The majority of security exploits today are executed via old, unpatched software. This is the soft underbelly of the modern computing environment ever since Windows PCs began significantly hardening and locking down the core operating system against malware, viruses, and other security exploits. Updating software blocks up to 85% of web attack angles. Really! Enterprise customers have long had the ability to patch their outdated software via dedicated services, servers, and IT teams giving their size and scale a distinct advantage until now. With the wide adoption and distribution of Open Source & Cloud Computing platforms, free and low cost alternatives that can be employed by small businesses and individuals with little or no technical knowledge have evened the scales and allowed small firms and home users to scale advanced solutions to protect their environments. Among them are Comodo One, Patch My PC, PDQ Deploy, Ninite, Heimdal, and ManageEngine Desktop Central.
In order to keep the small business office environment secure, Tech MacGyver employs a few solutions that works out well in distributed, work-anywhere organizations that are typical of entrepreneurs and many businesses in Sarasota, Manatee, and Charlotte counties. Software is kept up to date by automating a program that is perfectly suited toward the SOHO office environment called Patch My PC. It runs on individual machines but also provides enterprises of all sizes administered solutions for third-party patch management via an enterprise SCUP Catalog. That means third-party application updates and hotfixes can be deployed to endpoints using Microsoft System Center Configuration Manager without additional agents or unwieldy additional server deployments.
In a SOHO environment run once a day, Patch My PC will update 95% of the software small businesses typically employ. Couple that with what’s automatically patched by Microsoft and you’ve gone a long way toward securing your environment and reducing your attack surface.
Ninite is another great solution for the small office. It isn’t actually installed, it just runs as an “.exe” file. Choose to run it on one machine in remote mode and manage updates from there or set it up to run on each endpoint as a scheduled task or as part of a startup script. Tech MacGyver has run this solution on a multi-million dollar media company, so the product scales well and is reliable.
Comodo ONE Patch Management is free and offers Automated Patch Management that supports Windows, Mac, Linux all from a fully integrated, one view dashboard. This is a more robust solution than Patch My PC and requires at least an elementary level of experience in the support of computers and devices. It also requires installing a simple software agent on each managed endpoint, so if you’re intimidated by its complexity, hire a pro or use a simpler product.
Heimdal has a free product that patches over 20 common software apps which are also top targets that cyber criminals seek to exploit. Heimdal scans your computer every 2 hours to see if any updates are available to this high vulnerability set of software and downloads updates in an unobtrusive fashion. After initial configuration, it’s designed to work even on limited user accounts, so no need to let those untrusted users have admin rights!
PDQ Deploy is a deployment program to install new software and/or patches on endpoints of an organization. It supports MSI and EXE files, silently installing them on the device targets. They provide a range of applications ready to be deployed with the ability to define targets from Active Directory groups. The initial setup is time consuming and the free version has limitations. Sound complex? Again, hire a pro or use something simple like Patch My PC or Ninite. Otherwise, be prepared to test, test, and test again as you set up this system without official support when using the free product.
ManageEngine Desktop Central is available as a free patching solution for small businesses with up to 25 computers and 25 mobile devices. If you want to keep an eye on your mobile devices, this is an excellent solution. That “phone” in your hands is really a mini-computer with more processing power than NASA had at its disposal for the moon landing! So not just patching, but ManageEngine Desktop Central allows you to manage mobile devices such as iOS, Android and Windows smartphones and tablets to deploy profiles and policies, configure devices for WiFi, VPNs, email accounts, apply restrictions using the camera and, browser, and enforce security with passwords, remote lock/wipe, and more.
Give one or more a try and discover how easy it is to keep your computing environment safe. Paid alternatives offer great utility when scaling a business since they include robust reporting and notification tools allowing business owners to monitor operations independent of location.
Overwhelmed? Work with your IT Department, improve your skills, or contract with outside help, but whatever you do, lock it down and protect your assets, businesses, and homes.
Have you read our blog about Ransomware? Check it out at the link.