Regularly performing vulnerability scans and applying patches to endpoints is critical to network security. Attacks that exploit known vulnerabilities are increasing in both strength and number, and patching is the most effective way to improve your cyber hygiene. However, finding an efficient way to patch both servers and workstations quickly and easily has always been a struggle for IT departments.
A report from Forrester found that corporate servers are targeted 48% of the time, while corporate owned devices and workstations are targeted by 42% of attacks. In the past, IT teams may have viewed servers as the most vulnerable point in their infrastructure. Today, workstations and other mobile devices are now just as, if not more, vulnerable than servers. Workstations typically have more applications installed than servers, lack the physical protection that surrounds servers, are managed by end users who do not view security as a priority, and connect with the network through a variety of secure and unsecure access points.
Additionally, the approach taken by IT for servers and devices is different. Patching of workstations and other devices, while important to prevent access to the network, is often considered less critical to business operations. If a laptop gets hit with ransomware or becomes bricked, it is an inconvenience, but business continues to operate. If a server goes down through an attack, business operations could be down with it. This is a black eye for the company publicly and can impact their current and future revenues. Service outages can also become costly very quickly depending on the up time language in service level agreements (SLA’s) with customers.
The ability for IT departments to maintain endpoint compliance has become difficult due to the increase in distributed infrastructures and remote device usage. Networks often consist of several server configurations, including Windows and Linux distros, and device usage includes a mix of Windows, Mac, and even Linux. Added to that are multiple versions of each OS and numerous applications that run on both servers and workstations, which also need to be patched to prevent exploitation.
Automated Patch Management
In order to efficiently manage patches across all servers and workstations, SysAdmins need a cloud based automated patch management solution. Patch automation itself is not a new practice, but legacy solutions are on-premise. These solutions can’t handle cloud based endpoints, are limited to a single operating system, and require complex scripting to work across an entire infrastructure.
Automox is an example of a modern, cloud-based patch management solution that automates that patching process for all servers and workstations across OS’s, providing a single source of truth for patching mixed environments and 3rd party applications.
Automox operates by installing a lightweight cloud-based agent on all endpoints, which connects to Automox’s central policy engine and automatically monitors servers and workstations for new patches. The system provides complete visibility of the current patch security for every endpoint in your infrastructure. New patches can be installed automatically, or you can set rules so that patches are applied according to your schedule and deployment workflow. Automox also provides in-depth reporting on patch status, so that IT departments and executives can immediately view their potential exposure to new malware when it is released.
By providing cloud based patch automation for Windows, Mac, and Linux in addition to 3rd party software, Automox is the system of record for patching. To try Automox for your servers and workstations, sign up for our free 15-day trial today. You can add as many endpoints as you like with full platform access and no credit card required.