“Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year” – Earl Perkings at the 2016 Gartner Security & Risk Summit.
According to industry analysts, a vast majority of security attacks against computer systems are performed exploiting software vulnerabilities. What is worrying is that most of the attacks exploit known vulnerabilities that already have a patch available. One might ask: why aren’t the vulnerabilities getting patched in a timely fashion?
Many popular software vendors release updates for their software regularly, but not all of them provide a mechanism for distributing or installing the updates automatically.
Even if they would do so, many end-users don’t always install the updates when prompted, because they don’t understand the benefits or they are afraid that updating would take too long or slow down their computer.
Reasons for giving gray hairs to security administrators:
- Unawareness of patches or patching status
- No tools for deploying or enforcing patches
- End-users don’t know the benefits of updates
- Updating may interfere or disturb end-users
Miradore Management Suite takes a holistic approach to security patch management. It provides a single source of patches by centralizing the management of updates from 40 different software vendors to a single console, covering more than 160 different software products. For more information about the products, please refer to: https://www.miradore.com/download/brochures/Supported_applications.pdf
Reporting on patching status
Miradore Management Suite automatically scans selected devices at regular intervals and then reports:
- The number of devices where the security patch scan has not been conducted within a given time span
- The number of devices which are lacking a patch or patches assigned by administrators
- The number of installed security patches waiting for a computer restart
Picture: Indicators reporting the patching status
Automatic rules for patch deployment
Miradore Management Suite scans computers automatically, but it doesn’t install any updates without the administrator’s approval. Instead, the security admins see a list of applicable patches, and they can approve their installation either manually, or using automatic patch rules for the patch deployment. With the deployment rules, the admins can automate the deployment of patches by patch name, product, vendor or category (critical, recommended) to device groups.
Installation automation and scheduling
End-user intervention is not required for the installations when they are managed with Miradore. The installations are performed as a background process by the Miradore client.
In addition, with highly customizable maintenance windows, administrators can configure when and how often patch installations are allowed to take place at the managed computers. Hereby, installations can be scheduled to happen outside business hours, which minimizes the disturbance to end-users.
Picture: Maintenance window defines when the patching is allowed to take place
The administrators can also configure reboot behavior, which defines what happens if a reboot is required to complete the patch installation. One option is to show a reboot required dialog box to the end-user with a custom message, which explains why the reboot is requested. This provides an excellent opportunity to explain the importance of the updates to the user.