Shavlik Protect is very well known for its industry-leading patch management capabilities. What is not so well known, however, is that it is capable of patching much more than just the Microsoft operating systems and applications on your laptops, workstations and servers. Many believe that these are the only items that matter, when in fact, they are sometimes only the tip of the proverbial patching iceberg. In this article, I will highlight four things that often get overlooked during the patch process and how Shavlik Protect can help.
Virtual machines have become extremely popular in both large and small organizations. But with their widespread use comes a certain danger. When it comes to patch management, your virtual machines are no different than your physical machines. Both must be consistently scanned and patched in order to stay protected. Fortunately, Shavlik Protect supports patching for all forms of virtual machines, including online VMs, offline VMs, and virtual machine templates. When you are patching your machines, don’t forget about your virtual machines!
If you use many virtual machines in your organization, you likely use VMware ESXi hypervisors to deploy and serve them. You might also use a VMware vCenter Server to manage the hypervisors. It’s cool stuff, but did you know that the hypervisors require patching? If you are not regularly patching your hypervisors, you’re exposing yourself to potential attacks. You will be happy to learn that Shavlik Protect can help you manage the hypervisors and vCenter Servers in your organization. Shavlik Protect enables you to:
- View basic configuration information about the vCenter servers and the ESXi hypervisors
- Perform a scan of your managed and unmanaged ESXi hypervisors
- Deploy any missing security bulletins to the ESXi hypervisors
This seems like an easy one but somehow it keeps getting missed. Jordan Pusey touched on this in a blog article a few weeks ago. Many people are great at patching their Microsoft operating systems and Microsoft applications, but totally ignore their third-party applications. It is a fact that 70 – 80 percent of vulnerabilities are attributed to non-Microsoft applications, so make sure to include them in your patch management process.
You may not realize it, but there is often a need to manage patches for products that are unique to your organization. For example, you might receive a special private patch from a software vendor. Or, you might create your own patch for a vendor’s product or for your own custom product. When these situations arise, it is good to know that Shavlik Protect is capable of handling these special cases. The built-in Custom Patch File Wizard walks you through the process of creating your own customized XML files. You then simply import the custom XML files into Shavlik Protect and perform your scans and deployments like normal. Easy!
Don’t be guilty of locking all the doors but leaving the windows open. To stop the bad guys you need to patch every device and every product in your organization.