Don’t Call It a Comeback

Don’t Call It a Comeback

When I first started at STEALTHbits, times were different. Technology was different. There were different problems to solve then. And with the advent and evolution of an endless stream of new technologies over the past decade from mobile devices to social media, Voice-over-IP (VoIP) to “big data”, the problems to solve keep on coming.

Not surprisingly – especially considering the rate at which technology has evolved – “old” problems are still very “real” problems. One such instance is Patch Management.

The concept is simple on the surface. Push patches to your systems and applications to fix vulnerabilities and bugs in the existing versions of the technologies you own. It’s a great thing.

However, in practice, provisioning patches properly can actually be a very difficult, dare I say ‘impossible’ task in some scenarios. The complexities involved can test the mettle of even the most experienced IT professionals.

Why? Because patches are less like Band-Aid’s than they are like pieces of a puzzle. Every version of the operating system, every version of the software, the type of hardware, the role of a system, the geographical location, and a wide variety of other meaningful factors, make patch requirements different from system to system. In very large environments with thousands of systems, you could see how the patching process might present some complexities.

One of the gaping holes in the patch process that makes patching so difficult is the tremendous level of uncertainly most have about the effectiveness of their efforts. Despite one’s best efforts, machines will be missed, updates will fail, and in many cases, you’ll have no clue about it unless someone just happens to go digging to find the real truth about whether or not any particular system is patched properly and secure.

Flashing back to my first days with STEALTHbits nearly 10 years ago, we had just recently finalized installations with our first three customers, each with environments exceeding at least 120,000 systems, distributed globally. The reason these megaliths of industry had adopted our technology at the time was because of one use case in particular; Patch Validation.

They all had the same problem. They couldn’t determine for sure that all their systems were patched properly. They consistently received false positives from their provisioning frameworks saying they were patched when they really weren’t. They didn’t even know if their provisioning frameworks were aware of every system that should be patched, or whether or not the agents they deployed to every system were operational. Sure, they’d write their scripts too and wrestle that bear to try to get the data they needed, but you could say the process was “spray and pray” in its overall approach.

But, they knew this was a problem that needed to be solved. They had to know they were patched properly. Quite frankly, the people in charge demanded it. It meant being compliant and being secure. So, they started talking to us.

Interestingly, the technology we had built wasn’t actually designed to address this particular problem. In fact, it wasn’t designed for any specific use case. What we built was designed to address any number of use cases, especially the unique use cases our customers needed a solution for. We had built what some had labeled then as a “scripting engine on steroids”, and later on as a “development platform for the IT Administrator”. We had built a simple, flexible, agent-less auditing engine to gather and analyze any piece of data from a Windows OS, without writing a single script or deploying a single agent. If you open up any one of our then 8 (now 35) data collectors, you could select the exact details you want to return from every desktop and server in your environment, and StealthAUDIT would go fetch them for you. As it turned out, this general capability (along with others within the product) was the key to solving their patching woes.

Here’s how it worked:

  1. Initial Discovery & Configuration Check – In order to give the provisioning application a fighting chance of getting the patches out to every applicable system, StealthAUDIT would perform an inventory routine that identified every Windows system attached to the network. That inventory would then be compared to the database listing of what the provisioning application knew about, highlighting any systems that were unknown. The provisioning agents would then be deployed to those systems as necessary. Additionally, StealthAUDIT would also verify the provisioning agents were configured correctly, with all the proper services set in their desired states.
  2. Provision the Patches – Using sometimes multiple provisioning frameworks, customers would deploy the patches to their desktop and server infrastructure with the newfound knowledge that every machine was accounted for.
  3. Validate the Patches – Leveraging deep visibility into the OS, StealthAUDIT would provide definitive validation of each patch’s adherence to the system, including Registry modifications, File version updates, reboot status, and more.
  4. Re-provision Patches – Using exception lists, StealthAUDIT would notify administrators of exactly where patch updates failed, so that they could quickly re-provision the proper patches to update the systems.

At the end of the day, StealthAUDIT’s speed, flexibility, and accuracy made it possible to obtain complete patch compliance across some of the world’s largest, most complex infrastructures in a matter of days, versus weeks and months with no guarantee that each system was indeed patched properly. A home run for any organization.

Those three customers we started with, along with hundreds of others, still rely on this same exact solution today. While the term “Patch Management” is long passed the buzzword status it once demanded, it is still something that countless organizations still struggle with today. As STEALTHbits embarks upon our 10-year anniversary of the creation of this solution, we’re bringing the conversation back to the forefront. Don’t call it a comeback, we’ve been doing this for years!

Learn more about StealthAUDIT for Systems Governance  here!

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.