Patch management is one of the most important tasks we undertake for our clients. Significant resources are required to continuously keep IT infrastructure up-to-date, and yet more than half of breaches could have been prevented by installing available software and OS patches, making it resources well spent.
We don’t like wasting money; yours or ours. Therefore we utilize many automated processes to help managed some of the easy stuff, like Windows Security Patches.
All of our clients are required to have our Basic Network Security and Monitoring service on every device, computer, and server on their networks. Part of this package is patch management, which simplifies the task of vetting and approving things like Windows Security Patches. From there, it’s almost all automated and requires no involvement of the client or their employees. It’s kind of like magic.
If you aren’t interested in the technical lingo, your reading ends with this: Our Basic Network Security and Monitoring service manages your computers software updates so you don’t have to, and this management service is included in the standard price!
Need more, here we go:
We break up patches into severity levels (critical, important, moderate, low) and update categories (critical, regular, update rollup, service pack, feature pack, definition pack, drivers, feature updates). From there, we can weed out unnecessary updates (a low severity definition pack is almost never needed) from the crazy important (a critical update rollup). This reduces the update load almost in half.
Now each computer regularly scans themselves for needed updates. If a critical update is determined needed by a machine, the update is installed immediately. If a normal regularly schedule update is determined needed, it is scheduled for the machine to install automatically after hours.
The only machines that require our intervention after updates are servers, where the system cannot schedule its own reboot with confidence. Most workstations will reboot themselves or prompt the user to do it at a time of their own choice.
Now, why is patch management important?
If you’ve been using computers for a while you’ll know one thing; major network issues tend to occur around Microsoft Updates. Even though this isn’t a Microsoft specific thing, https://www.trustedreviews.com/news/you-probably-shouldnt-update-your-homepod-with-the-latest-beta-4149490, because most computers that are needed constantly are Windows, Microsoft gets a bad rap. Some Windows Updates do just what users complain about, they break things.
Allowing computers to just install updates when Microsoft pushes them can cause nasty network-wide problems. By managing these updates, and their deployment times, we can reduce the risk of network-wide outages by bad updates by delaying the updates a few days, or by not deploying unnecessary updates. It’s not complicated.