With ongoing cyberthreats faced daily by organizations, it has become more and more critical to keep up with the latest security patches. The National Institute of Standards and Technology (NIST) reported more than 18,000 software vulnerabilities in 2021 alone.
Typically, organizations rely on patch management to ensure their software and operating systems are kept up-to-date, and known security vulnerabilities remediated properly. Patches are designed to address and repair specific, known vulnerabilities or flaws in the operating system (OS) of a device or the software used on it.
With the diversity and volume of both OS and software choices even a small to medium-sized enterprise (SME) has to manage, patch management can be a daunting task. Every unpatched OS and application, or delay in the process to patch them, creates an opportunity for an attacker to exploit the existing flaw, gain access to corporate resources, and potentially exfiltrate sensitive data or lock them down for ransom. According to Ponemon, the average time to patch is 102 days. This means that companies are susceptible to security threats/vulnerabilities for months.
Why Patch Management Can Be Such a Chore
In today’s hybrid work environment, patch management is often a manual, tedious, and time-consuming task due to the limited visibility into operating systems and the applications on their devices, as well as the lack of automation around distributing and implementing patches through native device capabilities.
Often they must rely on end users to apply crucial updates on their own, and report to IT any successes or failures they encounter. Many organizations managing and securing systems in a mixed OS environment find it exponentially more difficult to manage this effectively.
In addition, patch management reporting is usually included as part of the compliance requirement that IT needs to meet. But gathering the data and reports across an entire software catalogue and device fleet is not an easy task. This places additional pressure on IT and requires significant time and effort (to manually gather the data and reports) that could adversely impact IT’s productivity. Incidentally, IT is also usually given the task with no additional help from anyone or any other department within the organization.
How JumpCloud Can Help
When it comes to OS level patching, admins can now easily create schedules and manage their Mac, Windows, and Ubuntu Linux OS patch processes in a single console, which provides greater visibility and reporting while strengthening their devices’ security posture and meeting the organizational compliance needs.
JumpCloud Patch Management provides the following capabilities:
- Patch Visibility Dashboard with fleet OS distribution and current OS release trains
- Automatic macOS Updates policy to set and enforce automatic updates with end-user notifications
- Advanced Windows Updates policy with new controls for automatically installing and enforcing Windows updates with end-user notifications
- Centralized view of policy configuration and recommended settings
Patch Management will live under the Policy Management section in the JumpCloud Admin Console. Watch Tom Bridge, Principal Product Manager, Apple, as he walks through the admin experience of JumpCloud Patch Management:
Key Benefits of JumpCloud Patch Management
Gain Overall Visibility into Your Patch Management
IT admins can centralize the management of their Windows and Mac device patch updates within JumpCloud’s admin console. Admins have visibility into all their OS patch updates, current statuses, and version control, and can track patch deferrals to help ensure nothing is amiss.
In addition, the JumpCloud Directory Platform provides deep visibility into application version information across all installed software on Windows and macOS devices through its System Insights™ capabilities.
Automate and Efficiently Rollout Patch Updates with Ease
IT admins can seamlessly create an effective and practical plan to roll out OS patches, taking into consideration their organization’s and employees’ time, resources, and needs. By defining and automating specific rollout schedules as needed for Windows and Mac devices, manual work is practically eliminated. In addition, admins can customize notification settings to devices.
For Macs, we’ve embraced the familiar Nudge framework to help admins customize the deferral counts and time between deferrals to encourage updates and cleanly communicate with end users. Here is Tom Bridge talking about how Nudge is used by the JumpCloud platform:
Strengthen Device Security Posture at All Times
IT admins can now improve device security with the latest OS patches and/or software updates at all times, with minimal effort. Given the volume of attacks perpetrated against known vulnerabilities with available patches, timely updates to the OS minimizes potential attack vectors due to outdated software.
Learn More About Device Management with JumpCloud
JumpCloud Patch Management will be available at $4/user per month, under our A la Carte pricing package.
In addition to supporting patch management, JumpCloud’s comprehensive device management solution combines its IAM and directory capabilities for a robust, centralized infrastructure that supports work-from-anywhere models.
To learn more about JumpCloud’s overarching approach to device management, check out our whitepaper: The Five Key Components of Modern Device Management. This resource details the philosophy that drives our product roadmap and the feature releases for Linux, Mac, and Windows systems.