubric: Critical severity levels are graded between 9 and 10. High severity is 7 to 8.9. A Medium rating is between 4 and 6.9, and a Low rating goes up to 3.9. However, when JFrog researchers assessed the real-world impact of these vulnerabilities and applied contextual analysis to their evaluations, they found that many of the scores attributed to open-source bugs were overinflated. Since it takes roughly 246 days to remediate a security issue completely, they recommended that security teams only deploy resources on the vulnerabilities that actually matter.

According to the report, most of the open-source vulnerabilities evaluated were much harder to exploit than reported, and therefore were undeserving of a high NVD severity rating. The consequence of following the NVD system, therefore, can sometimes cause organizations to “waste valuable time and resources to mitigate a vulnerability that is extremely unlikely to have any real-world impact on their systems,” said the report.

Prioritizing Vulnerability Remediation Requires Context

At Syxsense, we found a very similar issue across our customer base. Many organizations focus on remediating and patching the most severe vulnerabilities, but often do not have the time to tackle the medium or low severity vulnerabilities. They were simply inundated with the most severe or highest profile CVE for the day. However, that did not mean that those vulnerabilities weren’t relevant. In recent years, we have seen many medium or low severity vulnerabilities being exploited to gain an initial foothold into an enterprise.

This is why we developed a risk and prioritization rating based on an organization’s attack surface with vulnerabilities and endpoint posture. The Syxscore leverages NIST and vendor severity assessments in relation to the health status of the endpoints in your environment. It’s a personalized evaluation of what devices are vulnerable and the criticality of updates to the overall protection of your network, giving you the ability to target endpoints that pose the most serious levels of risk.

While vulnerability severity scores can be helpful, it is simply another data point. What organizations really need is customized context, including the security posture of their endpoints and existing security controls that can reduce the risk of a vulnerability.

Patching is the Key to CVE Remediation Success

Beyond context, patching is a critical component to managing vulnerabilities. Oftentimes, critical vulnerabilities will have patches released quickly – sometimes the same day that the vulnerability is made public. In these cases, keeping up is the most difficult part.

That’s why automation, inventorying, and patch deployment can eliminate long delays in patching programs. If you can constantly prioritize vulnerabilities with context based on your environment, patch the most important ones quickly, and validate that those patches have been applied appropriately, you will reduce your organizational risk and attack surface.

If you want to learn more about automating your patching program, schedule a demo today.


Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
mary yang, cmo, syxsense

Syxsense Names Mary Yang as Chief Marketing Officer to Drive Continued Growth Across the Unified Security and Endpoint Management Space

By Press Release

NEWPORT BEACH, Calif. – February 28, 2023 Syxsense, a global leader in Unified Security and Endpoint Management (USEM) solutions, today announced the addition of Mary Yang as Chief Marketing Officer (CMO). Yang is an experienced marketing executive that most recently served as CMO at LookingGlass Cyber Solutions, a leader in threat intelligence, and before that, as a strategic advisor and portfolio manager at MITRE Corporation, the not-for-profit research and development organization responsible for creating MITRE ATT&CK® and STIX/TAXII cybersecurity standards. As CMO, she will oversee global marketing and communication efforts and report to Ashley Leonard, the Founder and CEO of Syxsense.

“Mary has been at the forefront of marketing communications across the cybersecurity space for nearly a decade. Her efforts helped turn LookingGlass into a threat intelligence powerhouse and her work at MITRE helped expand the National Cybersecurity Research and Development Center for the National Institute for Standards and Technology (NIST),” said Ashley Leonard, Founder and CEO at Syxsense. “As we look to grow market share and help organizations consolidate endpoint security and management, Mary will play a pivotal role in reshaping our brand, product marketing, demand generation, and more.”

Yang has over two decades of experience in marketing and cybersecurity leadership. She has overseen brand, communications, content development and marketing, analyst and public/media relations, demand generation, digital marketing, government affairs, go-to-market strategies, sales enablement, customer success strategies, and more. In her last role at LookingGlass, Yang drove more than $65M into the sales pipeline by revamping product marketing, deepening government and analyst relations, and focusing on thought leadership initiatives. 

At MITRE, she launched 16 new federal cybersecurity projects, developed and oversaw a multimillion-dollar government task order conducting cybersecurity market research, and stood up new critical infrastructure communities of interest for NIST at its applied cybersecurity lab. Under her leadership, the program boosted partner engagements from 25 to more than 225 partners and increased usage of NIST Special Publications 1800-series by more than 91%. 

