In this session, industry expert and Penton Tech contributing editor Orin Thomas, offers all the advice you need to create a comprehensive and proactive strategy for implementing patches and updates.
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Effective Patch and Software Update Management
1. Effective Patch and Software
Update Management
Orin Thomas
@orinthomas
orin@windowsitpro.com
2. In This Session …
• Not just Windows update
• How organizations fail at update management
• Why organizations fail at update management
• Too many updates
• Test or just deploy?
• Tiered rollout
• Update rollback
• Verifying deployment
• Ultimate aims
3. There is no single correct way of managing
software updates
4. There are many ways of
incorrectly, badly, & terribly
managing software updates
5. Exploits are often present
either at the time of an update’s release or
within a few days of the update’s release
6. Not Just Windows Update
• Fabric updates
– Hardware updates (BIOS/Firmware)
– Networking equipment
– Storage equipment
• Big vendor updates
7. How Organizations Fail at Patch Management
• Patches and updates applied in a
haphazard manner
• Patches and updates applied in a delayed
manner
• Patches and updates applied only after an
event like WannaCry occurs
• Patches and updates not applied at all
8. Why Organizations Fail at Patch Management
• Resource problems
– No time allocated to test
– No test environment
• Fear of incompatibility
• Too many updates
• Laziness
– See no need to invest in patch management
– Often running older versions of software because it works
9. Too Many Updates
• New software processes mean that
applications and software are updated
frequently
– Example: Apt-get will almost always have some
packages
• Organizations don’t have resources
10. Should You Test or Just Roll Out?
• Ensure you have a near bulletproof roll back
plan
• Rapid deployment of patches & roll back if
issues occur in production
• Minimizes risk of vulnerability
• Increases risk of incompatibility
11. Loss of Control to Vendors
• Vendors reducing information about
contents of patches
– Update rollups
– Microsoft’s new cumulative update strategy
• Fabric-tear in the cloud when cloud provider
updates PaaS and application no longer
works correctly
12. Tiered Rollout
• Test workloads
– Must be representative of production workload
– Must be tested in manner similar to production
workload
– Challenging for fabric updates
• Canary users
– Ones that are likely to raise problems rather than
go along with them
13. Patch and Update Rollback
• Even with test workload group, you won’t
catch everything
• Be able to quickly roll back an update
deployment that causes problems
14. Verifying Rollout
• If update deployment fails, will you know?
• How do you ensure newly deployed
workloads are fully updated?
15. Ultimate Aims
• Awareness of patch and update releases
from vendors
• Patches and updates applied soon after
release
• Ability to verify that patches and updates
have been successfully applied
• Ability to roll back, should problems occur
16. Summary …
• Not just Windows Update
• How organizations fail at update management
• Why organizations fail at update management
• Too many updates
• Test or just deploy?
• Tiered rollout
• Update rollback
• Verifying deployment
• Ultimate aims
18. Confidential18
More endpoints = higher security risk
How will you maintain tight
security across devices,
platforms, use cases, and
enablement strategies?
The security threats are
chilling.
323K
new malicious mobile
programs recently
activated
235M
malicious attacks from online
sources around the world
80K
malware variants
created every day
19. Confidential19
Higher risk = greater business impact
How will you minimize
the economic cost and potential
damage to your company’s
reputation?
The business impact can
be catastrophic.
50Kfrom just one lost unencrypted USB
thumb drive
medical providers
whose data is at risk$222the average cost per
compromised record
3.8Mthe average cost
of one data breach
20. Confidential20
If you’re overwhelmed, you’re not alone
Most IT organizations
are struggling with
these challenges.
The management
challenges are daunting.
