After reading Rod Trent’s post last week announcing Kent Agerlund’s upcoming webcast, I started digging into some of the business justification for deploying 3rd party updates. Kent does a great job teaching technical staff how to manage updates for third party applications. However, this all requires an organization to realize how important testing and deploying vendor recommended updates is. This is a conversation I have routinely with ConfigMgr teams, IT managers, CISO’s, and top business leaders. The short synopsis is that if you have machines connecting to the internet, unless you are managing updates continuously, those machines will be compromised (even though you have anti-virus and firewalls).
Don’t believe me? Let’s take a look at the research…
Secunia Vulnerability Review 2013
Secunia is one of the leading security research companies on the planet. Their Secunia PSI and CSI products help manage third party updates on over 6 million computers worldwide. According to their research, 86% of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft programs (Third-Party Applications).
The Secunia Vulnerability Review 2013 analyzes the evolution of software vulnerabilities from a global, industry, enterprise, and endpoint perspective.
The findings support that the primary threat to endpoint security for corporations and private users alike comes from non-Microsoft programs, and that vulnerability and patch management efforts must span much wider than to just deal with the familiar interfaces of Microsoft software and a few usual suspects from other vendors.
Learn more about Secunia and their CSI integration with ConfigMgr: secunia.com
Download the full report: Secunia Vulnerability Review 2013
Microsoft Security Intelligence Report Volume 14
Microsoft’s Security Intelligence Report (SIR) tells a similar story. The main conclusion I’m drawing from this report is the same as from the Secunia research: If you are not quickly testing and deploying updates for Third-Party Applications, your devices are being compromised despite other defense-in-depth controls.
Download the full report: Microsoft Security Intelligence Report Volume 14
So now what?
The above research reinforces how critically important it is to deploy updates to Third-Party Applications. Many organizations know this but still don’t get those updates deployed in a timely manner or miss entire vendors/products. I strongly recommend people who aren’t having great success getting all Third-Party Updates deployed everywhere register and attend Kent Agerlund’s webcast. Kent will show people who to get this done with minimal effort and high success.
Managing Third Party Updates with Microsoft’s System Center Configuration Manager
When: Monday, May 13, 2013 1:00 pm CST
Sign Up Today: https://www.brighttalk.com/webcast/8113/74379
I hope that helps,