Action1 Extends Automated Patching Capability to Groups of Endpoints
Action1 has updated its namesake patch management platform to make it possible to dynamically group endpoints in addition to providing an audit trail capability.
In addition, the company has enabled integrations with Okta for single sign-on capabilities and optimized reboot processes.
Action1 Co-Founder and President Mike Walters said these latest enhancements make it simpler for cybersecurity teams to automatically apply patches to both instances of Windows and third-party applications running on those endpoints.
The Action1 platform automatically detects software instances in real time where the latest patch has not been applied. It then uses a peer-to-peer protocol created by Action1 to efficiently distribute updated files to endpoints, said Walters.
He added that the company will also work with clients to provide a patch update service for any application it doesn’t already support.
Staying current on operating system and application patches has become a critical aspect of cybersecurity as cybercriminals become more adept at exploiting known vulnerabilities in older releases of software. The challenge is that many IT teams are too overwhelmed to consistently apply patches across an attack surface that continually expands. That creates a need to automate patch management processes that would otherwise take days to manually complete across a fleet of endpoints in an enterprise IT environment.
One of the primary reasons patches are not applied in a timely manner is that IT teams want to test them to understand the impact they will have on customized applications. IT teams are understandably concerned that patches might break applications. However, cybercriminals today carefully study patches made available by vendors such as Microsoft to identify weaknesses they can exploit. IT teams increasingly need to make a difficult choice between applying patches as quickly as possible to ensure cybersecurity and the odds that a patch might inadvertently render an application inaccessible.
Naturally, the speed at which patches can be rolled back is an important factor when determining whether to apply a patch without first testing it. Patches applied to endpoints during off hours, for example, are not likely to be nearly as disruptive as a patch applied during the height of operations. One way or another, cybersecurity and IT teams need to find common ground for applying patches. The fact is today, malware deposited on an endpoint that might result in an entire company becoming a ransomware victim poses a much larger risk than any disruption to an application.
Patch management is, of course, often at the heart of any effort to meld security and IT operations. In smaller organizations, there usually are not two distinct IT and security operations teams, but in larger organizations, there is often a disconnect between these teams that results in patches not being consistently applied. Many cybersecurity teams have long advocated for an ability to automatically apply patches, given the risk that running out-of-date software represents. As more IT operations teams assume responsibility for security operations, they are increasingly appreciating the merits of that argument.
That may not eliminate every threat organizations face, but in terms of improving the cybersecurity posture of an organization, there simply is no substitute for effective patch management.