“CISOs today are looking to simplify their security stack while striving to maintain foundational cybersecurity best practices. However, most organizations still use separate teams and tools to manage and secure endpoints. Not only does this complexity increase cost, but it also reduces overall visibility, increases risk, and makes it more difficult to identify vulnerabilities and remediate them quickly,” said Mary Yang, CMO at Syxsense. “I’m thrilled to be joining an innovative team that is rapidly expanding their market share, and I look forward to highlighting further the value of Syxsense’s unified security and endpoint management solutions as we continue to grow.” 


About Syxsense

Syxsense is a leading software vendor providing endpoint security and IT operations management solutions to Managed Service Providers (MSPs), enterprises, and government organizations. Its solutions provide real-time visibility and control over endpoint devices, networks, and cloud infrastructure, helping organizations to protect against cyber threats, improve IT operations, and reduce risk. Syxsense is the first Unified Security and Endpoint Management (USEM) platform that centralizes the three key elements of endpoint security management: security and patch vulnerability management, remediation, and compliance controlled by a powerful drag-and-drop workflow automation technology called Syxsense Cortex™. Syxsense is a single cloud-based platform supporting Windows, Linux, Mac, and mobile devices on-premises and in the cloud. For more information, visit

PR Contact
Raymond Fenton
Voxus PR

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
remote control

Windows 7 Users and 8 Users – Watch Out

By Blog

Windows users are notorious for holding onto aging operating systems and PCs many years after their sell-by date. A couple of years back, for example, an entire publishing and events office was discovered to still be running on Windows XP. No doubt there are XP machines sitting about in unsuspected places. Yet Microsoft ended support for that OS a decade ago. Since then, no security updates have been issued for it.

The same thing now applies to Windows 7 and 8. According to StatCounter, Windows 7 accounts for 11% of global Windows users as of September of 2022. Windows 8 has almost 4% market share and XP still manages half a percent. But even though the bulk of users have transitioned to Windows 10 (68% and are being heavily encouraged to make the switch to Windows 11 (currently only accounting for 17% of Windows users), that still leaves a large number running on obsolete, unsupported, and highly insecure OSes.

Windows, after all, rules the desktop and laptop space with three quarters of all installations. Microsoft estimates that 1.5 billion devices worldwide are running on Windows 10 or above. That means several hundred million users continue to run XP, Windows 7, and Windows 8 – and some of them could be lurking within your network or somewhere along your supply chain.

It becomes an urgent priority for organizations to find these users and upgrade them fast. Otherwise, they will no longer qualify for technical assistance and will get no more software updates. Crucial security updates for Windows 7 and 8 have officially ended. Any new exploits that can attack these systems will receive no patches from Microsoft.

Microsoft is asking Windows 7 users to skip 10 and move directly to Windows 11.

“PCs have changed substantially since Windows 7 was first released 10 years ago. Today’s computers are faster, more powerful, and sleeker – plus they come with Windows 11 already installed,” said an official announcement from Microsoft.

In most cases, a PC or laptop upgrade will be required – the new OS has much higher requirements for memory and processing power.

Anyone considering hedging their bets and moving to Windows 10 should know that its support will end in the fall of 2025. Why upgrade yet again in a couple of years and open yourself to yet another round of insecure devices to fix?

Those determined to stick with Windows 7 face an uphill task. Not only is Microsoft abandoning them, so, too, is the rest of the software ecosystem. Google, for example, is about to release a new version of Chrome, which will no longer me operable on Windows 7 or 8. That means no more updates for Chrome users on Windows 7 and 8 i.e., yet another gaping security hole impacting those users.

When Windows 7 supported began to disappear a in 2020, it attracted a great many cybercriminals. They began to look for the OS, knowing that they could penetrate it due to well-known and no longer patched security holes. The FBI issued a warning to private industry to get rid of it as quickly as possible. Many have yet to heed that advice.

Steps to Take Immediately

In light of these announcements, organizations are urged to take the following steps.

1. Conduct a detailed inventory of all operating systems running throughout the enterprise using Syxsense Enterprise.

2. Note all versions of XP, Windows 7 and 8 running, as well as older no longer supported Windows 10 instances (such as versions 1803, 1809, and 1909).

3. Work out a plan on how these machines are to be a) protected right now b) moved to Windows 11, and c) replaced with more modern PCs and laptops that qualify to run Windows 11.

4. Until the migration occurs, place all Windows 7 and 8 systems behind a dedicated firewall and protect them with intrusion prevention and anti-malware tools. Also, disable remote access to those systems unless sit is behind a VPN.

5. Survey your supply chain partners and even customers that have trusted access to your network. Verify that they have no users still on obsolete Windows OSes. Demand that only those on Windows 10 and 11 will be allowed access.

6. Use Syxsense Enterprise to conduct regular vulnerability scans throughout the network, and initiate remediation steps for vulnerabilities found.

7. Set up Syxsense Enterprise to automatically prioritize, deploy patches throughout the enterprise.

Syxsense centrally manages, and fully automates all inventorying, scanning, patching, and remediation. It reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices. It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It also frees up IT and security personnel to take care of other urgent areas of security for the enterprise.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Threat Detection and Response Remain Weak Points in Many Organizations

By Blog

A recent survey by Foundry Research highlighted the fact that little has changed in the cybersecurity world of late. Organizations remain deeply worried about their inability to spot threats, respond to them in a timely manner, and train staff to avoid being tricked by scammers.

Across public and private sector organizations, the biggest issues were found to be threat response/remediation (55% among public sector and 53% among private sector respondents), improving detection of emerging threats (49% and 47%, respectively), and improving user security awareness (46% and 50%). Further issues cited included securing the supply chain (37% in the private sector compared to 28% among public sector respondents) and enabling secure Work-From-Home (WFH) or remote work (31% compared to 22%).

These findings demonstrate that the basics of security remain areas of difficulty in many government and private organizations. A big part of the issue is that these organizations are overwhelmed by the volume of data they must deal with to maintain a tight security posture. They are inundated with alerts and must trawl through massive logs across multiple applications to try to spot what is going on. Accordingly, the survey revealed that public sector organizations, in particular, struggle to leverage data to detect and prevent threats (63% compared to 49% of private sector respondents) and mitigate cybersecurity events (66% versus 56%). More than half of all agencies and organizations believe that it is challenging to harness data to inform cybersecurity decisions, detect and prevent threats, and mitigate events.

What underlies these challenges? Skills gaps (40% among both public and private sector respondents), lack of resources (31% public sector, 35% private), data integration (28% and 33%), and lack of visibility into the threat landscape (32% and 29%) were cited in the report. These issues inhibit their ability to act on data and resolve security events.

Budget, too, is a major obstacle when it comes to addressing cybersecurity priorities, according to three quarters of organizations surveyed. 48% of public sector respondents reported budgeting as an obstacle to a great extent and another 31% to some extent. In the private sector, 35% say budget impacts them to a great extent (35%) or to some extent (40%). More than one-third said their cybersecurity budgets were too low to address priorities and mandates (44% of public sector, 35% of private sector).

Getting Help with Cybersecurity

These results indicate that organizations need all the help they can get when it comes to cybersecurity. They are having trouble managing the many in-house security tools they have at their disposal, don’t have enough trained personnel to understand their risk posture and respond effectively to threats, and lack adequate budgets to resolve their ongoing security problems. The solution to these woes is to import as much help as possible via SaaS applications for cybersecurity. These can either be delivered directly from the vendor or via an MSP.

Syxsense Enterprise is a SaaS platform that automates the entire process of managing, monitoring, patching, scanning and remediating endpoints anywhere. It provides the necessary level of automation to make it feasible for IT to manage a vast number of endpoints, and soon, an even larger number of IoT devices and sensors. It automates all aspects of endpoint management and security. It is the only way to stay on top of patches, vulnerabilities, and endpoint security.

Alternatively, Syxsense Enterprise can be white labelled and offered to MSPs as a new service for their clientele. The Syxsense Managed Service provider program is designed for MSPs and MSSPs looking to provide a higher level of management services to their customers. It consolidates multiple solutions together into a single offering that includes IT Management, Patch Management, Security Vulnerability Remediation, and a robust policy based Zero Trust product.

Syxsense combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices. Its unified security and endpoint management platform centralizes the three key elements of endpoint security management (vulnerabilities, patch, and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex™ through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo