In this article, we are going to explore the reasons why patch management plays a crucial role for MSPs, as well as discuss why software updates and patch management can be a hassle for end users and IT admins.
In this article, we will discuss how unpatched third-party applications can hurt your business and what you can do to mitigate the risks.
In today’s technology landscape, patch management is more important than ever for Managed Service Providers (MSPs). With the constant stream of new vulnerabilities and exploits being discovered, it is crucial for MSPs to have an effective patch management solution in place. Without a proper patch management solution, MSPs are leaving their clients’ systems open to attack. It may seem like it is fairly easy to install a few patches to a few devices manually, but in reality, it is not, especially when you have multiple clients. Well, to make this task a bit easier MSPs use RMM that constantly monitors what is going on with the endpoints and applications. While having an RMM solution (even with patch management functionality) is great, it is not enough for proper patch management. In this article, we want to share 5 best practices to optimize patch management for you and your clients. Patch Management Tips for Managed Service Providers Inventory. Being able to implement effective patch management starts with knowing exactly what devices you have. You as an MSP should make sure they have a complete overview of endpoints and software inventory on the regular basis (you can’t fix what you don’t know). This will help you know what needs to be patched and when. Track patch announcements from vendors. On average, companies have 110 applications in use and the majority of them are from other vendors than Microsoft – Adobe, Google, Amazon, etc. This means that staying on top of the latest update announcements from vendors plays a crucial role in effective patch management. Make sure to subscribe to security mailing lists and RSS feeds from third-party vendors to help ensure that the updates aren’t overlooked. Test patches before deployment. Applying patches does not always solve a problem: there is a risk that some things can go wrong with updating software. This can occasionally happen, even if the vendor extensively tested a patch before the release. Sometimes, the reason for a patch failure is that you install the patch and forget to reboot the system. A good way to mitigate this problem and not “break everything”, is to test the patch in a controlled environment before pushing it out to all endpoints. Regular reporting. Providing your customers with reports with patch management information like frequency, history, patch category, and resolution times on a regular basis will help build trust and long-term relationships with your clients. Automate as much as possible. This is perhaps the most important patch management best practice. Using a good third-party patch management tool can enable you to automate your patch management processes. Automating third-party patching can save your organization time and money. By automating the process, you can ensure that all third-party applications are up to date with the latest security patches. Automate third-party patch management of your customers with the right tool = Scappman For automated third-party patch management that is reliable and user-friendly, look no further Scappman. This 100%-cloud solution ingrates with Microsoft Intune and automatically installs all the necessary application updates for your customers. Scappman allows you to easily keep third-party applications updated across numerous client endpoints, with features like managing custom applications, automated log collection, customizable installation commands, creating a set of reg keys etc. For MSPs, Scappman provides a complete third-party patch management solution, that allows you to manage all your customers’ apps from one platform with extra functionality: Multi-tenancy support Partner Portal (invoicing, inviting customers, pop-up customization…) Advanced application management (app sets, users & group assignments…). Furthermore, there are more than 800 third-party applications in Scappman App Store, that are always up to date and secure to use. You can also upload your own application to the platform and manage it like any other application. If you’re an MSP looking for a cloud third-party patch management solution, try Scappman at no charge – a 15-day free trial is available!
In April, Microsoft launched the Windows Autopatch update service for business customers, making it generally available later in July. The main of the service is to take charge of update deployments and reduce the burden on IT admins. On Microsoft Ignite 2022, Microsoft introduced new features that are now available on Windows Autopatch. Windows Autopatch is a cloud service that automatically manages Windows 10/11, Microsoft 365 Apps for enterprises, Microsoft Edge, and Microsoft Teams updates for enterprises in order to improve security and productivity in organizations. This includes the creation of testing rings, monitoring health, and rolling back updates if needed. Windows Autopatch is aiming to make life of IT admins easier so they can focus on the tasks that matter, taking over patching Microsoft products. Now there is a new application-based authentication available in Autopatch through Microsoft Modern Management Management app. Thanks to this new certificate-based authentication, enterprise users can avoid the chore of rotating passwords or handling Conditional Access (CA) policies. Also, Microsoft has made the process of post-registration device readiness simpler. Previously, after running the Readiness assessment tool, your devices might have been sorted out into 2 tabs: Ready and Not Ready. Now devices that do not meet the prerequisites for Windows Autopatch enrollment are sorted in a “Not registered” tab whereas the devices with conflicting configurations are shown up in the “ Not Ready” tab. And it’s possible to get solutions tailored to each of them by clicking on the devices. Microsoft explains why this change is important: “We heard that making sure devices remain healthy and eligible to receive updates—and reporting on the status of those devices—was time-consuming (and expensive). With this update to the device registration flow, IT admins can easily detect and take action to remediate configuration mismatches or other issues in their environments that prevent devices from receiving software updates from Windows Autopatch.” And finally, quality updates reporting service has become available. Windows Autopatch reporting is designed to allow visibility into update status and device health, and offer insights into managed endpoints. The reporting offers data on update compliance as well as device and application performance. To see the quality update summary report go to Reports > Windows Quality Updates. All devices report shows the update status of all devices. All devices report – historical shows the update status of all devices over the last 90 days. Eligible devices report – historical shows the update status of eligible devices over the last 90 days. Ineligible devices report – historical shows why devices have been ineligible over the 90 days.
It sounds so simple: always install the latest updates on all operating systems and third-party applications over the entire IT infrastructure. So why is keeping OSs& software up to date one of the most common weak points in companies? Unfortunately, for many IT admins, manual patching has turned into an endless ever-growing task and missing one application update can create a large security hole that affects the entire organization. According to a recent study by the Ponemon Institute, nearly 60% of companies don’t patch their systems on a regular basis. These security holes in your IT system can result in a loss of critical data, violate privacy policies, and eventually lead to security breaches. Just think of all the times when you or your employees postpone the update notifications on their devices. These notifications are important updates that keep your business’s information safe. Ignoring these updates leaves your business vulnerable to data breaches and other security breaches. CVEs in OSs and third-party applications are always being discovered. For example, more than 50 CVEs a day were discovered in 2021. In response software vendors regularly issue patches to cover the security gaps. But patching matters not only for security reasons but also, to increase stability, add new features, change UI, and fix bugs. To know more about patches read our blog “What is Patch Management: stages, best practices, challenges, automated patch management” For all these reasons, patching remains the single most important thing you can do to secure technology in your organization and is why applying patches is often described as the basics. But still, implementation of proper patch management for most companies is easier said than done. We highlighted the top 5 reasons why companies do not patch. Top 5 reasons why companies don’t patch their software Patching can break everything. The most common reason is that there’s a real fear that the solution could become the problem. In some cases, a patch can break something vital in an unpredicted manner. This can be explained by the big number of patches that you have to deploy. Patching takes time. Patching is repetitive, unrewarding task – IT professionals have to regularly check for updates and then install them, which can be a drain on resources. Ideally, they must test the patches before rolling them out fully – which can help uncover any problems they may cause, but which also takes more time and money. Furthermore, some patches can be more difficult to install than others. This can cause delays in getting the updates installed, which can impact business operations. You can only patch something if you know it exists. As it’s hard to maintain accurate, up-to-date asset inventories across big IT systems, many organizations don’t have a clear overview of applications installed, endpoints and other assets. Consequently, if you don’t know which applications you have installed on which devices, you don’t know what to patch. Too many patches to keep up with. Even if companies are able to manage OS updates, third-party application vulnerabilities are often overlooked, leaving endpoints at risk. To illustrate this challenge, we always use this example. Google Chrome releases a full OS update once a week. To package and test the update, an IT specialist spends 3-8 hours. Thus, only for patching Google Chrome, an IT specialist must spend an enormous amount of time, going through the patching cycle 3-4 times a month. An average company uses 110 applications, which means you have to monitor 110 applications for updates. It’s not hard to see how the number of outstanding patches can quickly overwhelm an already busy IT department. End user resistance. Who can relate: you have received an update notification and clicked the “remind me later”? Users just want to get their work done and rarely consider security during their day-to-day operations. The last thing they want is to spend time waiting for the update to be installed or be forced to reboot the laptop. What they do is:“I’ll do it later,” or “it’s probably not important” *click Postpone*. This seemingly innocent event can have serious consequences for the entire business. None of the reasons above (the excuses, we would say) is the actual reasons, that allow you not to patch as much you can. The only solution is automated patch management. Experts say patch automation is critical for easing operational burdens on IT staff and minimizing errors. According to the Ponemon Institute survey (2019), only 44% of organizations used automated solutions for patch management. Automated patch management solutions can help organizations keep track of all of the patches that need to be applied, and they can automate the process of deploying patches and updates. That’s why Scappman should be implemented into patch management in your company. Scappman is a 100%-cloud solution that automatically installs all the necessary updates for your applications. Scappman automates the whole process of uploading the application and updating it in the Microsoft Intune environment. There are more than 800 third-party applications in Scappman App Store, that are always up to date and secure to use. We’ll make sure that hackers can’t use vulnerabilities in outdated applications to steal or encrypt your data. To know more about Scappman and automated third-party patch management book a demo with our team.
As a managed service provider, your main task is to protect and manage the IT systems of various clients. That’s why having a solution that helps you to manage, monitor, support and secure the computer networks and systems of your clients is crucial. By that solution, we mean Remote Monitoring and Management tool (RMM). Although the RMM solution is vital for your customer’s security, it is not enough on its own. Third-party patching is also essential for efficient security IT system. Exactly what is RMM? In short, it’s a tool that makes the work of modern MSPs possible. Read along with us to know more about this technology, the benefits & drawbacks of using RMM, and how you can optimize third-party patching. Definition of RMM: what is remote monitoring & management? RMM (short for remote monitoring and management) is a type of software that allows IT professionals to monitor and manage their client’s IT systems, such as servers, devices, endpoints, and software from anywhere. To make RMM work, it requires to install an agent – a lightweight software installed on clients’ endpoints. This agent allows you to: get real-time insights on the health of the client’s IT environment. see all the data gathered on the RMM’s dashboard, from which you are able to monitor and control all the processes. proactively stay ahead of issues. If the agent detects a problem on one of the managed machines, it creates an alert or “ticket” and delivers it to you, prompting you to take action to resolve a problem before customers even notice it. RMM classifies these tickets based on importance or problem type, helping you prioritize issues. With the growing trend of remote work, however, it’s also becoming more and more common to see internal IT departments also utilizing RMM tools. What is RMM used for? Here are a few core functions of any RMM software: Automating IT management routine. RMM software lets MSPs automate a range of common IT tasks, such as installing software patches, running scripts, asset tracking, monitoring, alerting and remediation of IT incidents. Real-time remote monitoring. RMM solutions can monitor the health of the entire IT system 24/7. IT specialists can be alerted when potential issues arise so that they are addressed in a timely manner. RMM software can also provide real-time reports on network activity, asset inventory, compliance, and system performance. Performing tasks for maintenance and remediation remotely. With RMM, IT specialists can not only monitor the IT system but also deploy software, troubleshoot, and fix problems without interrupting the end user. RMM tools have advanced and become feature-rich, allowing MSPs to do more than just monitoring. With RMM it is possible to secure endpoints and automate a lot of routine tasks, making their life easier. Benefits of RMM Under the right conditions and management, RMM software can help IT providers completely transform their operations, making them more efficient, more effective, and more profitable: No more Break-fix Cycle Previously, MSPs had to physically go to their client’s offices in order to manage their IT systems and infrastructure. It created what was known as the “break-fix cycle”: when something broke, an MSP would fix it, leave, and then come back again when something else broke. This cycle is costly and can be avoided with the help of cloud solutions and remote monitoring and management (RMM). RMM allows you to proactively monitor your IT infrastructure and identify potential issues before they cause downtime. This proactive approach can help keep your business running smoothly. And instead of going to their offices physically, RMM allows MSPs to cut down on time spent on the road, giving them time to manage more clients. Saves time and money RMM can save businesses time by automating tasks that would otherwise need to be done manually. This can free up you to focus on more important tasks, such as problem solving and user support. RMM can also save businesses money by reducing the need for on-site support. With RMM, IT problems can often be fixed remotely, without the need for IT specialists to come to the office. This can save on travel costs and boost productivity. Improves Security An RMM can help identify potential security threats and vulnerabilities early on before they have a chance to do any damage. By constantly monitoring your network and systems, an RMM can quickly spot any suspicious activity and raise an alert. This means that you can take steps to fix the problem before it becomes a serious issue. RMM and third-party patching As the use of third-party applications continues to grow, so do the challenges for patching these applications. While most RMMs support third-party patching, the application list is not broad enough to cover the business needs of your customers. This can pose a challenge for you, as an MSP, who is responsible for patching these applications. One of the biggest challenges is keeping up with the constantly changing versions of these applications. With new versions being released on a regular basis, it can be difficult to ensure that all of the necessary patches are installed. Another challenge is ensuring that the patches are working properly and can’t break anything. That’s why patching third-party applications is an important part of keeping systems up-to-date and secure. How to optimize third-party patch management for RMM Scappman is a 100%-cloud solution that automatically installs all the necessary updates for your applications. Being fully integrated with Microsoft Intune, Scappman doesn’t require any servers or agents to install and keep your applications up to date. For MSPs, Scappman provides a complete third-party patch management solution, that allows you to manage all your customers’ apps from one platform: All customers in one platform. Partner portal (invoicing, inviting customers, pop-up customization…) Advanced application management (app sets, users & group assignments…). Furthermore, there are more than 800 third-party applications in Scappman App Store, that are always up to date and secure to use. You can also upload your own application to the platform and manage
One of the better cybersecurity practices is updating software regularly. Regardless of your industry, it’s essential to keep your software up to date to protect your organization from breaches. According to a study conducted by Ponemon Institute for ServiceNow, 60% of cyberattacks are caused because applications are not up to date. Despite the importance of patch management, many companies are still struggling to patch applications effectively. Companies face some challenges when it comes to patch management, but they aren’t impossible to overcome. Common Patch Management Challenges 1. Time-consuming According to the Ivanty report (2021), 71% of IT and security professionals find patching complex and time-consuming. To prove this, let’s discuss the patch process cycle. Organizations must continually identify and assess vulnerabilities, monitor and test patches, and deploy the patches to their systems. Based on the Ivanty survey results, IT & security professionals spend 53% of their working time each month detecting and prioritizing vulnerabilities and 19% testing patches. The biggest problem here is how to find out if there is an update available. Many people think of something like Patch Tuesday with Microsoft. However, it’s not like that in most cases – there is no system. And let’s consider this: for example, Chrome releases a full OS update about every four weeks. Minor updates, such as security fixes and software updates, happen every 2–3 weeks. Only for patching Google Chrome, an IT specialist must go through the patch cycle 2-3 times a month. But what about other applications? On average, a company uses 110 applications (Statista, 2021). It’s difficult to calculate how much time IT admins should spend on patching all the software to prevent the companies from breaches. 2. Lack of IT Inventory Management Another common patch management challenge is the lack of understanding of what software companies’ endpoints actually have. This problem has become harder to deal with as companies move to remote work. Implementing asset control and an accurate inventory system is a good solution. With a detailed asset list, it’s possible to have a complete picture of your company’s IT infrastructure and what endpoints and applications are vulnerable. This makes it easier to prioritize assets and applications for faster patch deployment. To address this challenge, you can use Microsoft Threat and Vulnerability Management tool (TVM), one of the security pillars of Microsoft Defender for Endpoint. It aims to identify vulnerabilities and misconfigurations in real-time and prioritize them based on the need of the threat landscape. Read more about Microsoft TVM in this blog. 3. No desire to deploy every patch Implementing an inventory management solution can cause another challenge – only highly prioritized vulnerabilities will be patched. This doesn’t solve the problem entirely – your company’s endpoints are still at risk, and there is no guarantee that you won’t be hacked. 4. Patch failures 72% of managers are afraid that applying security patches right after release could “break stuff.” That’s true: there is a risk that some things can go wrong with updating software. This can occasionally happen, even if the vendor extensively tested a patch before a patch was released to the public. Sometimes, the reason for a patch failure is that you install the patch and forget to reboot the system. To address this challenge and not “break everything,” you must test the updates first in a test environment and then deploy them. 5. Vulnerability management It’s essential to remember that patching does not always mean managing vulnerabilities. Even if all the patches are deployed, a new vulnerability can always become a hole for some of these flaws. Once the patch is deployed, new vulnerabilities will likely appear, and you patch it again. Patching is a catch-up game where you’ll always be behind. How can you automate patch management? Use Scappman! Scappman is a 100% cloud solution that automatically installs all the necessary updates for your applications. Scappman automates the whole cycle of patching: Scappman scraps the installed applications for the new version, and if it’s available, Scappman tests it, creates a package, uploads it to Intune, and installs it to the assigned users. There are more than 500 third-party applications in Scappman App Store that Scappman keeps an eye on. They are always up to date and secure to use, so you can be sure that hackers can’t use steal or encrypt your data. To know more about Scappman and how it helps you save valuable time and keep endpoints in your organization secure just in 2 steps, book a demo with us.
Last week it happened again. Chrome had another zero-day exploit and had to update to Chrome version 99. It feels like every week, there is a new update to Chrome. And what we see – in a couple of days, update version 100 came out. And it’s not just Chrome. Microsoft Edge, Mozilla Firefox, Opera all browsers continuously improve and secure themselves via patches and updates. Of course, this would be easier if you wouldn’t have to do this yourself, but your MSP or IT manager would take care of these automatic updates. He could always automate these patches via SCAPPMAN; sorry for the shameless plug. Why should you update browsers? There are 2 main reasons why your browsers should be always up to date – security and functionality. 1. For functionality reasons We all have had an experience when an app or software stopped working on the device because OS was out of date. The same story with browsers. When being on the website from an older browser, sometimes certain features on a page will stop working for you. Or you’re unable to use the page at all. As with all tech-related stuff, coding languages get updated too. They become more advanced and even though the website may look the same, it’s no longer compatible with its outdated interpreter. 2. For security reasons Browsers are only a tiny piece of software in your IT environment, but it’s the ones that can create the most damage in that environment. It’s the gateway for your users to explore information on the Internet. But it is also the gateway for exploiters to go into your network. These people with bad intentions prefer that gateway since it’s the one that users are using daily. So they (the hackers) are constantly looking if these browsers have flaws that they can exploit. The security patches alone are why you should always make sure you’re running a current web browser version. Outdated browser versions leave you vulnerable to attacks that expose your confidential information to suspicious websites. You have automated software that detects these bugs for Chrome. But the question is, as an IT manager, do I have the tools to see if we have the latest version. We wrote a whole topic about Vulnerability Management. But the best thing you can do against these bugs is to automate the updates. So then, you don’t have to worry about these updates anymore. In conclusion, any browsers will keep on updating, and it’s up to us to keep an eye on it since the browsers are trying to keep up with the hackers and vice versa. And in many companies, it’s the only forceful way to get into their network and reach company critical data. That’s why browsers will keep on updating.
“How can I automate third-party application installations and updates for Intune-managed devices?” A lot of IT professionals asked themselves this question. The interest in an automated patching solution has been growing over the last 5 years. This can be explained by the fact that the process of application updating in Microsoft Intune is rather challenging and time-consuming. Firstly, you should detect the latest version of the application, download it, and test it before pushing it to the users. If the update is secure and works, you should create a package with the latest version of the app. For Microsoft Intune, you should wrap the file into .intunewin, upload it to Intune and deploy it to the assigned users. As soon as you find out that there is a new update available, you must go through the entire process again. And again. Read how to manage and update applications in Microsoft Intune here. Normally, around 100 applications are used in companies (small and big), which means you must monitor 100 applications for updates. Most companies do not have the resources to do this. That’s why we created Scappman. Scappman is a 100% cloud & agentless solution that automatically installs all the necessary updates for your applications. Scappman automates the entire process of uploading the application and updating it in the Microsoft Intune environment. With Scappman you can not only manage and deploy more than 800 third-party applications from Scappman App Store but also add and manage your own custom applications. What does Scappman do? Scappman scraps the installed applications for the latest version and if it is available, Scappman tests it, wraps the application installation file into .intunewin and uploads it to Intune and installs it to the assigned users. It is that straightforward. How to start your automated app journey with Scappman? To start a 15-day free Scappman trial, navigate to portal.scappman.com and click on the register button. To be able to use Scappman you need to sign in with your Microsoft account, accept (and read) the terms and conditions, accept permissions to register Scappman in Azure AD, and fill in the info about your company. Once you have finished all these steps, you have access to the Scappman portal. How to deploy third-party applications and updates within Scappman and Microsoft Intune With Scappman there is no need to package the application and upload it to Intune environment. In Scappman App Store you can choose applications you want to install, deploy, and keep up to date (there are more than 800 third-party applications available). While configuring the installation process you can customize installation settings: choose language and bitness, add dependencies, use custom pre-install, install and post-install commands, enable update rings for the app, and configure assignment (type, user & group assignment). You also have an opportunity to upload your own app to manage and update and request a public/private app and Scappman will package it for you. That’s pretty much it. Scappman will take it from here. Scappman reports for Microsoft Intune Third-Party Patching In terms of reporting, we provide you with a clear overview of your installations, managed Windows devices, and licensed users. On Dashboard, you can see the familiar update rings but for the application deployment and updates. In Reports, you find the information about the applications, like the version installed, and their status (installed, failed, postponed, pending, not applicable, not installed, or outdated).
A newly discovered zero-day vulnerability in the Spring Framework for Java is definitely drawing the attention of the IT community. With a critically high threat level (the CVSS score is 9.8 out of 10.0), vulnerability CVE-2022-22965, or Spring4Shell, is already being compared to Log4Shell due to the similarity in the method of exploitation. According to the first assessments, Spring4Shell affected over 16% of companies worldwide, with the most impacted region being Europe, with an impact of 20% of businesses. In the first days since the vulnerability was detected, more than 37 K attempts to exploit this vulnerability were confirmed. What is Spring4Shell? Spring4Shell is a zero-day Remote Code Execution (RCE) vulnerability caused by an error in the mechanism which uses client-provided data to update the properties of an object in the Spring MVC or Spring WebFlux application. The Remote Code Execution (RCE) Vulnerability can be easily exploited by sending a specially crafted HTTP request to a server running the Spring Core Framework. Exploited software and impacted systems As we mentioned in December, the majority of applications are built in Java. When it comes to Spring Framework, half of Java applications use it. Any system using Java Development Kit (JDK) 9.0 or later, especially those using TomCat, and using the Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions are vulnerable. 10 software vendors are confirmed to be affected because of Spring4Shell: Blueriq BMC Software Cisco JAMF NetApp PTC SAP SE SolarWinds Spring VMware The vulnerability primarily affects devices with a lot of direct connections. In fact, cybercriminals also take advantage of connections where they can use an executable file. Also, all IoT devices running Java can be affected. This issue can also pose a personal risk because the vulnerability can hit Android or Windows OS smart-home appliances. And even home cameras. How to find vulnerable to Spring4Shell device To find the affected device use Threat and Vulnerability Management functionality of Microsoft Defender for Endpoint. TVM monitors overall security posture of the company’s endpoints and provides real-time insights about detected vulnerabilities. On the Weaknesses page, you can search for the CVE-2022-22965 to find vulnerable devices. Read more about Microsoft TVM here. How to mitigate Spring4Shell The best and only solution to reduce the impact of this threat is to patch it. An update is available for CVE-2022-22965. Administrators should upgrade to versions 5.3.18 or later or 5.2.19 or later. If the patch is applied, no other mitigation is necessary. If you’re unable to patch the CVE-2022-22965 vulnerability, you can implement this set of workarounds published by Spring: Search the @InitBinder annotation globally in the application to see if the dataBinder.setDisallowedFields method is called in the method body. If the introduction of this code snippet is found, add {“class.*”,”Class.*”,”*.class.*”, “*.Class.*”} to the original blacklist. (Note: If this code snippet is used a lot, it needs to be appended in each location.) 2. Add the following global class into the package where the Controller is located. Then recompile and test the project for functionality: import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.InitBinder; @ControllerAdvice @Order(10000) public class GlobalControllerAdvice{ @InitBinder public void setAllowedFields(webdataBinder dataBinder){ String[]abd=new string[]{“class.*”,”Class.*”,”*.class.*”,”*.Class.*”}; dataBinder.setDisallowedFields(abd); } } We’re happy to confirm that all the third-party applications in the Scappman App Store are secure, up to date and not vulnerable to CVE-2022-22965.
