A major problem the organization had with their cyber security infrastructure was that they had extremely limited visibility into the subnets that contained their most critical data. If these subnets were breached, the team would have significant difficulties detecting the threat inside. Another challenge the organization was facing was the number of alerts that were generated by their other security devices. The alerts generated were not only high in volume, but many times were false positives or unsubstantiated. The impact that the alerts had on the team was that they were unable to conduct the research necessary on these alerts to decipher between substantiated alerts and false positives. Therefore, they could not be confident that if they escalated an alert it would not be a false positive and a waste of resources to investigate. A situation such as this is extremely problematic for any infosec team because it forces them to choose between wasting resources investigating false positives or hoping that their incident response tools will be good enough to remediate an advanced threat that had penetrated their system. Facing this choice, the team was not confident in their security controls to protect their critical intellectual property.

The infosec team saw the ever-changing landscape of threats as the biggest challenge that faced their organization. The threats were everywhere. And with a gap in their ability to detect new strains of attacks, the organization needed a device that was able to catch zero-day and signatureless threats. Additionally, the team found devices that generated a lot of alarms and whistles to be very distracting because of the rate of false positives that were produced – so much so that they were determined to find a solution that generated zero false positives. They didn’t need more alerts, they needed quality alerts.

The organization had been infiltrated by a Chinese hacker group using a man-in-the-middle attack that was able to successfully bypass their prevention systems and exfiltrate critical data. The security organization was instructed to improve their detection capabilities and get more reliable insight into threats that may be using tactics to steal credentials or use social engineering to penetrate the network. They needed a solution that would be able to detect subtle, in-network attacks as well as phishing and advanced threat protection. The biggest challenge this organization was facing was manpower. In addition to the numerous alerts generated by their prevention and other security devices, the infosec team was receiving 45-50 suspicious emails a day. The team was so severely burdened that they were rarely able to go through the backlog and investigate all of the potential threats that they were alerted to.

The acquired organization had basic security but little visibility into any threats that have made their way inside the network. Because of the lack of visibility, the infosec teams lacked confidence that these networks weren’t already compromised in some way. A compromised affiliate network posed a risk to not only that subsidiary, but to the broader enterprise as well. Any in-network malware could potentially spread to the larger organization, and create significant risk to customer confidence, revenue, and their brand reputation. The team needed a reliable way to know if the network was compromised, as well as visibility into the acquired organization’s overall health and risk associated with its end-points. Beyond gaining this initial visibility, they needed a reliable way to detect any new threats inside the network that could occur in the future.

In early 2016, a regional healthcare provider experienced a cyberattack that had the characteristics of Qakbot, an extremely aggressive form of malware popular in 2011. While Qakbot had appeared to be eradicated, it recently resurfaced with new strains and unknown signatures. Known for its polymorphic behavior, Qakbot spreads quickly through a network to steal critical data from its target. The attack started on a few endpoint machines and while the organization’s traditional security measures were able to detect anomalies the information security team could not action the alerts as they were not specific enough. As more alerts surfaced, they became suspicious and deployed cybersecurity devices to gain additional visibility to the legacy domain in their network. Once these devices were in operation, they raised a large number of high-level alerts, revealing a full Qakbot attack that was rapidly spreading through their network. With several new machines becoming infected every few minutes, the team knew they needed to immediately execute an incident response plan, but needed information to remediate. They needed to know where the malware came from, how it was moving laterally through their network, what credentials the malware had compromised, and much more.

The organization was mainly concerned about security threats to their SCADA network. In particular, the infosec team was most concerned about an attack that could work to shut down and lock their ICS systems – putting people in danger and potentially causing serious bodily harm. They did not have the resources (headcount, budget, infrastructure) to deploy and maintain a wide array of prevention tools to protect their network from outside threats. Additionally, ICS devices are not always easily patched or enabled to run antivirus solutions. They needed to know exactly where the weaknesses in their network were so that they could focus their resources on fixing the specific areas that needed attention. Furthermore, the infosec team knew that there were multiple misconfigurations in their network, but had little idea as to where those misconfigurations were or what needed to be done to fix them.

DTX offers security monitoring and vulnerability management services to their customers, where they help these organizations discover what systems are vulnerable to potential breach or attack. With the massive shift to remote work and the growing complexity of their customers’ IT infrastructure, many of their customers are unable to stay up to date and in control of the IT requirements necessary to tackle a significant increase in disclosed vulnerabilities. While DTX also provides some patching support, they were limited to patching only Microsoft Windows systems. They were looking to offer additional support for macOS, Linux, and third-party applications without the traditional increase of complexity.

We manage a base of approximately 700 users consisting of mostly students and about one hundred faculty and staff. We’re a mixed Mac and Windows environment of about 160 machines. An added challenge is that our faculty works all over the world so it’s very important that we’re able to manage machines remotely. The legal education industry relies on an increasing variety of third party software-as-a-service (SaaS) platforms, which means we need to be able to patch both local and cloud-based applications. For years we didn’t have any sort of central patching. We just relied on endpoint devices to pick up updates for Windows OS and software such as Adobe and MS Office. We evaluated SCCM but it was costing the university $30 per endpoint and that cost became painfully prohibitive when passed on to each department. That solution also didn’t enable us to keep third party software patched or allow us to patch offline or off-premise computers, which left our campus infrastructure vulnerable. The unique security challenge in higher education is the tension between being open, allowing academic freedom, and making sure that faculty and students are free to pursue their research and exploration of knowledge, while still keeping them secure. Having a really strong and effective patching system is critical to being secure while preserving the principle of academic freedom.

The City of Edinburg faced significant challenges in managing a hybrid IT environment that included Mac, Linux, and Windows operating systems. The existing solutions, such as WSUS, left gaps in their Linux and Mac environments, making parts of their IT landscape vulnerable. Additionally, the city struggled with maintaining cyber hygiene and security, relying on outdated, on-prem legacy tools to support remote devices. The need for a comprehensive solution to patch and secure all operating systems became critical, especially with employees working remotely and the increased reliance on off-site devices.

AC Transit faced significant challenges in updating software across its expansive network, particularly with legacy applications. The organization also dealt with interdivisional silos, which created inefficiencies and inconsistencies in system patching. The onset of remote work in 2020 further highlighted the need for a more effective and centralized patching solution. AC Transit needed a way to ensure that all systems were patched correctly and that their patching efforts were effective, especially given the diverse geographical locations of their divisions and departments.

Our current infrastructure is predominantly Windows and Linux servers (both physical and virtual), laptops and workstations, with an overall endpoint count around 260. We were using WSUS but became frustrated with the complexity, unreliability, and the lack of confidence that our endpoints were being patched and protected. We were looking for a solution that was easier, gave us the ability to remediate vulnerabilities for remote devices, and allowed us more control and flexibility over custom software policies. Our patching process included regular endpoint updates where we’d gather in a conference room, open up WSUS, reject updates that might disrupt workflow or coding, and push the remaining ones through. Because the update process was so manual, we did endpoint updates on a weekly or quarterly basis. This meant we were pushing hundreds of updates and the volume was too much for our patching solution to handle.

Patching and endpoint hardening has become more urgent as new vulnerabilities in commonly used software are announced almost daily. With the shift to a more distributed workforce in the past year, the urgency to keep these remote systems protected is more apparent. Attackers are quick to take advantage of remote devices that now sit outside of the protected corporate perimeter. According to leading industry data, adversaries are weaponizing new critical vulnerabilities in seven days on average. And zero-day vulnerabilities are already weaponized at the moment of disclosure. The easiest way to remediate these vulnerabilities is through patching, so having a solution that can easily identify which machines need the latest patches and then be able to quickly remediate them is essential to protect Ihloom clients. Ihloom customers typically struggle with the ability to keep up with cybersecurity alongside the day-to-day challenges of keeping their systems running. Most customers are overwhelmed and don’t have sufficient information or the skilled staff to process security alerts as needed. These customers are also struggling with misconceptions about the security of their corporate endpoints, where many of their employees may think, “My computer updates (patches) automatically,” or, “Macs don’t have security issues.”

When Catherine Cahill started as Director of Technology and Innovation at Lyncourt School District, she entered an IT environment with little to no data around its existing systems. In a district considered data-rich but resource-poor, Cahill knew she needed to prioritize projects to secure and enhance the IT and learning environment at Lyncourt School District. The first thing on her to-do list was securing her IT environment and remediating vulnerabilities. Before finding Automox, Lyncourt School District was struggling with visibility into their environments. When it came to what servers and workstations were patched, updated, or vulnerable, things were mysterious at best. Additionally, a construction project at the school meant the IT team was physically unable to access their server room. But they still needed to find a way to make sure updates were running on Lyncourt’s endpoints.

Before Automox, FNBA used both Ivanti and PDQ to manage its patching and software updates but was experiencing difficulties with accurate patch reporting and completing patch updates. The use of legacy patch management systems sometimes left FNBA with false results, leading to potential vulnerabilities and forcing the team to check that each patch went through, manually. Pushing through certain patches also resulted in other system malfunctions. Previous patch management systems seemed mismatched, hard to use, and tough to configure. FNBA had trouble taking action because of poorly integrated features that would result in breaking other necessary pieces of their environment.

Before using Automox, Union School District (Union) used Mosyle for patch management, but frequently encountered problems. Updates wouldn’t always run, and the lack of visibility made it feel like a gamble when pushing out patches. To complicate matters, Mosyle specialized in patching Apple devices, but Union uses devices across both Mac and Windows and needed coverage for both. It was important for the district to implement a product to support students who might need to use a Windows laptop, especially those with special needs who participate in individualized education programs. Patches would run inconsistently, leaving vulnerabilities in Union's environment. Union's previous patch management solution favored macOS over other operating systems.

Customers are increasingly moving to IT estates with servers located in the cloud and on-premises. Additionally, user endpoints are more distributed and are connecting to corporate systems from anywhere. How to manage these hybrid corporate IT infrastructures has become increasingly complex, and zero trust security architectures demand different management approaches to function effectively. As corporate systems expand outside of the organizational perimeter, organizations can no longer rely on the corporate network to protect corporate systems. Patching and endpoint hardening must be treated with a sense of urgency, considering that a large portion of known malware is exploiting vulnerabilities that have been in the wild for a prolonged period. Timely patching is becoming more important to chief information security officers to better protect their expanding network infrastructure.

The biggest challenge that Priority One solves for its customers is keeping their systems available 24/7 and secure. The smaller companies it supports need the enterprise-grade system uptime, but have less budget to do that — which is why they rely on Priority One services to support their IT needs. Priority One realizes that patching operating systems and applications needs to be done continually to be sure that these programs continue to work together. For example, certain applications will stop working if they are not on the latest versions and subsequently, you may not be able to upgrade the apps without being on the latest build. More significantly, known vulnerabilities in apps or operating systems provide plenty of opportunity for adversaries to exploit them. According to leading industry data, adversaries are weaponizing new critical vulnerabilities in seven days on average. And zero-day vulnerabilities are already weaponized at the moment of disclosure. Companies that hold off patching increase their odds of a possible breach. Given that security has become more urgent, the need for rapid patching has never been greater.

InsideTrack faced significant challenges in maintaining consistent patching of operating systems and software across a diverse and increasingly remote workforce. The company’s infrastructure included a mix of Windows, Mac, and Linux desktops and laptops, and they were previously using Microsoft WSUS to patch Windows devices without any solution for Macs. As the workforce became more remote, the difficulty in keeping systems patched increased, putting company and client data at risk. Additionally, InsideTrack aimed to transition to a cloud-native architecture to eliminate on-premise services, which added another layer of complexity to their IT management.

