My TechDecisions was at RSA Conference 2022 last month, and we learned that the cybersecurity market is becoming crowded with solution providers and tools that can do many different things, including vulnerability scanning, endpoint management, patching and other critical security functions. That typically means organizations must use several different solutions to do very specific tasks to keep their endpoints up to date and secure.
However, software provider Syxsense provides a unified endpoint security and management platform that can both identify and remediate vulnerabilities. The company in May launched Syxsense Enterprise, which combines three company products—Secure, Manage, Mobile Device Manager—into a unified platform that scans and manages all endpoints and resolves problems quickly.
Below is our conversation with CEO Ashley Leonard on the trade show floor of RSA Conference on everything from the company’s strategy to what it sees as the biggest cyber threats facing organizations today.
How does a combined IT management and security platform make the job of IT and security professionals easier?
Leonard: Our background started with IT management— the company was founded in 2012, as a cloud-native IT management platform. But what we noticed was that a lot of our customers started asking us, “Could we integrate with Tenable, Rapid7 or some of the security vulnerability vendors out there?” Because the data coming from those tools was pretty unintelligible for them. I’m not sure if you’ve ever seen a report from Tenable or Rapid7, but they are complex. And as we spent more time looking at it, what we noticed was that those tools do a phenomenally good job of telling you you’ve got a problem, but don’t actually help you fix the problem. We have the management engine, and some really cool workflow orchestration technology called Syxsense Cortex, that would enable our customers to remediate not just patch vulnerabilities, but security vulnerabilities
So, what we ended up doing was building out our own security vulnerability scanning technology that scans your endpoints looking for not just patch vulnerabilities, but security configuration vulnerabilities as well. And then leverage our workflow and orchestration capabilities to automatically remediate those. So it not only tells you that you have a problem, but it can actually fix the problem for you, and then report and show that you’re back in compliance again.
How does this help organizations be more efficient, especially as cybersecurity professionals are hard to find?
Leonard: We automate the ability to remediate security vulnerabilities. We’ve also automated regular administration functions as well to simplify that. So, let’s say that you needed to turn on BitLocker and encrypt all of your inputs, well, we have that prebuilt in the technology to be able to do that for you. But if you want to build your own custom workflows, you can also very simply do that with our own Cortex technology that allows you to drag and drop functions, and then deploy them to your endpoints. A good example might be, you might want to scan your endpoints looking for the security vulnerability. So, you literally drag and drop over and run a security scan. If the scan detects the vulnerability, what do you want to do? Deploy the workflow to fix it, if it doesn’t find it, great exit, maybe report that this device is not vulnerable. Then maybe drag and drop or reboot if you need to do that. So, you can literally drag and drop and build very complex workflows with a very simple interface that pretty much any IT administrator can utilize.
How is the current cybersecurity climate impacting Syxsense’s business model?
Leonard: Well, obviously ransomware is a big issue. We’re finding that a lot of our customers are looking at ways that they can understand their attack surface, and then be able to reduce that attack surface. And that’s really where we’ve really been able to help. Because we have very powerful discovery capabilities that allow you to identify your desktops, notebooks, servers, mobile devices, Windows, Mac, Linux, iOS, Android, and even IoT devices that are connected to your networks. Then obviously, you’re able to capture detail, asset information about that, and hardware and software and track them over time and see how they’re changing.
How do you think the next few years will play out as we become more mature with distributed work and get a firmer grasp on some of these security issues?
Leonard: It’s a constantly changing world for sure. We were very well placed to handle that transition because we’re cloud native. So as people went home, it didn’t matter to us where, and we were able to keep their environment secure. We certainly had some customers come to us that had other legacy management tools, and they have huge issues.
Those devices went home and employees were connecting on the VPN, and then it was trying to send down Windows updates and future updates to the devices and it was just causing the whole VPN to crash. Because we are fully cloud native, it’s actually being very good for our business. We’re very focused on helping our customers understand their attack surface and looking at ways that we can help them minimize that. It’s surprising that a lot of people today really don’t understand what their full IT environment looks like. There are obviously PCs, desktops, mobile devices, but you’ve also got people signing up for Dropbox and various other cloud services that IT doesn’t have visibility into. We’re helping uncover all of a company’s IT exposure, and then through our processes and workflows, allowing them to minimize the attack surface as much as possible, keep the devices fully patched and secure from vulnerabilities.
We’re also doing a lot of work around zero trust as well, which is pretty hot right now. But we’re utilizing our knowledge of the security posture of an endpoint to be able to make decisions about whether a device can access a trusted resource. Think about it, it’s an evolution of two-factor authentication. You probably log into your email, and on your phone, you have to say, ”Yes, it’s me.” That’s saying you’re trusted. But what about the device you’re accessing that resource from? Is that trusted? Is it fully patched? Is it secure? Does it have an AV tool on it? Is that updated? Are you in a trusted location? So we have all that knowledge about an endpoint, and we can use that to be able to tell the systems whether the device is trusted or not. We’re working around creating this concept of a trust evaluation engine to be able to inform two factor authentication tools or IT systems that the device someone is using is also trusted, not just the user.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply