Cybersecurity & ASD4 framework

Discussion in 'Business & Enterprise Computing' started by evo800v, Apr 25, 2019.

  1. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
    How do you go managing patch compliance with disconnected end users machines using Batchpatch?
     
  2. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    Purely a frontend for WSUS, so anything not connected/reporting wouldn't be covered. We were going for servers and "high risk" workstations, which deemed to be select machines in finance, and sysadmins, which aren't guaranteed to be in the office, but are covered 90% of the time.

    Going on a pretty flexible version of essential 8 - better than doing nothing :)

    Hadn't seen Qualys Patch (possibly cos it came into existence early this year), signed up for trial but waiting on access.

    Still talking/waiting on HCL, wanted to at least see bigfix in action, even if it is IBM software, but even their sales guys are lazy.
     
  3. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
    So talking to Qualys their Patch Product is OEM'd Ivanti but from what I'm lead to believe is tied into the Qualys vulnerability scanning framework and then leverages the Ivanti patch to remediate.
     
  4. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    Yea I did see a lumension or shavlik digital signature in one of the qualys deployed patches.

    Patch managment is pretty rudimentary, you can schedule recurring patch jobs... but can't automate adding new release patches to a job, allegedly "on the roadmap"

    Have seen nothing in the patching space that even half impresses, tempting to just put MSP's NinjaRMM on servers and turn on patch management there, which is also Ivanti powered, with about the same level of schedule control, just miss out on the vulnerability ratings.
     
  5. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
    Early days but and only scratching the surface as to what's possible with Batchpatch but this thing is magic compared to what I'd been working with.
     
  6. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    I'd say it has far the best scheduling capabilities of any I've seen. Just feels bad paying for a tool thats one job is to prod wsus :)

    If I don't find something else with reasonable vulnerability assessment, usable 3rd party support and 1/2 decent scheduling though... probably gonna be batchpatch.

    On the whitelisting topic, airlock is going well, haven't enforced anything other than my machine yet due to the massive variety of random unsigned shit that people occasionally need to run. The process of reviewing/approving apps is easy enough, though there is a bit of room for improvement when it comes to navigating away from the massive list of shit you were working through.
     
    Last edited: Oct 17, 2019
  7. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
    I suspect we will just be using Nessus to prodocue reports post patching for validation and scripting additional registry cangest requried by some udpdates.

    I met David the Airlock founder at Cyber Conference. Had a quick demo looks promising at first glance I'll try and do a POC soon.
     
  8. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
    Another one for consideration for patch management.
    https://www.automox.com/solutions/os-and-third-party-patching

    Automox works across Windows, Mac and Linux operating system versions, providing you with full patching and configuration control for clients, servers, virtual machines, containers, and cloud instances. No servers, configurations, or networking to manage.
     
  9. fad

    fad Member

    Joined:
    Jun 26, 2001
    Messages:
    2,542
    Location:
    City, Canberra, Australia
    What is good for patching onprem?
     
  10. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    Tried it, can't remember exactly what was shit about it... a lot though.

    Bigfix looks like a learning curve, and a lot of work, but surprisingly good for something IBM used to own. Lot more responsive than SCCM.
     
  11. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
    That's disappointing sounded promising.
     
  12. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    From memory it required manual intervention. I'm after something that can just deploy, reboot, retry until complete (for certain servers and workstations anyway) with a schedule that, for example, would let me do 1 DC in a site one night and the other the next.

    Batchpatch is still the closest I've seen to that out of the box.
     
  13. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    Daniel, not David :) Its decent, they also have integration with Crowdstrike now as well, with the aim of single management platform between CS and AL.
    https://www.crowdstrike.com/resources/news/crowdstrike-adds-new-partners-to-crowdstrike-store/


    BigFix is a shit hole, patches (Fixlets) aren't even overly speedy being released, and IBM have also just sold it to TCL.
     
    Last edited: Dec 13, 2019
  14. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    I ended up going with batchpatch and a Nessus pro subscription.

    Few minor points around rebooting when required with batchpatch, hopefully they'll introduce some more options in their logic.

    Was shitty with the javascript on nessus page that put a 77% premium on buying in $AU, thankfully a gold reseller was able to give me a reasonable price. A platinum reseller (rhymes with gata dash bee) wanted more than what's on the nessus site, plus insisted support was mandatory (which my quote and the website didn't)
     
  15. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    [QUOTE="IACSecurity]BigFix is a shit hole, patches (Fixlets) aren't even overly speedy being released, and IBM have also just sold it to TCL.[/QUOTE]

    Pretty sure it's HCL, and the sale was about 3 months ago. For an IBM software product, it was surprisingly responsive, and for a complex environment I think it'd make a great patch deployment solution. For my 30-40 servers, wsus + batchpatch (+ nessus scans) was the shortest path to safety.

    ..I'd fix that quote text, but, close enough
     
  16. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,767
    Location:
    3350
  17. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,552
    Location:
    Brisbane
    Reviewing untrusted binaries in app whitelisting really gives some insights into the great attention to detail which goes into software development

    [​IMG]

    I especially like the naming convention of the Win 8 PC... did they just post on rentacoder then add it to a production release of Exchange?
     

Share This Page

Advertisement: