by John Nielsen, Fiberlink

In the last two posts we looked at statistics about patch management processes and four patch management capabilities that are missing from most patch management systems. In this post I want to look at how MaaS360 provides four capabilities that overcome these shortcomings.

1. Detailed Patch Reporting

The MaaS360 Platform provides administrators with detailed information on patching, including:

• The number of missing patches across the organization.
• The number of devices missing patches.
• How many patches are missing on each device, and how many devices are missing each patch.
• Inventory information on patches installed on each device.

This reporting allows administrators to:

• Quickly identify “problem systems” that require immediate attention.
• Find information about specific systems, to help with support and upgrade processes.
• Identify patterns indicating problems in the patch management process (“why are the computers in the Chicago and Frankfurt offices missing so many patches?”).
• Quickly identify which critical and important patches are still missing from large numbers of computers.
• Track the progress of patch deployments over time.

• Prepare for software upgrades and rollouts.

2. Identify Corrupt Operating System Patches

As mentioned in the previous post, most patch reporting systems simply look to see if patches are listed in the Windows registry, and cannot identify conditions such as missing or corrupt files and over-written or deleted files. This can give administrators the illusion that devices are protected when in fact they are still vulnerable to exploits.

But the MaaS360 Platform also validates correct file versions and provides a report that identifies systems with corrupt patches.

3. Patching Mobile and Remote Systems

As noted in the previous post, many patch management systems can only monitor and patch computers attached to an internal LAN or networked to the LAN via a VPN connection, while others require organizations to position multiple servers in the DMZ and remote locations.

In contrast, the MaaS360 Platform handles monitoring, reporting and updating “in the cloud,” which allows it to monitor and patch distributed systems as soon as they connect to the Internet.

4. Patching Without Manual Processes and Scripting

Most home-grown patching systems and many vendor products rely on time-consuming manual processes and extensive scripting to distribute and install patches. For example:

• Instead of monitoring web sites for new patches, Fiberlink automatically receives notification from Microsoft when new security bulletins are released.
• Instead of writing scripts and running scanning tools to detect missing patches, MaaS360 automatically distributes identification scripts to all endpoints and creates reports showing missing patches.
• Instead of writing execution packages and logon scripts, MaaS360 manages the package execution process for customers.
• Instead of writing scripts to distribute packages, MaaS360 automatically distributes packages to systems missing patches, including mobile and remote systems.
• Instead of writing scripts to validate installations, MaaS360 verifies registry keys, validates correct file versions, and flags corrupt patches.

In summary, you don’t need to suffer through difficult and unreliable patch management processes that don’t fully address mobile and remote systems. The MaaS360 Visibility Service, MaaS360 Control Service, and MaaS360 Patch Management Service can simplify the process, provide complete reporting, and automate much of the work.