Referring to a system for controlling threats inside your environment with a well-documented patching program, A Patch Management Policy implies a step-by-step approach. It looks like we can only talk about patching and updating applications at SCAPPMAN; well, it has a bit of truth in that because that’s our core business. But we also love to talk about how we can help companies tighten their security and make sure they are ready for a zero-day exploit. That’s why it’s so important to not only make sure your employees are up to speed with the latest tricks by ransomware hackers, etc. But also have a policy in place that makes sure that all of your hardware keeps safe from software code that can be flawed. You can see that 66% of all the attacks are coming from gaps in the software code. With the new software components from Microsoft Intune, it’s relatively easy to create a Patch Management Policy. Now let us show you what’s important. Make an inventory of hardware devices, including BYODs. Make an inventory of company software. Do a complete company survey on which programs are being used outside of the approved company software, think about WeTransfer, Image resizer software, etc. Make sure a team is responsible for carrying out this policy. Suppose you don’t have Patch Management Software in place like SCAPPMAN. Make sure you have a team that monitors and keeps a lookout for zero-day exploits or other exploits. Have a process of patching and updating software in your company. A crucial aspect of this is testing, a test environment where you can safely test if the patches and updates are working. Have a monthly recurring schedule on when you’ll patch and update the software. A patching schedule would be ideal. Have documentation of what has been patched and updated. Also, documentation on how many devices and how many BYODs are up-to-date. You see that creating this kind of safe heaven or trustworthy system is not easy. You’ll need to take many steps with many people to ensure that everything is up and running and secure. You see that many tasks can be automated. That’s where SCAPPMAN comes in. We automate patch management, and together with partners such as managed service providers, you’ll reduce the number of steps significantly to create this kind of Patch Management Policy. Connect your Microsoft Intune account with SCAPPMAN SCAPPMAN takes care of the inventory of hardware & software. Configure SCAPPMAN and create a patch management policy with your MSP or SCAPPMAN. Let SCAPPMAN patch and update your inventory automatically. Automation and digitalisation will be critical.
Protecting your company’s IT infrastructure against cybersecurity threats is the number one priority. And patch management is an essential element in the cybersecurity strategy. We know that implementing patches for software including third-party applications can be tedious. Indeed, due to time and budget limitations, most IT departments don’t pay much attention to patch management. Knowing that 57% of data breaches could have been prevented by being patched on time, patch management is more critical than ever. With patch management, you ensure that your applications stay up to date and secure to use. So, implementing software patches as they’re released is the best way to keep your company’s software safe from hackers. In this blog, we’ll share 6 patch management best practices. Create a patch management policy Implementing patch management policies helps establish routines, procedures, and timeframes for effective patching. The process of creating the policy can be time-consuming but necessary. In the patch policy, you create, you should include all kinds of updates (critical and non-critical), as well as regular system maintenance. Inventory list of your software A list of all software, operating systems and devices the company uses is a vital piece of your patch management process. If you have a clear overview of all your endpoints and software installed, you know what you have to protect. While Windows can automatically update itself, third-party apps like 7-zip, Adobe and Chrome might not have this ability. This creates multiple attack vectors into your endpoints. Categorize risks Avoid applying patches in a chaotic way. Categorize the detected vulnerabilities according to the risk level and prioritize the deployment of important patches instead. Applying patches to low-level threats first wastes time and threatens your system security. Prioritizing CVEs helps define which systems and applications require immediate patch deployment and which can wait. Pro Tip: Microsoft Threat and Vulnerability Management (TVM) helps organizations with identifying, assessing, and even remediating new vulnerabilities. The add-on tool to Microsoft 365 Defender provides users with insights on all applications (that are supported by Microsoft) installed across all the endpoints in the company, including the application name, OS, vendor, number of associated weaknesses, threats, number of exposed devices and impact. All the detected vulnerabilities are categorized based on the CVSS score. Read more about Microsoft TVM: Detecting vulnerable applications with Microsoft Threat and Vulnerability Management Microsoft releases a New Defender Vulnerability Management tool Monitor patch updates With so many applications installed (and so little time), tracking all software updates is critical. In the case of Microsoft products, it’s easy – on Patch Tuesday the second Tuesday of each month, Microsoft releases large patches for Windows OS, Microsoft Office and other Microsoft software. But for third-party apps – not so much. Some software vendors publish updates and send email notifications to administrators. Pro Tip: Scanning through hundreds or thousands of software patches can be inefficient and time-consuming. Use solutions for automated application patching to save your time. Test patches before deployment Before deploying a patch, it’s important to test it in a testing environment. This allows you to verify that the patch does what it is supposed to do and doesn’t break anything else. It also gives you time to fix any problems that may arise before the patch goes live. Automation Let’s be honest, it’s not possible to do patch management manually. On average, organizations use around 100 applications, and you must monitor and patch all of them. But you have other stuff to do. The solution is pretty – automate everything that can be automated. Automating the patching process reduces the workload for IT admins thus promoting efficiency, productivity, and security of the organization. That’s why Scappman should be a part of your patch management policy. Automatically updating all your applications, you save plenty of time that you can spend on other important tasks. You don’t need to track all the updates available, prioritize and test them. Scappman will do this job for you. To know more about how you can automate third patching, start a free trial or book a call with us.
Oudeleeuwenrui 48, bus 4, Antwerp 2000, Belgium
