One of the first steps to securing an IT environment, is implementing a successful strategy for managing updates. An update or patch can introduce enhancements or, more important, fix bugs or security flaws. These days, it is the common practice in the industry, to implement tools and processes for managing Microsoft updates in most organizations. The need to keep up with Microsoft release cycles and the famous “Patch Tuesdays” is well understood and adhered to by many.
Malicious actors have also noticed that organizations are improving their security stance by patching Microsoft products. Now, they are looking for alternative grounds to exploit vulnerabilities. In the past years, third-party applications have become the primary attack vector for new malware, and organizations are struggling to provide security updates for these applications within acceptable timeframes.
Most organizations use a wide variety of software from different vendors on their endpoints. These applications may also have bugs and security flaws which need to be addressed properly before they are exploited. For example, browsers like Safari, Firefox and Chrome are often used in IT environments but they are always high up in the rankings when it comes to the amount of severe vulnerabilities.
As a security company, we notice that many organizations have not installed a process, nor do they have the tools to manage their third party applications. This means that in practice, they don’t patch them on a regular basis.
We recommend putting in place a process that allows regular updates of third party updates, much like Microsoft’s phased approach. This helps with making your organization capable to cope with zero-day exploits. The three-phased approach (test-accept-production) in combination with an emergency release process is therefore common practice.
Automation and integration are key
Applications and their updates are released in many different forms and flavors. When introducing new applications in an environment, it is common that they are repackaged to include specific settings or customizations. Not only is this resource intensive, it also implies that future updates for the application will require a similar packaging effort.
To diminish the operational burden and to reduce the time it takes to respond to vulnerabilities we recommend picking a vendor and tool that automates the intake process for common applications. Even better if you can integrate it with existing solutions like Microsoft Endpoint Manager. Organizations with a modern endpoint management approach are almost required to integrate it with Microsoft Intune. For organizations who have a classic or hybrid setup, an integration with MEM Configuration Manager is key.
The image below is an example of a third party patch management solution that is capable of publishing new applications and application updates in Microsoft Intune. The solution runs in the background at a scheduled interval and publishes objects into the MEM admin center web console.
Follow-up and reporting
The final step is detailed reporting and dashboarding. Dashboards – for example in Power BI – are necessary to track status and progress of the deployment waves in one glance. Dashboards are also useful for creating visuals for management. Complementary reports are desired to provide further details and to deep dive into any potential issues that may occur during a deployment.
In this blog post, we shortly explained why third party application patching is essential and how we approach this topic at SecWise. Are you looking to implement a similar framework or do you need help with getting started? Do not hesitate to reach out without any obligation.