Mueller Water Products faced significant challenges in managing and securing their IT infrastructure. With over 3000 employees and more than 2000 endpoints, the company needed a robust solution to ensure complete visibility and control over their systems. The primary challenges included achieving complete visibility of their IT environment, managing patches efficiently, and responding quickly to vulnerabilities. Technicians in the field needed to stay connected and secure, even without using a VPN. The company also needed to streamline their IT operations to create a lean, world-class IT team.

This company was in need of a solution that could solve for endpoint visibility and creating next-generation security and efficiency. The IT team, led by Michael King, was looking for complete visibility into the company's endpoints across all full-time employees. King aimed to usher in a new era of simplicity to increase security and overall resource efficiency. Before King's arrival, all endpoint patching was accomplished manually, relying on each end user to push updates to their own laptops. King wanted a solution his team could control that would require no additional work from any of the workplace's non-IT employees, allowing them to focus on their strategic and mission-aligned work.

When Damartex began its journey, the company grappled with inefficient, time-consuming, and fragmented manual patch management processes. Employees used an array of third-party software management tools, resulting in inconsistencies in patch deployment. The lack of uniformity led to incomplete patching, raising concerns about security and systems stability. The objective was clear: Damartex needed to find an automated solution to address these challenges and transform its approach to IT management. With this goal in mind, Damartex focused on overcoming the inefficiencies of their manual patch management process, which took too long and raised security concerns, and streamlining software deployment within their IT infrastructure and seeking a solution with a centralized platform and user-friendly experience.

Before Automox, Tractor and Equipment (T&E) used many services to manage its IT environment. Unfortunately, the Symantec anti-virus console lost idle devices, Cisco Meraki gave them application lists but didn’t export cleanly, and SCCM patch management was tough to maintain if the endpoints weren’t local. T&E needed complete visibility to see which endpoints were being patched, especially if they sat idle for a long time. Additionally, technicians in the field with their endpoints needed to stay connected, even if they weren’t using a VPN.

Opportunity Fund wanted to expand its services beyond California to the rest of the United States. However, its on-premises data center with aging servers and limited storage could not scale to support the expansion. The organization was also looking to cut infrastructure costs and reduce downtime. Rather than building a new data center, Opportunity Fund decided to move its infrastructure to the cloud. To help choose a provider, it performed a proof of concept and compared moving its infrastructure to the cloud using Google Cloud Platform (GCP) and multiple other cloud service providers. GCP outperformed its competitors by a wide margin, while also costing 20 percent to 30 percent less, making it an easy choice.

Väderstad AB, a globally distributed manufacturer of farm machinery, faced the challenge of replacing their end-of-life Cisco firewalls and required new email security solutions following their switch to Office 365. Additionally, they needed solutions that would be equally effective in their current on-premises infrastructure and future Azure cloud infrastructure. The procurement process for these solutions was led by Johan Båverud, Head of IT Operations, who emphasized due diligence and thorough vetting of potential solutions.

Schenker Deutschland AG needed to standardize the transition between its global network and branch offices, ensuring stringent controls to prevent data or process manipulations. The solution had to be suitable for smaller branches with limited IT expertise and require minimal local administrative intervention. Additionally, the project aimed to centralize management processes to increase configuration security and reduce administrative costs. The rollout had to be completed within a limited time frame due to the company's 24/7 operations.

