Automating Patch Workflow

Automating Patch Workflow

Not all desktops or servers are created equal. Some contain general information, some important information, and others hold classi ed or vital information. How can large organizations set up nodes to be updated according to the importance of information on them. How can they minimize as much as possible risking con dential, secret information . At the same time, how can organizations that deal with highly sensitive … secret information reduce the chance of exposing that information?

Defense agencies that we work with solved automating security updates, while deploying those updates in a logical business fashion:

  • After updates are available, they are automatically downloaded to their test area, and deployed.
    They run for six days.
  • The updates are then deployed to the least secure nodes, using the same procedure.
    They run for six days.
  • Important nodes are next on the procedure, and are run for six days., etc

This cautious yet automated approach insures the most sensitive systems get the most protection without having to be exposed for an unreasonable length of time.
Gartner tell us, and most other industry experts confirm: 90% of all successful attacks are DIRECTLY caused by security updates and con gurations available; but not installed.

Challenge:

Government DoD agencies managing over 100,000 nodes across the world and spread among different departments needs to apply security updates released on Patch Tuesdays for multiples software vendors.

      • Different departments /organizations use different applications
      • Verify there are no side effects to applications caused by updates
      • Certain systems in each department are more critical, and sensitive than others.

Solution :

Use McAfee ePO tags to identify systems for deployment phases

– Pilot: Tag to identify the least risk systems in departments
– Standard: Tag to identify average risk systems
– High Risk: Tagto identify mission critical systems

Use Patch Manager install server task to automate deployment work ow

  • One download server task to download security updates on Patch Tuesday
  • One install server task to deploy updates to Pilot on second Saturday
  • One install server task to deploy updates to standard on third Saturday
  • One install server task to deploy updates to high risk on fourth Saturday

Zero Day Patches

Zero Day Patches

Record year for Microsoft and key third party software vendors.
2015 was a bumper crop year for the likes of Microsoft, Adobe, and Java. Microsoft, alone, eclipsed their previous annual patch record in just ten months.
Zero Day patches set new records as well in the industry, in fact October, 2015 was the rst month that Patch Tuesday, didn’t have any Zero Days!

FACTS:

  • 90% of all successful attacks occurred against previously known vulnerabilities where a patch or se- cure con guration standard was already available but not known. – Gartner Group
  • 41% of all companies that fail security audits are not properly patched
  • DoD agencies rate patching and third party patching #2 and#3 in the top four strategies to mitigate targeted Cyber Intrusions

Challenge:

Microsoft, Adobe, Java and other software vendors release some out of cycle security updates to mitigate recently discovered vulnerabilities.
Many other Zero Day updates are released on Patch Tuesdays. Zero Day Updates are critical for system administrators to deploy throughout the network as soon as possible.

Solution:

Use Patch Manager, from the ePO dashboard to identify the announced security advisory.
Then use Patch Manager integration with McAfee Active Response and DXL to query and deploy the security updates.

NAT’D Managed Nodes

NAT’D Managed Nodes

Protecting end points when companies are trying to reduce the number of public IP address through Network Address Translation

CHALLENGE:

Since the 1990’s NAT has been increasingly used in large organizations as an essential tool in conserving global address space allocations in face of IPv4 address exhaustion.
The challenge is the connection to the host server are initiated from the end point causing problems for platforms that only push updates.
Most security platforms push AV, Application, and Security updates from the server.
The challenge is insure the necessary updates are deployed in a timely fashion without burdening the IT sta .

Solution:

Autonomic Software’s Patch Manager for McAfee ePO has the capability to schedule NAT’d systems to pull updates from the Patch Server. The created client task “pulls” updates from the server at the scheduled times without adding additional work load to the IT sta . The Nat’d environments remain secure….. their security keeps the other nodes secure.

Custom Applications – Updates

Custom Applications / Updates

FACT:

While third party applications account for 1/3 of all software on business computers; they account for over 2/3 of new security updates. Custom applications also pose a security risk and must be updated like any other software application as updates are released.

CHALLENGE:

A company in the healthcare industry needs to deploy and install a custom medical application throughout the enterprise.
Once the deployment was completed the customer needed to deploy updates to custom software as they become available.

High Security Environment

High Security Environment  – Air Gap Applications

Challenge:

Energy and utility companies have control systems sequestered within an “Air Gap” environment. Manually patching is not feasible due to the frequency and number of security patches.
Additionally, information or connection to the outside world can not occur.

How can clients keep the secure environment updated?

Solution:

We drastically reduce the time required to update the secure environment by eliminating the need to create a download list to download the updates manually.
The only thing required of the security administrator is to copy files.
There is no need to write scripts, or manually copy files, eliminating human error.

Updated Features of Patch Manager for McAfee ePO 3.0 (Open Webinar)

Updated Features of Patch Manager for McAfee ePO 3.0

May 26, 2016, 11:30 am and 1:00 pm (PST)

Oregon K-12 – The Best Security in the World for FREE

Oregon K-12 – The Best Security in the World for FREE

May 25, 2016, 9:00 am (PST)

Updated Features of Patch Manager for McAfee ePO 3.0 (Open Webinar)

Updated Features of Patch Manager for McAfee ePO 3.0

May 24, 2016, 9:30 and 10:30 am (PST)