As we've heard recently, it's not Windows that represents the most vulnerabilities, but instead it’s the applications that run on Windows that expose the business to holes in computing security. Based on stats from the National Vulnerability Database, 86% of reported vulnerabilities come from third party applications, 10% comes from the operating system itself, and 4% is attributed to the hardware.
Microsoft utilizes the second Tuesday of each month to release patches to plug security holes in its products. Enterprise customers utilize various Microsoft-developed products like WSUS and System Center Configuration Manager to download, stage, and deploy the patches. But, Microsoft only provides patches for its own products. If companies are only patching Microsoft applications then that leaves a gaping hole in security. Adobe products, iTunes, and Firefox are among some of the most vulnerable applications today, yet they continued to be used. So, what about that 86%?
I had the pleasure to sit down with Shavlik recently to talk about their Shavlik Patch for System Center product that was released in early February 2014.
Shavlik was one of the first vendors to understand the need to patch products other than those provided by Microsoft. Shavlik was instrumental, even, in helping develop Microsoft's own patching processes and technologies. So, the company knows patching.
Shavlik Patch for System Center is a plug-in for Configuration Manager 2012, 2012 SP1, and 2012 R2, that integrates directly with the ConfigMgr console.
In addition to the console integration, the product also takes full advantage of the capabilities built into ConfigMgr for targeted deployments of software patches. And, since it's completely integrated, Shavlik Patch for System Center also utilizes the underlying infrastructure already architected to handle ConfigMgr's needs.
Connecting to the Shavlik Cloud, the application regularly pulls down updated third party patching information and displays it in the ConfigMgr console, where it can be viewed and then configured for deployment using ConfigMgr's robust software deployment functions. This ensures that the list is always up-to-date.
The updated patch list that is made available through the syncing process allows administrators to choose which updates to publish, read more information about the updates, and filter the list according to various categories.
Configuration is easy and scheduling is provided to automate the download of deployable .cab files and publishing of updates.
Shavlik Patch for System Center takes a normally manual process for third party application patches and automates it such that administrators can have confidence that the "other 86%" of know vulnerabilities are covered.
Shavlik Patch for System Center works with all versions of System Center Configuration Manager 2012. For companies stuck on Configuration Manager 2007, the current process of downloading the catalog for SCUPdates is still used.