Skip to main content


patch management

Patch Management Solutions: What Matters in a Vendor

By Blog, Patch Management

Far too many successful cyberattacks have involved known vulnerabilities that were allowed to go unaddressed.

While it’s clear that no organization can afford to approach patch management haphazardly, the reality is few IT teams have the time or resources to do anything other than pick and choose which urgent tasks will receive their attention. To avoid this conundrum, savvy organizations will look to the various commercially available patch management solutions to help their IT departments take a more comprehensive approach to this highly critical mission.

What are the Hard & Soft Metrics?

It’s important to understand that not all patch management tools are created equal. Careful consideration is essential to ensure that a particular vendor and its solutions will meet an organization’s needs amid a backdrop of ever-evolving cyber threats.

Evaluation should initially focus on the “hard metrics” to determine how a prospective vendor’s core product features stack up against an organization’s key technical criteria. Designating specific criteria – patch coverage, support for third-party patches, ease of deployment, etc. – as “table stakes” will allow an IT team to quickly and easily identify solutions that align with their needs and eliminate other vendors from as the evaluation process progresses.

From there, IT leaders and operations teams can move to reviewing solutions for “soft metrics.”

These include patch coverage and other attributes crucial to comprehensive patch management, as well as the “decision trigger” features that have the potential to impact an organization significantly. For example, many IT teams would find the ability to run patch management from the cloud to be a considerable advantage, especially when devices are dispersed beyond their organization’s network, as is common in today’s remote and hybrid work environments.

What are the Solution’s Reporting Capabilities?

The importance of reporting can’t be overstated when evaluating potential patch management solutions. When reporting is optimal, IT staff will spend far less time compiling documentation for their organization’s Board and other key decision-makers.

Merely reporting a complex list of vulnerabilities can make a report almost unintelligible. The best patch management solutions allow organizations to draw actionable insights from their reporting to drive valuable security improvements. In most cases, unified solutions will enable better reporting. This is especially true when an organization’s coverage needs extend beyond assets that patching would traditionally cover, such as hardware devices on the IOT side

Bottom line: If a choice must be made between key product features and reporting capabilities, organizations will be better served by sacrificing some technical criteria for the sake of optimal reporting.

Where is a Vendor Directing Future Investments?

It’s essential to know if a vendor is investing for the future (they all are), but also whether or not they’re investing in the direction of where market demand is headed and at a pace that will keep up with that demand.

Firmware patch management, for example, is quickly becoming a critical problem within the IOT space, as doing so within its interface and with its reporting simply isn’t scalable because it’s poised to become an essential feature for many – if not most – organizations moving forward, a prospective vendor should already be directing investment toward that area.

It’s also essential to determine whether or not a vendor is striking a good balance between maturing their existing patch management platform and introducing new features, as those that are will be better able to reduce some of the disruptions that can accompany future innovation.

What About Automation and AI?

More than a buzzword, automation has become a significant driver of conversations surrounding patch management. With IT staff constantly being asked to do more with less, organizations are prioritizing anything that will alleviate the load and increase satisfaction in their day-to-day work. By this point and in this environment, every vendor should be focusing on developing automation capabilities that will allow IT teams to spend less time setting up patch deployment and management.

While AI is not currently impacting the patch management space, it is poised to do so in the very near future. Current AI isn’t 100% accurate but does exceptionally well when solving incredibly complex issues where accuracy isn’t important. If it can help move the needle in terms of prioritizing tasks, identifying change, and automating tuning of the dial, patch management would be an ideal space for utilizing AI

Take Away

Patch management should never be left to chance.

By taking the time to identify the right patch management tool and vendor for their needs, organizations will be much better positioned to ward off cyberattacks and ensure business continuity even in the face of ever-evolving security threats.

For more insight on choosing a patch management solution, check out this webinar with GigaOm CTO and research analyst, Howard Holton: Analysts Insights: Gigaom Radar for Patch Management.


How Deadly is Ransomware?

By Patch Management

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo