A New Way of Third-Party Patch Management for Microsoft Intune
“How can I automate third-party application installations and updates for Intune-managed devices?” A lot of IT professionals asked themselves this question. The interest in an automated patching solution has been growing over the last 5 years. This can be explained by the fact that the process of application updating in Microsoft Intune is rather challenging and time-consuming. Firstly, you should detect the latest version of the application, download it, and test it before pushing it to the users. If the update is secure and works, you should create a package with the latest version of the app. For Microsoft Intune, you should wrap the file into .intunewin, upload it to Intune and deploy it to the assigned users. As soon as you find out that there is a new update available, you must go through the entire process again. And again. Read how to manage and update applications in Microsoft Intune here. Normally, around 100 applications are used in companies (small and big), which means you must monitor 100 applications for updates. Most companies do not have the resources to do this. That’s why we created Scappman. Scappman is a 100% cloud & agentless solution that automatically installs all the necessary updates for your applications. Scappman automates the entire process of uploading the application and updating it in the Microsoft Intune environment. With Scappman you can not only manage and deploy more than 800 third-party applications from Scappman App Store but also add and manage your own custom applications. What does Scappman do? Scappman scraps the installed applications for the latest version and if it is available, Scappman tests it, wraps the application installation file into .intunewin and uploads it to Intune and installs it to the assigned users. It is that straightforward. How to start your automated app journey with Scappman? To start a 15-day free Scappman trial, navigate to portal.scappman.com and click on the register button. To be able to use Scappman you need to sign in with your Microsoft account, accept (and read) the terms and conditions, accept permissions to register Scappman in Azure AD, and fill in the info about your company. Once you have finished all these steps, you have access to the Scappman portal. How to deploy third-party applications and updates within Scappman and Microsoft Intune With Scappman there is no need to package the application and upload it to Intune environment. In Scappman App Store you can choose applications you want to install, deploy, and keep up to date (there are more than 800 third-party applications available). While configuring the installation process you can customize installation settings: choose language and bitness, add dependencies, use custom pre-install, install and post-install commands, enable update rings for the app, and configure assignment (type, user & group assignment). You also have an opportunity to upload your own app to manage and update and request a public/private app and Scappman will package it for you. That’s pretty much it. Scappman will take it from here. Scappman reports for Microsoft Intune Third-Party Patching In terms of reporting, we provide you with a clear overview of your installations, managed Windows devices, and licensed users. On Dashboard, you can see the familiar update rings but for the application deployment and updates. In Reports, you find the information about the applications, like the version installed, and their status (installed, failed, postponed, pending, not applicable, not installed, or outdated).
Spring4Shell: are you at risk?
A newly discovered zero-day vulnerability in the Spring Framework for Java is definitely drawing the attention of the IT community. With a critically high threat level (the CVSS score is 9.8 out of 10.0), vulnerability CVE-2022-22965, or Spring4Shell, is already being compared to Log4Shell due to the similarity in the method of exploitation. According to the first assessments, Spring4Shell affected over 16% of companies worldwide, with the most impacted region being Europe, with an impact of 20% of businesses. In the first days since the vulnerability was detected, more than 37 K attempts to exploit this vulnerability were confirmed. What is Spring4Shell? Spring4Shell is a zero-day Remote Code Execution (RCE) vulnerability caused by an error in the mechanism which uses client-provided data to update the properties of an object in the Spring MVC or Spring WebFlux application. The Remote Code Execution (RCE) Vulnerability can be easily exploited by sending a specially crafted HTTP request to a server running the Spring Core Framework. Exploited software and impacted systems As we mentioned in December, the majority of applications are built in Java. When it comes to Spring Framework, half of Java applications use it. Any system using Java Development Kit (JDK) 9.0 or later, especially those using TomCat, and using the Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions are vulnerable. 10 software vendors are confirmed to be affected because of Spring4Shell: Blueriq BMC Software Cisco JAMF NetApp PTC SAP SE SolarWinds Spring VMware The vulnerability primarily affects devices with a lot of direct connections. In fact, cybercriminals also take advantage of connections where they can use an executable file. Also, all IoT devices running Java can be affected. This issue can also pose a personal risk because the vulnerability can hit Android or Windows OS smart-home appliances. And even home cameras. How to find vulnerable to Spring4Shell device To find the affected device use Threat and Vulnerability Management functionality of Microsoft Defender for Endpoint. TVM monitors overall security posture of the company’s endpoints and provides real-time insights about detected vulnerabilities. On the Weaknesses page, you can search for the CVE-2022-22965 to find vulnerable devices. Read more about Microsoft TVM here. How to mitigate Spring4Shell The best and only solution to reduce the impact of this threat is to patch it. An update is available for CVE-2022-22965. Administrators should upgrade to versions 5.3.18 or later or 5.2.19 or later. If the patch is applied, no other mitigation is necessary. If you’re unable to patch the CVE-2022-22965 vulnerability, you can implement this set of workarounds published by Spring: Search the @InitBinder annotation globally in the application to see if the dataBinder.setDisallowedFields method is called in the method body. If the introduction of this code snippet is found, add {“class.*”,”Class.*”,”*.class.*”, “*.Class.*”} to the original blacklist. (Note: If this code snippet is used a lot, it needs to be appended in each location.) 2. Add the following global class into the package where the Controller is located. Then recompile and test the project for functionality: import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.InitBinder; @ControllerAdvice @Order(10000) public class GlobalControllerAdvice{ @InitBinder public void setAllowedFields(webdataBinder dataBinder){ String[]abd=new string[]{“class.*”,”Class.*”,”*.class.*”,”*.Class.*”}; dataBinder.setDisallowedFields(abd); } } We’re happy to confirm that all the third-party applications in the Scappman App Store are secure, up to date and not vulnerable to CVE-2022-22965.
Match Made in Intune heaven called Windows Autopatch and SCAPPMAN
Of course, people who regularly follow our blog have heard of Autopilot, but this is Autopatch. An automated software update service for companies with Windows Enterprise E3 licenses or above will launch in July. What does Windows Autopatch do? Windows Autopatch is a managed service that will patch and update drivers and firmware for Windows and Microsoft 365 apps. This will result in automatic updates for Microsoft Teams, Microsoft Office, etc. What do you need for Windows Autopatch to work? You will need an Intune subscription, an E3 license, and an Azure AD (active directory). Remember, Windows Autopatch will only work on PCs running Windows 10 and Windows 11. We love that Microsoft is taking the same route as ours and believe that an updated computer is a safe computer. Just look at their takeaways on why they started on Windows Autopatch. “The development of Autopatch is a response to the evolving nature of technology. Innovations in hardware and software enhance usability and productivity. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end. Business needs change in response to market shifts. Security postures must be hardened as new threats emerge. Enterprises must continually respond to stay competitive, enhance protection, and optimize performance.” We love that Microsoft introduced the term gaps. Those gaps can be two things. Security gaps and productivity gaps. Their phrasing is as follows: A security gap forms when quality updates that protect against new threats are not adopted in a timely fashion. A productivity gap forms when feature updates that enhance users’ ability to create and collaborate are not rolled out. As gaps widen, it can require more effort to catch up. Why is Windows Autopatch and Scappman match made in heaven? While Microsoft, from July 2022 onwards, takes care of their software and applications, SCAPPMAN can take care of your third-party applications and your applications already today. To use SCAPPMAN, you will need the exact requirements. You connect your Microsoft Intune to our SCAPPMAN portal, and you are good to go. So, Microsoft takes care of their own, and we will take care of the rest. Are you interested in starting today? Book a demo or start a free trial.
Everything you need to know about a new 7-Zip vulnerability
UPD: CVE-2022-29072 is disputed. A couple of days ago a new vulnerability was discovered by GitHub user Kagancapar in the popular 7-Zip file archiver, which allows gaining administrator privileges on Windows. The vulnerability has not been fixed yet, as the latest version of the application 21.07 has been released on 26/12/2021. A few words about 7-Zip 7-Zip is a free and open-source file archiver with high compression based on bzip2, PPMd, LZMA2, and LZMA algorithms. 7-zip is one of the three most popular file archiving applications, whose popularity is only rivalled by giants WinZIP and WinRAR. In addition to own .7z-format archives, the archive manager also supports other packer formats commonly used under Windows, such as .rar, .zip, .tar, .wim, .xar etc. The file archiver is available for Windows OS; localizations are available for 87 languages. CVE-2022-29072 vulnerability: how it works and whose fault is that 7-Zip vulnerability or CVE-2022-29072 is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution for Windows when a file with the .7z extension is dragged to the Help > Contents area. In simple terms, someone with access, even limited, to your computer is able to gain high-level control to run their own commands or apps. The problem lies in the 7-zip.chm helper files that are executed via the Windows HTML helper function (hh.exe). So, CVE-2022-29072 is tied to Windows, as it was caused due to interaction of 7-zip with the Windows help application. The vendor hasn’t said much about vulnerability other than refusing to take responsibility for it, meaning that it depends on Microsoft Help in Windows. However, according to Kagancapar, even if you drop the malicious file, this triggers a heap overflow in 7zFM.exe. This means that it’s 7-Zip who should solve the problem. How to mitigate the 7-Zip vulnerability To mitigate CVE-2022-29072, the person who discovered the vulnerability, Kagancapar, recommends deleting the 7-zip.chm file: 1. Open the 7-Zip installation directory or folder on the system. Usually, it’s C:\Program Files\7-Zip or C:\Program Files (x86)\7-Zip. 2. Find the 7-Zip.chm file – this is the help file. 3. Delete this file to remove it from your system. There is a possibility that you get a notification “File Access Denied”. If that is the case, select Continue. If you follow these steps and delete the help file, 7-Zip functionality won’t be reduced, and your endpoint will be secured. 7-Zip CVE-2022-29072 mitigation from Scappman But there is a much simpler and faster solution to mitigate the 7-Zip vulnerability. We are happy to introduce the 7-Zip CVE-2022-29072 mitigation tool from Scappman! All you need to do is find the application in the Scappman App Store, click on Install, customize the installation settings (if you want to), assign it to all or specific users and … that’s it!
Top 5 Challenges for Managed Service Providers in 2022
It has never been a better time for IT-managed service providers than now. With the increasing adoption of cloud-based services and the need to protect organizations from cyber threats, more and more companies are turning to outsourcing IT tasks and working with MSPs. When working with a new partner, companies are likely to go through many challenges. Here are some of the critical challenges MSPs are facing now: 1. Managing security issues According to the Kaseya survey in 2022, dealing with advanced security threats is one of the biggest challenges for MSPs. Indeed, along with the constantly advancing technologies, hackers are not wasting time. Ransomware, DDoS attacks, and other malware have threatened myriad companies and affected even the most prominent businesses, resulting in huge losses. Around 50% of MSPs reported that a significant part of their clients fell victim to a cyberattack within the last 12 months. Thus, it doesn’t matter which industry MSPs are in, and they must stay up to date on the cybersecurity landscape. 2. Cloud migrations Due to the COVID-19 pandemic, remote work and cloud adoption are at their peak. For this reason, many businesses are turning to MSPs for help with cloud migrations. With the rapidly growing number of security vulnerabilities, demand for help with cloud migration is increasing steeply, as the Cloud is seen as an effective way to boost data security and improve collaboration. Now the exploding vulnerabilities of the remote workforce demonstrate that demand for help with cloud migration is increasing steeply, as the Cloud is viewed as an effective way to boost data security and improve collaboration and business resiliency during the pandemic. According to Microsoft, providing cloud migration solutions, being a Cloud MSP is the key to success: “Cloud MSPs differentiate themselves by building a practice around dev-ops, automation, and cloud-native application design. They use the best existing cloud features while designing new solutions in order to meet their customers’ unique business demands”. But selling cloud solutions requires an entirely new approach, so extra training and specialization for sales and marketing teams are required, which can be costly and time-consuming. 3. Finding reliable partners To achieve MSP’s growth goals, they must find reliable partners to help them with the resources, solutions, and tools. These solutions could apply to network management, endpoint management, invoicing, customer support, marketing, etc. Scappman has a Partnership program for resellers and MSPs that brings application management to a NEW level. Read more about Scappman Partnership Program here. 4. Automation tools To stand out as an MSP, you should automate as many processes as possible. Automation makes life easier for MSPs, increasing their productivity and reducing operating costs to focus on other important things like customer support. Using automation tools allows MSPs to: • Reduce the time IT consultants spend handling routine, repetitive tasks • Free up techs for revenue-generating activities • Reduce the costs for service delivery Thus, choosing the right automation solution is vital for MSPs businesses, as it can directly impact the company’s results. Scappman is a 100%-cloud solution that automatically installs all the necessary updates for your clients’ applications. You don’t have to worry about client updates; Scappman will take care of them so that you can focus on other things. For MSPs, we created unique functionality like multi-tenancy and white labelling. 5. Customer retention In an increasingly competitive managed services market, retaining clients is just as important as finding new ones. It is getting more complex every day as new MSPs emerge and challenge existing MSPs with lower prices for the same service bundles. What is the tip in this case? Provide additional value to your customers: address their concerns and establish trust through transparent, constant communication.
What is Patch Management Policy
Referring to a system for controlling threats inside your environment with a well-documented patching program, A Patch Management Policy implies a step-by-step approach. It looks like we can only talk about patching and updating applications at SCAPPMAN; well, it has a bit of truth in that because that’s our core business. But we also love to talk about how we can help companies tighten their security and make sure they are ready for a zero-day exploit. That’s why it’s so important to not only make sure your employees are up to speed with the latest tricks by ransomware hackers, etc. But also have a policy in place that makes sure that all of your hardware keeps safe from software code that can be flawed. You can see that 66% of all the attacks are coming from gaps in the software code. With the new software components from Microsoft Intune, it’s relatively easy to create a Patch Management Policy. Now let us show you what’s important. Make an inventory of hardware devices, including BYODs. Make an inventory of company software. Do a complete company survey on which programs are being used outside of the approved company software, think about WeTransfer, Image resizer software, etc. Make sure a team is responsible for carrying out this policy. Suppose you don’t have Patch Management Software in place like SCAPPMAN. Make sure you have a team that monitors and keeps a lookout for zero-day exploits or other exploits. Have a process of patching and updating software in your company. A crucial aspect of this is testing, a test environment where you can safely test if the patches and updates are working. Have a monthly recurring schedule on when you’ll patch and update the software. A patching schedule would be ideal. Have documentation of what has been patched and updated. Also, documentation on how many devices and how many BYODs are up-to-date. You see that creating this kind of safe heaven or trustworthy system is not easy. You’ll need to take many steps with many people to ensure that everything is up and running and secure. You see that many tasks can be automated. That’s where SCAPPMAN comes in. We automate patch management, and together with partners such as managed service providers, you’ll reduce the number of steps significantly to create this kind of Patch Management Policy. Connect your Microsoft Intune account with SCAPPMAN SCAPPMAN takes care of the inventory of hardware & software. Configure SCAPPMAN and create a patch management policy with your MSP or SCAPPMAN. Let SCAPPMAN patch and update your inventory automatically. Automation and digitalisation will be critical.
5 Reasons Why You Should Switch to Microsoft Intune
Intune is a cloud-based mobile device management and mobile application management service from Microsoft. The majority of companies are using SCCM for managing their mobile devices, but everything is changing. Based on Microsoft data, the percentage of the Windows devices managed by Intune is constantly growing. And by the end of 2022, Microsoft is forecasting that 50 per cent of Windows 10 devices will be managed from the Cloud. So, if you’re thinking to migrate to Intune, this blog is useful because we’re going to cover 5 main reasons why you should switch to Microsoft Intune. 1. Intune supports all OSs Despite Intune is a Microsoft product, you aren’t restricted only to Windows OS. Unlike Config Mgr, Intune supports all operating systems, including macOS, iOS, Android and… Linux! Microsoft promised to add Linux support to Intune in 2022. They plan to start with Ubuntu and to provide support for CentOS, Fedora and Redhat. Linux support means that now all endpoints can be controlled and managed in one cloud-based MDM system and enables organizations to apply policies and device configurations in the same way for all supported platforms. 2. The best security management With Microsoft Intune, you can implement full control over all endpoints in your company. The more control you have, the easier it is to secure them. With Intune, you can set up device a compliance policy that will automatically block devices that don’t meet your organization’s security requirements. You can also create app protection policies that offer an extra layer of protection, securing access on personal devices, and isolating company data from personal data. 3. Everything is on the Cloud As Intune is a cloud-based MDM and MAM solution, you don’t have to set up and maintain on-premises servers. Everything can be done from the Cloud! 4. Improved IT experience Microsoft Intune does a lot to make the life of your IT department much easier. For example, because of the flexibility of application installation settings you can assign it to users/groups that need this application – no need to deal with one individual endpoint at a time. With Intune, you can also track licensing, and collect information about hardware configurations as well as software installations. Migration to Intune will allow your IT department to work with greater efficiency. 5. Automated application management with Scappman Even though it is easy to manage applications in Intune, keeping applications across all enrolled devices up to date is a difficult and time-consuming task because you must track all applications for available updates, test the update, if there are no bugs, package it, upload the app to Intune and deploy it to selected users or groups. Read more about how to manage applications in Intune in our blog here. With Scappman you will forget about packaging! Scappman is a 100% cloud solution that automatically installs all the necessary updates for your applications. Scappman automates the entire process of uploading the application and updating it in the Microsoft Intune environment. There are more than 500 third-party applications in Scappman App Store, that are always up to date and secure to use. Want to migrate to Microsoft Intune? This blog series about how to get started with Intune may be useful.
Microsoft releases a New Defender Vulnerability Management tool
Vulnerability management is an important part of any organization’s cybersecurity strategy. It helps to identify, assess, and mitigate risks associated with vulnerabilities in software and hardware. Microsoft has a comprehensive vulnerability management solution that helps companies protect against a variety of threats. Threat & Vulnerability Management (TVM) is a built-in capability in Microsoft Defender that follows a risk-based approach to discover, prioritize, and remediate endpoint vulnerabilities and misconfigurations. Microsoft has been working on improving their vulnerability management system for years now and recently they released a new Vulnerability management solution for a public review. Microsoft Defender Vulnerability Management: overview Microsoft has announced a public review of Microsoft Defender Vulnerability Management service, a single solution that offers the full set of Microsoft’s vulnerability management capabilities to help companies mitigate vulnerabilities more easily. The core version of Vulnerability Management tools was released in 2019 as Threat and Vulnerability Management – a built-in capability in Microsoft Defender Advanced Threat Protection. Since then, Microsoft has been constantly working on the tool to provide even better experience in monitoring, managing and mitigating vulnerabilities. Read more about Microsoft TVM and its functionality in our blog Detecting vulnerable applications with Microsoft Threat and Vulnerability Management. Besides all the existing threat & vulnerability management functionality currently available, a new service will provide asset inventories, smart assessment, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Defender Vulnerability Management service will also include more advanced capabilities: Microsoft Defender Vulnerability Management will be available in public preview as a standalone and as an add-on for Microsoft Defender for Endpoint Plan 2 customers. Companies wanting to try the public previews of Microsoft Defender Vulnerability Management -both as a “standalone” service and as an add-on to Microsoft Defender for Endpoint Plan 2 – must request the free 120-day public preview here. Security baseline assessment With the new release, you will be able to continuously monitor the security posture of your endpoints and measure and compare risk compliance with industry benchmarks – CIS and STIG in real-time. Additional benchmarks will be available soon. To use this functionality, you must create a Baseline profile. Go to Vulnerability management > Baselines assessment. Select the Profiles tab at the top, then select the Create profile button. Enter a name and description for your security baselines profile and select Next. On the Baseline profile scope page set the profile settings such as software, base benchmark (CIS or STIG), and the compliance level and select Next. Finally, select the configurations you want to include in the profile. Browser extension inventory From now on you can monitor web browser extensions installed on your endpoints. Defender Vulnerability Management provides detailed information on the risk level of the installed browser extensions, so you can make informed decisions on managing extensions in the organization’s environment. Digital certificate inventory Digital certificates help provide privacy, security, and authentication to transfer data within your network and over the Internet. Expired certificates could expose vulnerabilities within your company, disrupt service, or cause downtimes. The certificate inventory makes it easy to manage certificates from one place. You can: To view your certificates, go to Vulnerability management > Software inventory and select the Certificates tab. Network shares analysis Companies use internal network shares to send data and to provide access to files and documents. To prevent attackers from stealing data from your organization Microsoft created new configuration assessments that identify the common weaknesses that expose your endpoints to attack vectors in Windows network shares. The following recommendations will be available as part of the new assessments:
6 Patch Management best practices
Protecting your company’s IT infrastructure against cybersecurity threats is the number one priority. And patch management is an essential element in the cybersecurity strategy. We know that implementing patches for software including third-party applications can be tedious. Indeed, due to time and budget limitations, most IT departments don’t pay much attention to patch management. Knowing that 57% of data breaches could have been prevented by being patched on time, patch management is more critical than ever. With patch management, you ensure that your applications stay up to date and secure to use. So, implementing software patches as they’re released is the best way to keep your company’s software safe from hackers. In this blog, we’ll share 6 patch management best practices. Create a patch management policy Implementing patch management policies helps establish routines, procedures, and timeframes for effective patching. The process of creating the policy can be time-consuming but necessary. In the patch policy, you create, you should include all kinds of updates (critical and non-critical), as well as regular system maintenance. Inventory list of your software A list of all software, operating systems and devices the company uses is a vital piece of your patch management process. If you have a clear overview of all your endpoints and software installed, you know what you have to protect. While Windows can automatically update itself, third-party apps like 7-zip, Adobe and Chrome might not have this ability. This creates multiple attack vectors into your endpoints. Categorize risks Avoid applying patches in a chaotic way. Categorize the detected vulnerabilities according to the risk level and prioritize the deployment of important patches instead. Applying patches to low-level threats first wastes time and threatens your system security. Prioritizing CVEs helps define which systems and applications require immediate patch deployment and which can wait. Pro Tip: Microsoft Threat and Vulnerability Management (TVM) helps organizations with identifying, assessing, and even remediating new vulnerabilities. The add-on tool to Microsoft 365 Defender provides users with insights on all applications (that are supported by Microsoft) installed across all the endpoints in the company, including the application name, OS, vendor, number of associated weaknesses, threats, number of exposed devices and impact. All the detected vulnerabilities are categorized based on the CVSS score. Read more about Microsoft TVM: Detecting vulnerable applications with Microsoft Threat and Vulnerability Management Microsoft releases a New Defender Vulnerability Management tool Monitor patch updates With so many applications installed (and so little time), tracking all software updates is critical. In the case of Microsoft products, it’s easy – on Patch Tuesday the second Tuesday of each month, Microsoft releases large patches for Windows OS, Microsoft Office and other Microsoft software. But for third-party apps – not so much. Some software vendors publish updates and send email notifications to administrators. Pro Tip: Scanning through hundreds or thousands of software patches can be inefficient and time-consuming. Use solutions for automated application patching to save your time. Test patches before deployment Before deploying a patch, it’s important to test it in a testing environment. This allows you to verify that the patch does what it is supposed to do and doesn’t break anything else. It also gives you time to fix any problems that may arise before the patch goes live. Automation Let’s be honest, it’s not possible to do patch management manually. On average, organizations use around 100 applications, and you must monitor and patch all of them. But you have other stuff to do. The solution is pretty – automate everything that can be automated. Automating the patching process reduces the workload for IT admins thus promoting efficiency, productivity, and security of the organization. That’s why Scappman should be a part of your patch management policy. Automatically updating all your applications, you save plenty of time that you can spend on other important tasks. You don’t need to track all the updates available, prioritize and test them. Scappman will do this job for you. To know more about how you can automate third patching, start a free trial or book a call with us.