97%
of IT organizations report concerns about
managing endpoint growth
61%
say they already have unknown
devices and applications on their
networks
21. Confidential21
Endpoint systems management lifecycle
• Image capture
• Zero touch OS
deployment
• Multicasting
• User state migration
• Remote site support
• Service desk
• User portal & self service
• Monitoring & alerting
• Remote control
• Mobile access
• Patch management
• Configuration
management
• Policy enforcement
• Vulnerability scanning
• Discovery & inventory
• Asset management
• Software distribution
• Reporting & compliance
22. Confidential22
• Reduce infrastructure costs
• Expedite time to value
• Automate asset inventory and
patching
• Save time on asset discovery
and inventory using
consolidated reporting
• Improve control, security,
response time and user
productivity
• Cut downtime and risk
• Ensure license compliance
• Perform application updates in
minutes
• Upgrade suites in days, not
weeks
Optimize
application
experience
Modernize
infrastructure
for the cloud
Automate
complex
processes
Enable a
data-driven
business
• Reduce IT time and resources
for system provisioning,
deployments, patching and
service request responses
KACE can help
23. Confidential23
Optimize
application
experience
Modernize
infrastructure
for the cloud
Automate
complex
processes
Enable a
data-driven
business
Customer validation
• 68% of surveyed IT organizations
have more accurate hardware and
software inventory to better inform
purchasing and maximize use of
existing assets as a result of
purchasing KACE K1000.
• 50% of surveyed IT organizations
have simplified application
distribution and maintenance to
ensure applications are up to date
and secure as a result of
purchasing KACE.
• 53% of IT organizations chose the
KACE Systems Management
Deployment Appliance because
they were overwhelmed by the
amount of manual chores to simply
keep operating systems up to date
and running.
• 70% of customers implemented
KACE in less than 2 weeks.
24. More than 10,000 global organizations
use KACE Appliances today
“I can now focus on key
strategic initiatives such as
gateway security, PCI
compliance, and MDM.”
— Eugene Prystupa, System
Administrator, Builders Warehouse
“The K2000 is hands down the
easiest tool to use for imaging
diverse platforms without
having to re-invent the wheel..”
— Ruiz Adam, Systems Administrator,
ICU Medical, Inc.
“With K1000’s automation, it
has time and time again saved
us man hours. IT headaches for
installing and updating
software are no longer.”
— Darrell Fauvel, IT Administrator, Texas
Tech University Health Sciences Center
“We have cut our security
patching time in half. KACE has
truly made our enterprise much
more easy to manage and
secure.”
— Peter Hardy, IT Administrator, PNY
Technologies
25. Confidential25
The KACE Difference
Fast Implementation Simplified Comprehensive
• From initial deployment to
ongoing maintenance,
management and support to
retirement
• Support for Windows, Mac,
Chromebook, Linux, UNIX
• For computers, servers,
mobile devices and
connected non-computing
devices
• Comprehensive, integrated
all-in-one solution
• Familiar tabbed user
interface, one click
upgrades
• Online web-based training
• Physical or virtual appliance
– requires no additional
hardware or software
• No need for extensive
professional services
• Fully operational in weeks,
not months or years
26. Confidential26
Endpoint security to protect data & enable productive users
Protect Windows and Mac platforms as well as vulnerable third-party
applications by keeping patches up to date.
Detect vulnerabilities in your environment and identify systems that aren’t
compliant using security audits.
Streamline configuration and security policy enforcement processes, such as
firewall, browser and registry settings by system, group, or network-wide.
Patch
Management
Vulnerability
Scanning
Configuration
Management
28. Confidential28
Streamline patch management across the environment
Reduce TCO
Through effective
automation of
operational tasks.
Elevate security
And compliance
through automatic
policy enforcement.
Provide visibility
And greater control
over your network’s
endpoints.
Better security with KACE
Patch rollback
Easily roll back
patches that are
adversely affecting
your systems.
Better user
experience
Prompt users for patched
and allow them to snooze.
Alerts & reports
Find out what
happens with your
updates and easily
report on status.
29. Watch this on demand webcast
here: http://ow.ly/c3zW30eLuOR