Readiness has teamed up with 1E! Based in London, 1E enables IT to deliver comprehensive self-service and respond in real-time by augmenting Microsoft and ServiceNow solutions. 1E products are trusted by over 1000 organizations better manage and secure their endpoints.
In what is looking like will become an initiation right-of-passage, I had a chance to speak with 1E’s CEO Sumir Karayi about patching and security, something he unquestionably has quite a bit of expertise.
Eric Embacher: Hello Sumir! Thanks for taking time from your bus day for this chat. I can speak for all of us at Readiness in saying we’re looking forward to partnering with 1E. I think there’s great synergy between our two companies.
Sumir Karayi: Not at all Eric, it’s my pleasure. I too feel that we both have much to gain from working together. I think our customers will actually benefit the most.
EE: Quite true! So let me start with something fairly broad and ask you what you think are the key problems with patching today.
SK: Right…well there are five key problem areas that are getting in the way of effective patching. The first is Endpoint Health. Even though patching is mission critical, typically only a few tools (SCCM and BigFix are the most common in larger enterprises) are used for patching and these agents can be “fragile.” SCCM, for example, relies on WMI working properly, and WMI itself (part of the Windows OS) is not always stable. If the agents aren’t working correctly, the patch won’t be installed.
The second is Critical Asset Patching. For most organizations, there are endpoints that are more critical to the business than others, and it isn’t always possible to find a suitable maintenance window to ensure software updates and patches get applied. This often means that these critical systems don’t get patched for a long time and are exposed to security threats. It is hard for IT teams to not only find a suitable maintenance window, but to also prioritize these machines so they get patched first.
A third challenge is “Zero-Day Response,” where there has been a notified security breach without a known fix/patch. These zero-day scenarios demand a reaction at a speed that most patching tools weren’t designed for. You also need flexibility here. The “patch” may involve flipping a registry key or changing a setting in a configuration file, or almost anything else – rather than a typical patch deployment.
The fourth challenge are the gaps in our armour created by user behavior. Many patches require a reboot of the device in order to take effect and users often put off rebooting as long as possible, especially remote users who are on the go – often until it is forced on them after 30 days.
Lastly, patch content is increasingly large. This puts a strain on network bandwidth. Often the distribution of content is “squeezed” into “Change Windows” which can result in some endpoints not getting the content they need. Devices need to be turned on and connected to the VPN to receive the patch, which is not always the case – particularly (again) when it comes to remote workers.
EE: What is the biggest challenge to maintaining security for SMEs?
SK: SME’s may not have access to the tooling available to larger businesses and are likely struggling with regard to availability of skilled resources while facing more and more demands from users for IT support. This makes SMEs a particularly challenging area.
EE: Why is patching speed so important?
SK: According to the Ponemon Institute, 57% of cyber-attack victims who were successfully breached said they were breached by attackers who leveraged an unpatched known vulnerability. Shockingly, 66% of those knew about the vulnerability prior to the attack.
At Equifax, where data on 148 million people was compromised in the course of a breach that lasted for 76 days, the culpable vulnerability (a simple Apache software flaw) could have been patched at any point in the eight weeks preceding the attack.
The longer organizations have out of date devices and software the more risk they are exposed to.
EE: Is patching different for Windows 10 or Server 2019 than previous versions?
SK: The process remains mostly unchanged over the past 10 years, which is one of the reasons we still see patch challenges today. Companies are relying on the same processes and tools they always have. In order to deal with the evolving threats from bad actors, companies should be looking at new tools, like Tachyon, to help.
One of the big issues with today versus previously is the increased prevalence of home workers. Traditional tooling was designed with a “Corporate LAN” in mind – not the work from anywhere situation many companies operate today.
EE: What is unique about 1E’s solution?
SK: Tachyon gives you live insight into your entire estate, regardless of endpoint location, and the ability to act on endpoints in real-time. This kind of live insight and instant action helps solve all five of those challenges listed above. It’s a really impactful technology. You can check or reboot endpoints servers and repair traditional patching tools from one second to the next.
I have a great quote from Kurt De Ruwe, the CIO from Signify… “Tachyon is like the Google of your whole IT landscape. Live information is really important because viruses, phishing attacks and all these things happen from moment to moment, so you need to be able to react quickly. There was a time you could afford to wait a week or two before you had the information. Today real-time information makes all the difference.”
With the Intel bug virus, for example, Signifiy used Tachyon to deploy a solution that prevented the exploit from being able to be used, and it did so across 22,000 devices around the world in two days.
EE: How do you see the world of Windows OS patching 5 years from now?
SK: Patches will likely be more flexible and more frequent than they are today. IT will face more challenges, but hopefully will also be equipped with newer tools to help automate their way out of the problems—there really is a need to move to real-time capabilities and tools like Tachyon lead the way in delivering to that need.
EE: Awesome! I know we could go on further but I feel I should let you get back to your day. Thank you so much for your insight on what’s clearly a challenge for many companies around the world.
SK: No problem, I’m always happy to share my thoughts. As you can tell, it’s a topic which I’m quite passionate about.