I was recently reading a security study that said that 25% of applications are unpatched for an entire year! As you approach the summer remember that you need to patch not only the operating system but also all your applications.
Many of our biggest threats are application based:
- Adobe Flash
- Oracle Java
- Adobe Reader (PDFs)
But there are literally hundreds of security patches for various applications.
You are only as strong as your weakest link.
If you are not actively patching applications, you need to fix this ASAP. Here are a couple of ways to achieve the work that must be done:
- Microsoft Configuration Manager (aka SCCM)
- You can create deployment packages to push out applications or update packages.
- You can also now add third-party application patching to SCCM (both free and subscription). The subscriptions can automatically patch applications in the same way we can automatically patch Windows.
- Microsoft WSUS (free)
- You can overlay the same third-party application subscriptions can be used with stand-alone WSUS.
- Microsoft InTune. This subscription-based MDM service can push applications out to devices on your network or on the internet.
- Ninite (Free and Subscription). This is an excellent utility for streamlining application patching. The free version allows you to mass select all the applications you want to patch. Then it gives you a single EXE download that you can run against all the workstations to patch all those applications. The subscription version has a management console that identifies what patches are requires and lets you deploy them with a few clicks. It also can be scripted to run in SCCM or other similar tools.
- Other third-party patching tools. There are many fine third-party patching tools out there such as KACE, Altiris, and PDQ Deploy.
Doing nothing is no longer an option.
When I was at the Microsoft Education Summit in NYC a few weeks ago, Microsoft stated that having an active client management strategy is now a Comptroller's technology audit question.
My email is flooded on a daily basis with FBI, US CERT and the NYS Police Cyber folks issuing warning after warning and often describing actual application-based attacks.
If you have been remiss in making this a priority in your operation, let's talk about how to fix this and get you into a better, safer place. If you have the tools, but aren't using them, let's talk about how to get this back on track.
Also, remember that we need to employ layers of security. Deploying CSI's Managed Firewall offering, CyberSentinel Managed Endpoint Detect & Respond (CSEDR) and our new CSEDR Plus offerings provide an excellent multi-pronged approach to identify and protect against threats regardless of their origin.
If you need help implementing any of this, please give us a call.