Automating Patch Workflow
Not all desktops or servers are created equal. Some contain general information, some important information, and others hold classi ed or vital information. How can large organizations set up nodes to be updated according to the importance of information on them. How can they minimize as much as possible risking con dential, secret information . At the same time, how can organizations that deal with highly sensitive … secret information reduce the chance of exposing that information?
Defense agencies that we work with solved automating security updates, while deploying those updates in a logical business fashion:
- After updates are available, they are automatically downloaded to their test area, and deployed.
They run for six days.
- The updates are then deployed to the least secure nodes, using the same procedure.
They run for six days.
- Important nodes are next on the procedure, and are run for six days., etc
This cautious yet automated approach insures the most sensitive systems get the most protection without having to be exposed for an unreasonable length of time.
Gartner tell us, and most other industry experts confirm: 90% of all successful attacks are DIRECTLY caused by security updates and con gurations available; but not installed.
Government DoD agencies managing over 100,000 nodes across the world and spread among different departments needs to apply security updates released on Patch Tuesdays for multiples software vendors.
- Different departments /organizations use different applications
- Verify there are no side effects to applications caused by updates
- Certain systems in each department are more critical, and sensitive than others.
Use McAfee ePO tags to identify systems for deployment phases
– Pilot: Tag to identify the least risk systems in departments
– Standard: Tag to identify average risk systems
– High Risk: Tagto identify mission critical systems
Use Patch Manager install server task to automate deployment work ow
- One download server task to download security updates on Patch Tuesday
- One install server task to deploy updates to Pilot on second Saturday
- One install server task to deploy updates to standard on third Saturday
- One install server task to deploy updates to high risk on fourth Saturday