Accelerynt
5 min readSep 16, 2021

Remote Working Requires a Rethink of Your Patching Strategy

Like it or not, the remote workforce is here to stay. Statistics show that employees say they are more productive working from home, and even before the global pandemic, there had been a 44% growth in the remote workforce over the past five years. In 2020, because of the pandemic, 88% of businesses worldwide mandated or encouraged their employees to work from home. Today the flexibility of remote working has become so important that 39% of U.S. adults would consider quitting if their employers weren’t flexible about working remotely.

As your employees get more comfortable with remote working, your company takes on new types of risks. With your corporate assets now regularly connecting to personal home networks, coffee shops, hotels, and shared workspaces daily, systems can’t hide behind company firewalls — so that control is becoming less relevant. And, as you race to adapt, hackers have already exploited additional opportunities to infiltrate your company.

Staying ahead of hackers through patching operating system and application vulnerabilities is even more challenging when using traditional patch management methodologies. For example:

· Most patch management infrastructure was designed with locally stored patch repositories to manage systems directly attached to the corporate network.

· Patch packages are often created to address vulnerabilities in standardized builds, not the additional user-installed software.

· Road warriors have been trained to visit a corporate office regularly or connect via VPN for a sizeable and standardized update package every quarter. Today, this is not possible with offices being closed and VPN solutions not designed for the increased load of patching remotely connected assets.

Whether or not remote working continues, now is the time to evaluate changes in how you protect your company. One effective change is a move away from push-based patch management of your systems. In Edgescan’s 2021 Vulnerability Statistics Report (https://info.edgescan.com/vulnerability-stats-report-2021) , we can see clear indicators that traditional, push-based approaches are becoming less effective:

· The mean time to remediate (MTTR) high-risk vulnerabilities takes 84 days to fix, while critical-risk vulnerabilities are fixed at about 51 days on average. Low-risk vulnerabilities were typically patched in 47 days.

· In total, 88% of the vulnerabilities found by Edgescan had been disclosed in the last five years, with nearly two-thirds of the CVEs it saw in 2020 were more than three years old, with half of those dating back to 2015 or before.

The main points of the report are clear: patch faster and update more thoroughly.

Fortunately, a way to address this is to move to a pull-based approach using Windows Package Manager. Instead of creating and hosting packages within your corporate network, you can now utilize cloud-hosted, pre-tested, and validated vendor packages and simplify the update process.

Windows Package Manager

Microsoft has made this approach easy with the release of the Windows Package Manager. Like Linux package managers such as apt and yum, the Windows Package Manager (also known as winget) is a command-line tool for managing application installation, removal, and updating. Winget is supported on Windows 10, version 1809 (10.0.17763) or later.

When it’s invoked, winget pulls the installation or upgrade files from a cloud-hosted Microsoft Community Repository. The Microsoft Community Repository hosts thousands of packages that have been validated and tested before publishing. This approach provides several benefits:

· It removes the need to create software packages

· It reduces or even eliminates the need to test created software packages

· It offers a standardized location for obtaining updated packages

· It provides a readily accessible source for updating remote assets

· It supports the creation and use of private, corporate package repositories

Holistic and Targeted Upgrades

Without the need to create and test patch packages, your company can script and schedule frequent patching iterations of installed applications. In addition to addressing vulnerabilities closer to their release date, these short iterations allow for faster updating as fewer updates would be pulled with each cycle and cause much less of an interruption to your employees. This is extremely effective especially if your company doesn’t rely on specific software versions which must be excluded from updates.

For companies requiring more explicit control of which applications are updated and when, you can leverage software vulnerability inventories to identify applications and versions needing to be explicitly upgraded. The one provided by Microsoft Defender for Endpoint works well in this example. The Threat and Vulnerability Management feature discovers vulnerabilities in real-time and without the need for agents or time-consuming scans. The Software Inventory identifies where the applications are installed, which can define the upgrade target groups. Using these target groups, the administrator can configure the assets with explicit scripts to pull the upgrade files from the central repository without creating and testing individual or consolidated update packages. Done well, this can reduce the MTTR significantly.

Conclusion

By using Microsoft Intune along with the free Windows Package Manager, you can quickly pivot to a more modern, cloud-based pull approach to patch management. This will help you get:

· Faster and more holistic mitigation of software vulnerabilities

· Shorter upgrade iterations through reuse of update command scripts

· Time for your team to focus on high-value work instead of continuously creating and testing packages

Arbala Can Help

Want to know more? Our highly experienced team of professionals delivers transformational and managed services to gain the most value from your Microsoft investments. By helping our customers leverage the benefits provided by the Microsoft Modern Workplace and Windows Defender XDR, Arbala helps reduce the complexity of numerous point solutions, provides greater ROI, and helps control spend.

For more information or a free call to discuss your challenges and how we can help solve them, please contact us at jvidell@arbala.com.

Jason Videll, CISSP, CISM, CRISC

Chief Operating Officer

Referenced Material:

1. The Ultimate List Of Remote Work Statistics for 2021 (https://findstack.com/remote-work-statistics/)

2. 28 Need-To-Know Remote Work Statistics of 2021 (https://review42.com/resources/remote-work-statistics/)

3. Employees Are Quitting Instead of Giving Up Working From Home (https://www.bloomberg.com/news/articles/2021-06-01/return-to-office-employees-are-quitting-instead-of-giving-up-work-from-home)

Accelerynt

Accelerynt is a leading Managed Detection, Security, and Dynamics 365 provider. Founded by a team of cybersecurity, IT and Dynamics 365 Professionals.