Tired of playing Whac-A-Mole with your patch management? [New paper]

Ever feel as though you’re playing Whac-A-Mole in your vulnerability scanning and patch management?

You patch one device here, then another unprotected device pops up over there. You update all of your workstations and servers, then somebody connects the Next Big IoT Thing to your network. You nail down IT inventory management software for Windows, macOS and Linux, then a pilot project with Raspberry Pi’s brings Raspbian into the building.

When I say, “Protect all the network endpoints . . .”

. . . I mean all the network endpoints.

In the face of cyberattacks that aren’t going away anytime soon, you want to know about and be able to track all of the assets on your network. You want your inventory updated automatically whenever a new asset is added. You also want to automate your patch management and vulnerability scanning.

Otherwise, you’ll go to work every day wondering which new mole you’ll have to chase and whack next. You think that gets old in a video game? See how old it gets in a career.

The Quest® KACE® Systems Management Appliance (SMA) is designed for that. Our new paper, Build better endpoint security to protect your entire network, describes the KACE SMA as a foundation for securing, managing and protecting all of your network endpoints.

First, discover assets, automate asset inventory and deploy anti-virus software

Having more devices and network endpoints is good for the value of a network. Until it isn’t.

The problem is that you have more devices to track; the bigger problem is that you have more moles to whack. Your attack surface grows with each additional device. The KACE SMA maps your network and finds information you can use, even about connected, non-computing devices, such as networking gear, printers and IP telephony.

“Now that I know where everything is, I want ongoing, automated IT inventory management,” you say. That inventory management will tell you, at a glance, how many endpoints are running specific versions of Windows, macOS, Linux, UNIX, Raspbian and Chrome. It will allow you to plan for refreshing your hardware and software and to prepare for an audit.

The KACE SMA agent gives you detailed insight into your physical assets, into the applications installed throughout the organization and into your virtual drives. Even without the agent, the KACE SMA pulls assets like printers, routers and IoT devices into inventory.

With the entire network in view, your next goal is to ensure that all systems are running anti-virus software. The KACE SMA continually scans endpoints and notifies you of those with outdated virus protection.

Then, automate patch management and vulnerability scanning

The way forward in unified endpoint management is automated patch management software, to bring every device up to a secure state and keep it there. A single source for patch management reduces complexity in your IT infrastructure.

Through Smart Labels, the KACE SMA allows you to manage patching according to parameters you choose, such as OS, user needs, hardware model and location. To reduce congestion over WAN links, it can send updates and patches to a single endpoint at a remote location for replication to other systems in that location.

The KACE SMA includes features for targeted patching, easy roll-back in case of recall, incremental patching to a test group and user-level control of patch installation.

To whack moles before they have the chance to pop up, the KACE SMA lets you conduct audits on systems that don’t comply with security policies and standards. It discovers settings and device configurations that can lead to vulnerabilities on your network, then allows you to address them and enforce security policies through configuration management.

Get the paper on building better endpoint security

Have a look at our paper, Build better endpoint security to protect your entire network, for more ways you can use the KACE SMA.

Besides letting you discover every endpoint connecting to your network, the KACE SMA helps you automate asset inventory and deploy anti-virus software across all systems. Then, its patch management and automated vulnerability scanning helps ongoing protection for all your endpoints.