Automated third-party patching

Automated patching of third-party applications

A 2018 ZDNet study suggests that cybercrime drains at least $600 billion each year from the global economy. This is in part due to vulnerabilities found in unpatched Microsoft and third-party applications. Patching Microsoft applications can be fairly straightforward, thanks to the Microsoft System Center Configuration Manager (SCCM), but what about third-party application patching? Failing to patch non-Microsoft applications can put users at risk, as known vulnerabilities are often leveraged in cyberattacks. The most effective way to get a leg up in this never-ending battle against cyberthreats is by improving your organization's security posture. One way to do that is with automatic application patching.  Patch Connect Plus is a patching solution that adds third-party patches to SCCM and automates the entire patching process, from discovering and downloading new patches, to publishing them to the Windows Server Update Service (WSUS), initiating WSUS-SCCM syncs, and reporting on patch deployments.

How does automated third-party application patching work?

Unlike Microsoft, which releases monthly security updates for its applications,there's no specific frequency that third-party applications receive updates. Security patches for third-party applications are generally only rolled out to fix a critical vulnerability,which makes third-party application patching vital for enterprise security. Since third-party application patches are important for keeping organizations secure, any missing patches should be automatically deployed as soon as they're released. Patch Connect Plus includes four processes for automated patch deployment:

  1. Scanning for the latest updates

    Vendors typically release the latest patches for their applications on their respective websites. As soon as patches are released to a vendor's site, Patch Connect Plus fetches the update details, then publishes the patch to a Central Patch Repository. The estimated time at which third-party updates are supported is 6-9 hours from vendor release.

  2. Publishing third-party patches

    Patch Connect Plus contacts the Central Patch Repository every 24 hours to check for any new updates. If found, the update details will be synced and the patches will be downloaded to the Patch Database present on the Patch Connect Plus server. Afterwards, the downloaded patches are published to the WSUS server.

  3. Initiating WSUS-SCCM syncs

    Once a patch is published to the WSUS library, Patch Connect Plus will automatically trigger a sync between WSUS and SCCM, making the patches accessible in the SCCM console. Further, SCCM's Automatic Deployment Rules (ADRs) make sure patches are deployed onto the appropriate systems.

  4. Reporting

    After deploying a patch, Patch Connect Plus will notify users by sending a deployment report to their email. This report contains data on: the publishing process, the sync status, newly supported applications, deployment task failures, and the signing certificate's expiration. These email notifications will make sure that users don't miss out on summaries of their patch deployment tasks.