At the heart of any sound IT security strategy should be an effective Microsoft and third-party patch management process - a housekeeping necessity to close known vulnerabilities and fix existing software problems to keep your systems safe against malware and avoid exploitation by hackers. However, despite this repeated truth, many organisations still fail to keep their data, network, and infrastructure safely patched and secure 24x7.
Microsoft & third-party patch management - The sum of two parts.
Essentially, we can discuss patch management in two parts:
Microsoft patching and ‘non-Microsoft’ or third-party patch management.
Most organisations use Microsoft tools to deploy patches to their Windows environments, and we’ve become accustomed to the routine and regularity of ‘Patch Tuesdays’. However, choosing between the Dow Server Update Service) and Windows SCCM (System Centre Configuration Manager).
The bot cannot be very clear to video all the functionality for Microsoft, but a key limitation is its inability to patch non-Microsoft applications. This leaves a very big hole in the third-party application update area, one that is extremely dangerous if left unpatched.
Let’s First Take a Look at the Broad Differences Between WSUS and SCCM
The biggest difference is that WSUS is free and SCCM isn’t.
WSUS: A Basic Offering
WSUS does not require its server, eliminating the need for server connections to download and distribute patches and hotfixes to computers in a corporate environment. WSUS connects directly to Microsoft’s update catalogue and has some configuration functionality, but limited reporting details on patch deployment.
Geared towards smaller organisations, WSUS is a wonderful solution in which manual patching is reasonable and there is no need for a highly granular deployment scheduler for updates.
SCCM: True End-To-End Lifecycle Patch Management
SCCM is a centralised application with an extensive reporting architecture to understand vulnerabilities and prevent malicious OS attacks. It works well with BYOD situations by providing data on users who have not updated their OS and have RDP (remote desktop protocol) capability that enables login to any machine in your environment.
Ultimately, a superior suite of solutions that provides greater flexibility and control as part of a robust, agile patch management automation system is crucial to any business with more than a few servers, desktops and other endpoints.
Which is right for your business?
Sure, SCCM comes at a price because it provides an entire suite of integrated solutions and flexibility to your patch management regime. It also requires a substantial SQL server (WSUS does not), which adds to the costs. Base your decision on your business’s size, complexity and current needs.
Regardless of what you choose, the importance of Windows patching at the operating system level is generally well understood and expected.
So, that’s Windows patching in a nutshell.
What About the Fact That 65% of Software Vulnerabilities Are From Non-Microsoft Applications?
65% of the vulnerabilities were from non-Microsoft applications, even though they only represent 33 % of the apps in a Windows system.
(Source: Flexera Vulnerability Report 2018)
The most commonly used applications are hackers’ best targets. According to Flexera’s Vulnerability Review—Top Desktop Apps 2018, Adobe Flash Player, Google Chrome, Mozilla Firefox and Oracle Java JRE—to mention a few—are ripe with vulnerabilities.
These programs are installed and will continue to run indefinitely on your OS’s. However, managing third-party software applications independently and manually creates excess work that often doesn’t get done, leaving cracks in your IT environment for hackers to exploit. If left unpatched, you’ve likely got a pretty sizeable security problem, which could cause considerable risk and disruption in your organisation.
There’s Good News - You Can Take Back Control.
A solution that takes a holistic and integrated approach to patch management can thwart the majority of vulnerabilities.
The answer lies in unified management across all work streams, comprehensive visibility of multiple interfaces, and scalable automation that provides IT professionals with critical control via profiles and policies.
3rd-Party Patch Management From Flexera SVM
One such ‘best-in-class’ solution is Flexera’s Software Vulnerability Management (SVM) Platform - previously called CSI (Corporate Software Inspector) from Secunia Research.
Flexera’s SVM maps your entire software inventory and correlates this to Secunia Research’s vulnerability intelligence covering 20,000+ programs (more than anyone else) from thousands of software applications across Windows, macOS and Linux systems.
Seamlessly integrating with WSUS and SCCM to track, prioritise and patch ALL vulnerabilities across Microsoft and non-Microsoft applications – keeping hackers out and you in control.