As threats grow and attack surfaces become more complex, enterprises continue to struggle with the multitude of tools they use to handle endpoint security and management. This can create gaps in an enterprise’s ability to identify devices accessing its network and ensure that those devices comply with security policies. These gaps are common in old spreadsheets used to track and manage asset inventories, configurations, vulnerabilities, and more. Ultimately, this increases organizational risk and reduces efficiency and productivity.
That’s why integrated security and endpoint management are in favor, as pointed out in Gartner’s 2022 Endpoint Security Hype Cycle. As part of the market need for a clearer, real-time view of devices and security posture, Syxsense launched its enterprise platform. It was held last year to address his three key elements of endpoint management and security: vulnerabilities, patches, and compliance. According to Syxsense, unified security and endpoint management (USEM) is the answer to helping teams control the widespread use of personal devices and the increasing mobility of company-owned devices on the network.
With that in mind, we developed support for mobile devices in addition to traditional devices such as desktops and laptops. It is based on a Zero Trust framework for user- and device-based access to easy-to-use resources. It enables teams to handle endpoint management and security operations from a single platform.
We recently took a closer look at the Syxsense Enterprise platform.
First
The Syxsense Platform: Things to know before you dive in:
- A 14-day free trial is available, allowing trial users to access Syxsense Enterprise and test features like Zero Trust and MDM on their own devices.
- Cortex Automation Engine: While many other solutions offer ways to detect vulnerabilities, Syxsense Enterprise provides automatic remediation of those vulnerabilities. Automation is done through a drag-and-drop interface that requires no coding and supports task and workflow sequencing and policy implementation. Many common workflows are already built and run on your device without you having to set up automation yourself.
To facilitate this product review, the team at Syxsense provided access to the latest version of the platform. Here’s what we found:
getting started
The Syxsense platform gives security teams visibility into their environment and the ability to detect endpoints communicating over the network. Let’s say I’m a system administrator interested in trying out the service. This is the screen you see for the first time. The corner shows where you can easily add devices so you know where to start. You can also check the dashboard where information about the added devices is displayed.
When you try to add a device, you’ll see the supported device types and downloadable agents for each type. It also shows a Discovery Agent where you can find and add multiple devices that have an agent already downloaded.
You can test what the platform has to offer with the device you just added to your inventory.
on the left panel[デバイス]The button shows all devices that have already been added to your inventory.
What caught my attention is the small circle next to the device name. The green, orange, or red color of the circle indicates the current health of the device based on patch status and active vulnerabilities, so you can see the health of your device at a glance.
[クエリ]By right-clicking you can now access the query designer and filter devices by various attributes of your choice.
As an example, we queried all devices running Windows OS. When you run a query, you can run tasks on the devices returned from the selected devices.
The Syxsense Enterprise platform provides access to various types of tasks such as security scans, patch deployment, software deployment, and security remediation. I decided to run a patch deployment to see what would happen.
As you can see, the console displays 6 steps outlining the patch deployment task to be performed. First, identify the list of devices for the task. Created a new query for devices with critical patches.
After selecting a query, Syxsense presented a series of options for managing content deployed to target devices.
Patches can be deployed immediately. Alternatively, if you don’t want to run the task now, the platform will give you the option to schedule the deployment. You can select a calendar to expand at a specified time, or repeat tasks according to your schedule.
After running a patch deployment task, it was easy to see which devices were missed. You can then choose to rerun the task on new devices or devices that were unavailable during the deployment period.
The next thing we looked at was the Cortex workflow.
You can create sequences of different security actions that are automatically executed based on the target device’s status. Added multiple paths for automation to follow based on the success or failure of each action.
Usage is simple. I didn’t have to write any code. The platform is designed to be customized at build time by simply dragging and dropping actions into the builder. There are also quite a few server maintenance workflows already built on the platform of your choice, ready to run.
I chose the Zero Trust Trusted – Security workflow and named it “Security Posture”.
After configuring the workflow, you can choose the devices and frequency to run the workflow.
My job was to test the system, so I wanted to see how well the platform handled reporting of the different actions I took. The Syxsense platform allows you to deploy tasks and run reports.
This platform offers many options for reporting. There are also reports on HIPAA, PCI, and SOX compliance.
I decided to run the “HIPAA Operating System and Application Vulnerability Scan” report.
It gives a lot of information and has an overview section that shows the patch compliance percentage and a graph of compliance by severity and a graph of compliance by CVSS. This is an interesting report with a detailed overview of environmental compliance, with great visualizations already built in.
Conclusion
Syxsense Enterprise is a robust endpoint management and security platform with many features that make day-to-day IT and security operations easier. Many businesses rely on multiple tools to handle vulnerability scanning, patch management, configuration management, mobile devices, and remediation, but Syxsense brings them all together in one solution. It’s easy to see how a single solution like Syxsense can reduce costs and risks while increasing efficiency.
If you want to see more, you can sign up for a Syxsense demo here.
