How Honeywell Automates Server Patch Management With ServiceNow and Tanium

Honeywell, a supplier of industrial products, had a problem in its server patching program — three problems, in fact:

• The patching program involved too much manual work.
• Patching data was not tied to the company’s ServiceNow CMDB. As a result, staff sometimes patched the wrong system.
• Visibility into the patch status of servers was extremely limited. That made it tough to monitor and correct course.

To overcome these challenges, Honeywell initially outsourced patching to a third-party service provider. But Honeywell was unable to validate the work’s quality. Were the right servers being patched? Were the patches being done at the right time? And were the patches being done correctly? Honeywell didn’t know.

The Tanium solution

In response, Honeywell opted to take server patching back in-house. As part of that move, the company also brought in Tanium for both patching and remediation.

Taking the solution one step further, Honeywell then automated its server-patching process by integrating Tanium with its ServiceNow CMDB.

Tanium simplifies and accelerates patch management and compliance with automated patching across the enterprise. This helps Honeywell lessen the burden on its operational staff by carrying out patching tasks and monitoring patch status across its mix of Linux and Windows server endpoints.

“This provides much better reporting,” says Timothy Bremm, Honeywell’s lead enterprise architect. “Plus, it lifts the burden from our operational staff.”

Automated patching = less work

Honeywell has also automated its patching. By integrating Tanium with its ServiceNow CMDB, the company was able to automate patching functions that had previously been done manually by the operations team.

Now users can do these tasks themselves. They can apply self-service to their patch scheduling and capture new builds with patch schedules. This delivers better patch reporting and also eases the operational staff’s workload.

To maintain accurate patching, Honeywell has also created a table that compares configuration item (CI) data with Tanium endpoint data. Once a match is found, the tags are compared. In addition, the setup can show whether a server that is supposed to be managed by Tanium in fact is being managed that way.

Looking ahead, the Honeywell team plans to use Tanium to implement new enhancements such as automated exception handling, automated computer-group formation, and enhancements to the user experience.

“We’ve plenty of things on the roadmap,” Bremm says, “and we’re very excited to continue with our journey.”

---

Learn more: Read the full Honeywell case study to learn how the company manages self-service patch scheduling, improves patch reporting, and more with the Tanium platform.