How combined IT and security management solutions can help detect and remediate vulnerabilities


My technical decisions was at the RSA 2022 conference last month, and we learned that the cybersecurity market is increasingly crowded with solution providers and tools that can do a lot of different things, including vulnerability scanning, endpoint management, patching and other critical security functions. This typically means that organizations need to use several different solutions to perform very specific tasks to keep their endpoints up to date and secure.

However, the software provider Syxsens provides a unified endpoint management and security platform that can both identify and remediate vulnerabilities. The company launched Syxsense Enterprise in May, which combines three of the company’s products (Secure, Manage, Mobile Device Manager) into a unified platform that scans and manages all endpoints and resolves issues quickly.

Below is our conversation with CEO Ashley Leonard on the RSA Conference show on everything from business strategy to what she sees as the biggest cyber threats facing organizations today.

How does a combined IT and security management platform make the work of IT and security professionals easier?

Leonardo: Our experience started with IT management – the company was founded in 2012, as a cloud-native IT management platform. But what we noticed was that a lot of our customers started asking us, “Could we integrate with Tenable, Rapid7, or some of the security vulnerability vendors?” Because the data coming from these tools was quite unintelligible to them. I don’t know if you’ve ever seen a report from Tenable or Rapid7, but they are complex. And as we spent more time reviewing it, we noticed that these tools do a phenomenal job of telling you that you have a problem, but don’t actually help you fix the problem. We have the management engine and a really cool workflow orchestration technology called Syxsense Cortex that would allow our customers to fix not only patch vulnerabilities but also security vulnerabilities.

So what we ended up doing was developing our own security vulnerability scanning technology that scans your endpoints for not just patch vulnerabilities, but also security configuration vulnerabilities. Then leverage our workflow and orchestration capabilities to fix it automatically. So not only does it let you know you have a problem, but it can actually fix the problem for you and then report and show you’re back in compliance.

How does this help organizations be more efficient, especially as cybersecurity professionals are hard to find?

Leonardo: We automate the ability to fix security vulnerabilities. We have also automated regular administration functions to simplify this. So let’s say you were to enable BitLocker and encrypt all of your inputs, well, we have that technology pre-built to be able to do that for you. But if you want to create your own custom workflows, you can also do so very easily with our own Cortex technology that allows you to drag and drop functions and then deploy them to your endpoints. A good example might be that you want to scan your endpoints for the security vulnerability. So you literally drag and drop and run a security scan. If the scan finds the vulnerability, what do you want to do? Deploy the workflow to fix it, if it doesn’t find it, good output, maybe report this device is not vulnerable. Then drag and drop or reboot if you need. So you can literally drag and drop and create very complex workflows with a very simple interface that almost any IT admin can use.

How is the current cybersecurity climate impacting Syxsense’s business model?

Leonardo: Well, ransomware is obviously a big deal. We find that many of our customers are looking for ways to understand their attack surface and then be able to reduce that attack surface. And that’s really where we were really able to help. Because we have very powerful discovery capabilities that allow you to identify your desktops, laptops, servers, mobile devices, Windows, Mac, Linux, iOS, Android and even IoT devices that are connected to your networks. Then, obviously, you’re able to capture details, asset information about it, and hardware and software, track it over time, and see how it changes.

How do you think the next few years will unfold as we become more mature with distributed working and better understand some of these security issues?

Leonardo: It’s an ever-changing world, that’s for sure. We were very well positioned to manage this transition as we are cloud native. So when people came home, it didn’t matter where, and we could keep their environment safe. We’ve certainly had customers who had other legacy management tools, and they’re having huge issues.

These devices went home and the employees were connecting over the VPN and then it was trying to send Windows updates and future device updates and it just crashed the whole VPN. Because we’re completely cloud native, it’s actually very good for our business. We strive to help our customers understand their attack surface and look for ways to help them minimize it. It’s surprising that many people today really don’t understand what their complete IT environment looks like. There are obviously PCs, desktops, mobile devices, but you also have people signing up for Dropbox and various other cloud services that IT has no visibility into. We help uncover a company’s entire IT exposure, then through our processes and workflows, enabling them to minimize the attack surface as much as possible, keeping devices fully patched and safe from vulnerabilities .

We’re also working a lot around zero trust, which is pretty hot right now. But we use our knowledge of an endpoint’s security posture to be able to decide whether a device can access a trusted resource. Think about it, it’s an evolution of two-factor authentication. You probably log into your email and on your phone you have to say “Yes, that’s me”. It means that we trust you. But what about the device from which you are accessing this resource? Is it reliable? Is it fully patched? Is it secure? Is there an AV tool on it? Is it updated? Are you in a place of trust? So we have all this knowledge on an endpoint, and we can use it to be able to tell systems whether the device is reliable or not. We’re working around creating this concept of a trust rating engine to be able to tell two-factor authentication tools or IT systems that the device someone’s using is also trustworthy, not only the user.


About Author

Comments are closed.