As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise’s ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that are used to track and manage asset inventory, configurations, vulnerabilities, and more. Ultimately, this increases organizational risk while stifling efficiency and productivity.
That’s why unified security and endpoint management has gained ground, as noted in Gartner’s Hype Cycle for Endpoint Security, 2022. As part of the market’s need to gain a clearer, real-time picture of their devices and security posture, Syxsense launched its Enterprise platform last year to address the three key elements of endpoint management and security: vulnerabilities, patch, and compliance. According to Syxsense, unified security and endpoint management (USEM) is the answer to enabling teams to gain control over the widespread use of personal devices and the increasing mobility of company-owned devices on the network.
With that in mind, they developed support of mobile devices in addition to traditional devices like desktops and laptops, based on a Zero Trust framework for user and device-based access to resources that’s easy to use. This gives teams the ability handle endpoint management and security operations from a single platform.
We recently took a closer look at the Syxsense Enterprise platform.
First things first
Syxsense’s platform: What you need to know before diving in:
- A 14-day free trial is available and trial users have access to Syxsense Enterprise, with features like Zero Trust and MDM available that you can test with your own devices.
- Cortex automation engine: While many other solutions offer methods for detecting vulnerabilities, Syxsense Enterprise offers automatic remediation of those vulnerabilities. The automation is through a drag and drop interface that doesn’t require any coding and supports task and workflow sequencing and policy implementation. A number of common workflows have already been built out and you can run them on your devices without having to set up the automation on your own.
To facilitate this product review, the team at Syxsense gave us access to the latest version of their platform. Here’s what we found:
Getting Started
Using the Syxsense platform, security teams can gain visibility into their environment and discover the endpoints communicating over the network. Let’s say I’m a system administrator interested in trying the service. This is the first screen I see. In the corner it shows where I can easily Add Devices so I know where to start and I can see the dashboards where information on the devices I add will display.
When I go to add a device, it shows me the supported device types and the downloadable agent for each type. I also see the Discovery Agent where I can find and add multiple devices that have the agent downloaded already.
Using the devices I just added to my inventory, I can test what the platform can offer.
The ‘Devices’ button on the left side panel shows you all the devices that have already been added to your inventory.
What caught my attention was the little circle next to the device name. The green, orange, or red color of the circle indicates the current health of the device based on patch status and active vulnerabilities so you can see the health of your devices at a glance.
By right clicking “Queries”, you can now access the Query Designer and filter your devices with different attributes you select.
For a sample, I ran a query for all devices running Windows OS. After you run the query, you can perform tasks on the devices returned from your selection.
In the Syxsense Enterprise platform, you have access to tons of different types of tasks, including: Security Scan, Patch Deploy, Software Deploy or Security Remediation. I decided to run a patch deployment to see what would happen.
As you can see, the console shows you six steps to outline the patch deployment task I want to perform, starting with identifying the list of devices the task will target. I created a new query for devices with critical patches.
After I selected my query, Syxsense showed me a set of options for managing the content deployed to the targeted devices.
I can immediately deploy my patch or, if I don’t want to run the task right now, the platform gives me options for scheduling my deployment. I can deploy at a specified time with a calendar selection or make the task reoccur on a schedule.
After I ran the patch deployment task, it was easy to see which devices were missed. I can then choose to rerun the task on new devices or devices that were unavailable during the deployment window.
What caught my attention next is the Cortex workflows.
You can build sequences of different security actions that run automatically based on the status of targeted devices. I added multiple paths for the automation to follow based on the success or failure of each action.
It’s simple to use. I didn’t need to write any code, the platform is designed so you can just drag and drop actions into the builder and customize them as you build. There’s also quite a few server maintenance workflows already built on the platform that I can just select and run right away.
I selected the Zero Trust Trusted – Security workflow and named it “Security Posture”.
Once I have configured the workflow, I can choose the devices I want to run it on and how often.
My task was to test the system, so I wanted to see how well the platform handles reporting on the different actions I’ve performed. In the Syxsense platform, you can deploy a task to run a report.
The platform offers a lot of options for reports. There’s even reports for HIPAA, PCI and SOX compliance.
I decide to run the “HIPAA Operating System and Application Vulnerability Scan” report.
It gives me a lot of information and there’s a summary section that shows me the percentage of patch compliance and graphs for compliance by severity and compliance by CVSS. This is an interesting report with a detailed overview of your environmental compliance, with great visualizations already built in.
Conclusion
Syxsense Enterprise is a solid endpoint management and security platform with many features to make day-to-day IT and security operations easier. Many companies rely on multiple tools to handle vulnerability scanning, patch management, configuration management, mobile devices, and remediation, but Syxsense combines it all in one solution. It’s easy to see where a single solution like Syxsense could reduce costs and risk while improving efficiency.
If you’d like to see more, you can sign up for a demo of Syxsense here.
