Operating System Patching...Scary, Right? It Shouldn’t Be.

7.3.2019 | Daniel Oxley

It has been around since the day of the first operating system, and it will always be a task that everyone needs to pay attention to: Patching. No software developer can afford to hunt down and fix every bug in their software before release because of the age-old constraints of time, resources and competitive advantage with being first to market.

Back in ‘the old days’, operating system patching was primarily used to fix bugs and resolve reliability and performance issues. It has slowly evolved over time to include security and protection, as well, and it could be argued that now the primary reason for patching operating systems is to protect them from vulnerabilities, over and above the fixing of reliability and performance problems. One reason for that evolution is devices that use software are now ubiquitous, as are the ways in which they are used and are interconnected.

Part of the basic security hygiene for all businesses is the frequent, timely and reliable patching of all endpoints. This is critical as it helps to reduce the attack surface that can be exploited, but for many organisations it is an ideal more than the reality, even with the knowledge that a majority of successful security breaches can be traced in some way to patch hygiene.

Making patching a priority

We often read in the news about a business having been compromised by cybercriminals because of some unpatched critical vulnerability. A recent example is the BlueKeep security vulnerability in Microsoft’s Remote Desktop Protocol, which allows remote code execution. WannaCry, from two years ago, is perhaps the most famous recent example of a malware outbreak created by a failure in patch management.

So why is real-world patching so challenging? Because it is hard to achieve, even today, despite all the advances made in the technologies available to help manage it. Additionally, many businesses still do not take seriously enough the importance of patching regularly, do not dedicate (or have) the resources to do so, or because ownership for identifying where to patch (Security) and the deployment of the patches (IT Operations) sits in often-siloed units with a historically fractious relationship between them.

In most cases, the technology itself isn’t helping. Existing technologies that specialise in patching are unreliable, even untrusted by some, at getting patches distributed across an entire estate and reporting back quickly their rate of success. Be it because of their tiered hierarchy that is slow to process change, unreliable client agents installed on endpoints, or complex networking requirements that struggle with roaming devices, these factors all add up to increased complexity, reduced reliability and unsuccessful patching.

Don’t compromise

Don’t settle for 80- to 90-percent success rates with your operating system patching, don’t accept that it will take you most of the month following ‘Patch Tuesday’ to test, deploy and verify the installations, and certainly don’t be happy to take your reporting statistics with a margin of error in their data. If any of those excuses sounds familiar, it’s because they’re heard so frequently from IT operations and security teams.

Tanium Patch is different. As part of our platform, you can get your patching started immediately, get the content distributed quickly and painlessly across your disparate networks, and accomplish centralised reporting in real-time. No-one else can do this at the same speed and scale.

Using Tanium Patch, you can transform your entire workflow of operating system patching reliably, quickly and at scale. Should it be for the monthly cycle of patching or the need for immediate patching in response to an incident, Tanium Patch will dependably and consistently beat all other patching solutions in meeting your patching requirements and processes.

We regularly see our customers successfully complete their monthly patching cycle within 24 hours, whilst benefiting from the visibility of real-time status reporting as the patching progresses. The Tanium architecture provides a means to commence patching deployments immediately and reliably, keeping both the IT department as well as the end-user notified of progress and status messages.

This should be the standard for patching. To us, it already is. Accept complete success, don’t settle on ‘good enough’

Learn about Tanium Patch.

Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.