How can you boost the capabilities of SCCM?

, , ,

Microsoft System Center Configuration Manager (SCCM) is great for patching. It’s the most effective way for you to manage devices across your network, enforce your policies, and apply updates in a swift, automated fashion.

So it’s only natural to think that, with Microsoft SCCM up and running, you’re covered against application vulnerabilities.

But that’s an assumption that leaves your organisation exposed.

77% of vulnerabilities in the 50 most popular applications on private PCs affect third-party applications

According to the Secunia Vulnerability Review 2015, 15,435 vulnerabilities were discovered in 2014. But these weren’t all in Microsoft products – they were spread across 3,870 products from 500 different vendors.

In reality, 77% of the vulnerabilities uncovered in the 50 most popular applications on private PCs in 2014 affected non-Microsoft applications. So patching first party software with SCCM only solves part of the problem.

Of course, you’ve already spent time and money implementing SCCM. It’s a familiar tool that you use regularly, but it took time to learn its nuances and start using it efficiently.

Fortunately, you can leverage this existing investment and expertise to secure third-party applications right alongside Microsoft ones.

Using SCCM to find third-party applications

One of the hardest – and most time-consuming – parts of effective vulnerability management is achieving full visibility. Until you know the third-party applications that are used across your entire infrastructure, you can’t hope to check for vulnerabilities and patch them where appropriate.

SCCM includes a robust software inventory feature that can be used to scan for third-party applications. And when this is paired with an SCCM-integrated patch management platform, the results can form the foundation of your entire vulnerability work flow.

Secunia CSI takes data from SCCM’s software inventory and assesses the security patch status of more than 20,000 programs, reconciling SCCM’s knowledge of your network with Secunia’s insight into third-party software, vulnerabilities, and patches.

Bring third-party into Patch Tuesday

While Microsoft attempt to rebrand it as ‘Update Tuesday’, Patch Tuesday is a long-standing part of the IT administrator’s routine. It’s when Microsoft release new patches – or updates – for its software, fixing known security vulnerabilities.

Thanks to its SCCM and Windows Server Update Services (WSUS) integration, Secunia CSI can make third-party patching a seamless part of this established routine.

So, using a familiar interface that doesn’t slow you down, you can:

  • Take stock of the applications across your network
  • Package patches for distribution
  • Deploy patches to every instance of an application

All in record time – and in a single downtime window.

An integrated platform for third-party patching and vulnerability scanning saves time, energy, and – as a direct result – money. So while SCCM doesn’t cover all bases out of the box, you can leverage your existing investment to keep your network defended against the entire spectrum of vulnerabilities.

Learn more about Secunia CSI here.