The True Cost of Patch Management
The connection between return on investment (ROI) and patch management may not be obvious. After all, patch management does not generate revenue for the company. Nevertheless, while this may be true, preventing losses certainly affects the company’s financial results. In other words, patch management helps you save money by reducing IT expenditures in long run. So, how much does patching your software save your company? It depends on a lot of factors: the number of applications you manage, the time required to patch, and how much stuff is involved in patch management, how often patches are released. Every unpatched application can profoundly cost the company- the average cost of a cyber attack is $1.1 million. In this post, we share the main factors, that affect patch management costs, and why you need automated patching solutions. What is patch management? Patch management is the process of managing patches or updates to software and firmware. It’s important because it keeps the software up-to-date and secure, closing known vulnerabilities. Patch management also minimizes disruptions to users by deploying patches in a timely manner. The goal of patch management is to keep systems operational and secure with minimal impact on the user. Patch management is an important part of IT security and should be included in any organization’s overall security strategy. By keeping software up-to-date, organizations can reduce their risk of being attacked by cybercriminals. Why do you need patch management? According to a study conducted by Ponemon Institute for ServiceNow: 60% of cyberattacks are caused because applications are not up to date 62% of the companies were unaware that they were vulnerable prior to the data breach 52% of respondents said their organizations are at a disadvantage in responding to vulnerabilities because they use manual processes. Despite that most IT departments still don’t pay much attention to patch management because they find patching complex and time-consuming. Indeed, patching is an infinite process: IT departments must continually identify and assess vulnerabilities, monitor and test patches, and deploy the patches to their systems. Factors you should consider when calculating patch management costs There is no universal answer to how much patch management costs. However, there are some factors that should be taken into consideration when making calculations: human resources cost (HR), frequency of patching (PF), time (T), scope (S). Mathematically, the formula for patch management costs calculation can be expressed as: Total costs = f (T, HR, S, PF). This model is way far from precise but it can be a starting point for identifying the patch management costs. Time (T) IT departments spend a lot of time on patch management. According to the Ivanty survey results, IT & security professionals spend 53% of their working time each month detecting and prioritizing vulnerabilities and 19% testing patches. Human resources (HR) Hiring certified cybersecurity experts and IT managers is essential in today’s business environment because such professionals manage IT infrastructure in an efficient way, protecting organizations from new security threats. However, as the number of cyberattacks has exponentiated, so has the demand for certified cybersecurity experts, which are few. The recruiting costs are tremendously high. Scope On average, a company uses around 110 applications. It means, that IT specialists must monitor 110 applications for the updates and patch them. Patch frequency Many people think that application updates are released according to some sort of schedule, like Patch Tuesday for Microsoft software. However, it’s not like that in most cases – there is no system. And let’s consider this: for example, Chrome releases a full OS update about every 4 weeks. Minor updates, such as security fixes and software updates, happen every 2–3 weeks. Only for patching Google Chrome, an IT specialist must go through the patch cycle 2-3 times a month. Cybersecurity costs Patch management is a process used to maintain system security by updating software and firmware on the devices. Patch management can be time-consuming, as patches must be evaluated for applicability and installed on systems. Additionally, patch management can result in an increase in system downtime. There are several true costs of patch management: threat response costs, system restoration costs, and downtime costs. Treat response costs Companies frequently choose a patch management strategy as a proactive means of preventing cyberattacks. Your IT department play catch-up with newly detected vulnerabilities: they spend most of their time (which costs a lot as we explained earlier) on detecting new patches, testing them to ensure they don’t break anything, pushing updates to the users etc. Restoration costs These are costs associated with reverting the system to the previous state to recover from the damage and other problems caused by unpatched security bugs. Downtime costs Downtime costs are often the most significant factor, and they can vary significantly depending on the organization’s size, industry, and other factors. A study by IDC found that the average cost of an hour of downtime for a company in the United States is $5,600. For a company with 1,000 employees, that would amount to more than $5 million per year. The cost of downtime can be even higher for industries such as healthcare or financial services. Why do you need automated patching? As we mentioned earlier, there is no exact time and date when vendors release patches, and it’s not possible to track all these updates manually. But leaving your systems unpatched can comprise your company. The only solution here is automated patching tools. Automated patching works by automatically scanning installed applications for new updates available. Updates and patches can then be set for automatic deployment, based on rules you establish. So, what does the best automated third-party patch management solution look like? Meet Scappman! Automated third-party patch management with Scappman Scappman is a 100%-cloud solution that automatically installs all the necessary updates for your applications. Scappman automates the whole process of uploading the application and updating it in Microsoft Intune environment. There are more than 500 third-party applications in Scappman App Store, that are always up to date and secure to