An essential element of the scientific work at the INM is storage and processing of person and patient-related information. Very tight legal stipulations defined by the Bavarian and Federal Data Protection Acts must be adhered to when dealing with this sensitive data. All data protective measures must stand up to an intensive discussion and examination with the controller for data protection at the University Hospital in Munich. It soon became clear to those responsible for IT at the Institute that the existing firewall solution—a pure packet filter solution—could no longer satisfy the current technical security requirements under the existing conditions. The four-man IT department at INM managed by Dr. Marc Lazarovici, M.D. began searching for a suitable alternative. The IT Team initially defined the core requirements for a new solution at the beginning of the evaluation phase. The following criteria had to be fulfilled: Increasing security standards: In addition to meeting the strict data protection law stipulations, an effective solution was required to counter the diverse attack attempts and malicious code activities. It was clear at this point that the route which the Institute for Emergency Medicine had to follow was to move away from a pure packet solution and onto an application level firewall. Secured access to the Institute’s network via VPN: The 30 full-time employees and their external colleagues should have easy access from outside onto the Institute’s network, without compromising the security. Increasing failsafe security: The new system should have a redundant concept. Several physical computers in distributed premises should be used here.

The South Carolina Heart Center (SCHC), the largest private cardiovascular practice in the Southeastern U.S., faced a significant challenge with spam emails. With 28 cardiologists, 18 non-physician practitioners, and over 250 support personnel spread across six full-time offices and four satellite locations, email communication was critical for interactions with other medical practices, vendors, and patients. However, the increasing amount of spam was compromising the staff's ability to communicate effectively and in a timely manner. The IT team, led by Nyhart, spent several months researching various solutions but struggled to find one that met their needs in a cost-efficient manner. Most solutions were priced between $10,000 and $20,000, which was beyond their IT budget.

With more than 400 employees depending on email for vital business communication, the amount of spam bombarding the company inboxes was crippling. Synovis’ technical services department was using a server-based anti-spam software solution that was fairly successful within their headquarters, however, large amounts of spam continued to attack the satellite offices’ networks. When the company decided to implement a WAN (Wide Area Network) to connect its four offices, Knight knew it was essential to find a solution to regain control of email quickly. Knight investigated other antispam solutions as well as considered upgrading the existing server-based anti-spam software, but found both options were expensive.

MTS’s network is currently used by employees, dealers, vendors, and partners. Applications are hosted at the company’s data center using a standard hierarchical zone-based architecture, with virtual router forwarding segmented and configured into areas such as DMZ, production, and management. Applications are accessed through both an internal and public interface and load balancing is done via multi-availability zones. Web applications used include IIS and Apache over Linux, and physical machines deployed include HP Superdome servers, Oracle Exadata/Big Data, and VMware hypervisor to optimize hardware resources. According to SSTL IT Infrastructure Planning team, there are approximately 1,500 concurrent sessions for CRM hosted in the data center alone, in addition to around eight other services including value-added service (VAS), NESS Application Portal (NAP) process, and web recharge. Key challenges faced include slow page response time and the vulnerability of applications to external attacks. “We needed the applications’ availability and performance to be up to mark and to meet security compliance standards,” the team mentions.

In the last year, Brainshark has seen huge growth in the amount of bandwidth the business is consuming, with an increase in traffic from approximately 40 Mbps to peaks at 100 Mbps. Brainshark’s Website also needs to be available at all times, so that when a customer sends a link to a presentation, viewers can watch that presentation on-demand. Brainshark’s network is composed of 64-bit Microsoft Windows 2008 servers, streaming servers and media servers that enable customers to record audio files for their video presentations. Brainshark had been using another vendor’s appliances to provide server load balancing, as well as Web application firewall services. These devices had gone to end of life status and Brainshark’s IT team had to make a decision on whether to “re-up” with them or go with another vendor. Brainshark had two appliances in their production environment, additional units in the development lab and one in the disaster recovery facility. Brainshark deployed lower end models for the disaster recovery and development environments, and a pair of higher-end units in the production environment. Although this approach allowed them to stay within budget, it also added complexity when troubleshooting any issues that occurred, because if something broke in the lab, it was difficult to be certain that the problems weren’t platform-specific. In addition, when technical problems occurred with the equipment and the IT team had to place a support call, they often did not receive the level of responsiveness and assistance required.