4 Top Patch Management Questions Answered
Our sales team receives handfuls of patching questions so often, we almost brought in the bots to answer. But because the questions below require more explanation, I grabbed a few minutes with Ivanti’s patch management resident expert, Chris Goettl, for answers to questions concerning patching in the cloud, standalone patching, validating patches, and patching remote endpoints.
1. Can I patch in the cloud?
Yes. This often comes up when companies are working in different types of environments between on-premise and cloud environments. If you’re on network, you probably also have remote users, especially right now. Those newly remote users may run through workloads in public as well as private environments. The good news: Ivanti’s products work in all scenarios, including Azure, AWS, or other private-cloud environments.
Whether you patch in the cloud or on-prem, remember to reduce the time it takes to patch. With 14 days being the average patch-to-exploit ratio, the longer it takes to patch, the more vulnerable you are. Chris has more explanation on the importance of early intervention detailed here.
Full Video (75 seconds): Can I Patch in the Cloud?
2. Does Ivanti have a standalone patching solution or does the customer need Microsoft SCCM or WSUS configured?
In this case, Ivanti has options for both.
Option 1: In cases where customers are running WSUS or Microsoft SCCM, we can provide our entire third-party catalog plug-in or you can publish directly into Microsoft SCCM and manage the third-party updates alongside Microsoft updates.
Option 2: As an alternative, we have standalone patch management solutions. Our robust Endpoint Manager is a full systems management solution that displaces Microsoft SCCM and manages everything from configuration to provisioning to patching. Or, we have a security controls product, a standalone Patch Management solution, which covers the Windows operating system, third-party patching, and additional platforms like Red Hat and other Linux flavors.
Did you know that on average, half of your actively exploited vulnerabilities each year are from third parties? Check out Ivanti if you need help with those third-party updates.
Full Video (93 seconds): Stand Alone Patching Solutions
3. How do we validate patches from our vendors?
Ivanti has an amazing team of engineers—called the Content team—that monitors, tests, and validates patches. This team researches new vendors and expands our catalog regularly. They locate where vendors store their patches, download them, break them down, and figure out how to do detection and deployment switches. Our content team also does in-house testing, so systems accept patches smoothly and applications launch correctly post-patching.
The Content team is so critical, they were part of our disaster planning process. Before so many of us became remote workers, Ivanti conducted a successful stabilization exercise that added an additional layer of scrutiny around the Content team’s turnaround times. This ensured the same level of performance was maintained on- and off-network.
Full Video (80 seconds): How We Validate Patches
4. Do we patch remote endpoints?
We have a hybrid model supporting on network and off-network systems. Our Endpoint Manager platform, a full endpoint management and security suite, manages remote patching through the Cloud Services Appliance (CSA) gateway. For those looking for a stand-alone patch solution or patching in the data center, we offer our security controls product that uses a cloud micro service. In both models, networks run seamlessly without relying on VPN, one of the biggest bottlenecks we are facing right now.
In terms of remote endpoints, Gartner forecasts that by 2025 (in five years), it’s estimated that as many as 41.6 billion connected devices at the edge will generate 79.4 zettabytes (ZB) of data. Remember your remotest of remote endpoints need patching, too!
Full Video (110 seconds): Patch Remote Endpoints
If you’d like to view these patch-management videos together in one place for future reference, here’s the collection. If you have other questions on how to get started with patch management, please contact us at [email protected] or join us on the next Patch Tuesday webinar.