Jun 29, 2021 Navin Bagga

Patching: Mind the Gap

Tachyon-Tuesday-light

Patching is one of the core activities for most SecOps teams – no matter what industry you are in. In our previous edition of Tachyon Tuesday, we gained some great insight from my colleague Shaun Cassels on how to improve patch success rates by proactively restoring the health of your infrastructure components first. Once you have done that, you will see a significant improvement in first time patch deployment. What comes next is ‘the gap’, the typical last 5-10% of the environment keeping SecOps teams on their toes. In this blog we’ll look at some examples of how to close this gap using 1E Tachyon Platform.

1E Patch Success provides you with patching visibility breaking down into device metrics that matter. It highlights the devices that need a reboot for the patches to be effective, those that need patching, and devices that need attention due to an error. Now you can focus your efforts on problematic machines by drilling down into each of those categories.

NAVIN-TT-1

1. Require Patching: Deploy a Patch

Let’s focus on the most common problem: missing patches. At a click you can filter down and view all devices that are missing patches with details, as shown in the example below:

NAVIN-TT-2

Drill deeper by choosing a specific target device’s missing patches. Immediately that will show the specific missing patch details related to that machine:

NAVIN-TT-3

Now, you can target the patch by simply choosing the Patch ID and hit ‘Deploy’. Based on how you have configured your workflow, this will up the patch from your default source (SCCM in most environments) and install it on the machine and report back.

If you want to choose a different source, you simply click on ‘Explore’ and have all the choices you will ever need:

NAVIN-TT-4

WSUSL stands for your Local installation of WSUS whereas WSUSR stands for Remote WSUS or Microsoft Updates. Choosing SCCM follows your WSUs integrated SCCM workflow.

In addition, there are options to deploy patches directly via a UNC Patch (if going out to the internet for patching is blocked in your environment or you have a Zero Day scenario).

This is an example of one of the ways you can target the Missing Patches to be immediately deployed and the status of success/error reported back. The full Patch Management product pack has many permutations and combinations that you may want to use to close the last mile gap in your patching environment.

2. Require Rebooting: User Interactive Reboots 

The next most common challenge we see is rebooting devices either automatically or in a managed way so that users are not disrupted by reboot activities. You can perform either Automated Reboots or Managed Reboots instantly with the 1E Tachyon Platform and gracefully engage the user in the process.

Forced Reboots:

The below example will restart a device with immediate effect (the reboot instructions can be scheduled as well)

NAVIN-TT-5

Managed Reboots:

Better still, why not interact with the user(s), providing them reasoning for the restart request, and reminding them at an interval of your choice with your custom corporate branding and messages?

As an admin, all you will need to do is provide the custom message on the identified device(s) that need a reboot.

NAVIN-TT-6

The user(s) see a pop up that displays your message and captures the user choice:

NAVIN-TT-7

If you want to remind the user again, you can inform them straightaway, so they are aware of this requirement:

NAVIN-TT-8

Finally, when the user chooses to restart, the prompt will suggest saving work and wait for a specified time (customisable to your user environment):

NAVIN-TT-9

You can have as few or as many of these workflows configured to gracefully engage the end user in the reboot process for the patching dependency on reboots to be completed. 1E Tachyon can be tailored for such combinations you may see in your environment. Please speak to your Solution Expert for your specific requirement.

3. Require Attention: Troubleshoot Faster and at Scale

This brings us to the remaining devices on which patches are failing to deploy. In such circumstances, the key is to troubleshoot these at scale without impacting the end user. With the 1E Tachyon Platform, any log files, config files, or registry entries can be investigated centrally, and a change applied in real-time. This does not require the user to provide their system to the support team for RDP access. Some examples below will show this capability and depending on the issue at hand, you can remediate in real time and at scale.

Example: Investigating a log file on multiple systems without interrupting the user:

NAVIN-TT-10

The product packs below provide food for thought on how to use these capabilities in your own environment:

Brute force install: If all else fails, install patches directly via Tachyon that have failed previously via other methods, such as SCCM or WSUS (Local or Remote)

NAVIN-TT-11

Follow up with us next week for a vlog on this topic, and in the meantime you can learn more about Patch Success here!


If you found this Tachyon Tuesday vlog helpful, why not check out other editions of Tachyon TuesdayOr subscribe to our YouTube channel to stay up to date with the latest Tachyon Tuesday content!