Smooth Sailing with Patch Management as a Service

Challenge

Streamline deployment of application security patches cross-fleet in a consistent and timely manner to employee workstations while maintaining a seamless user experience.

Solution

Microsoft-first framework leveraging Intune, Azure, and integrated vulnerability intelligence to automate, validate, and streamline global patch deployment.

Result

Significantly matured patch management program with increased automation and reduced deployment failures.

In Depth Challenge

The organization faced several significant challenges, including identifying and addressing vulnerabilities across a vast number of devices, managing the constant release of patches and updates, and ensuring the efficient deployment and upgrade of applications. Additionally, they needed to reduce installation failures and streamline their application package creation and deployment process.

Specific challenges to overcome:

• Vulnerability Identification: The organization had a vast number of devices, each posing significant vulnerabilities that needed to be identified and addressed
• Deployment and Upgrades: Ensuring the smooth deployment and upgrade of applications on remote systems was challenging due to the company’s size.
• Patch Management: Keeping up with the constant release of new patches and updates was a major challenge.
• Installation Failures: There was a need to reduce the instances of application package installation failures in the production environment.
• Application Publishing: Managing and streamlining the publishing of applications for a large number of users was complex and resource-intensive.
• Process Inefficiency: The existing application package creation and deployment process was inefficient and required a revamp.

Solution

SDG developed a comprehensive strategy leveraging Tenable.IO, Microsoft Intune, and Microsoft Azure. The strategy included a robust approach to vulnerability assessment, application packaging, and deployment, supported by customized scripts and thorough testing.

• Patch Lab: Developed an isolated, replicated environment test package deployments, ensuring only production ready releases are distributed.
• Vulnerability Assessment: Vulnerabilities were identified, analyzed, and validated through penetration testing on in-scope devices, providing a clear picture of the client’s risk landscape
• Zero-Day Management: Zero-day vulnerabilities were promptly addressed as solutions became available, ensuring minimal exposure.
• Application Packaging: Packages of client-provided applications were created and deployed in lab systems using Intune, ensuring they were ready for rollout.
• Custom Scripting: Customized scripts were used to enhance application packaging, minimizing installation failures in the production environment.
• Thorough Testing: The client was provided with thoroughly tested packages ready for deployment in the production environment, ensuring reliability and stability.

Results

The implementation of SDG’s comprehensive strategy led to significant and tangible results, addressing the client’s initial objectives and improving their overall IT security and application patching processes.

In addition, SDG successfully:

• Addressed Gap Remediation: Identified gaps were addressed with a remediation plan that defined precise corrective actions, ensuring thorough coverage.
• Reduced Risk: Vulnerability risk was significantly reduced, lowering the probability of a breach and enhancing overall security.
• Improved Visibility: Visibility into vulnerability and patch management was vastly improved, enabling better oversight and control.
• Enhanced Deployment: Experience in application deployment and testing through Intune was extensively enhanced, ensuring smooth operations.
• Revamped Processes: The application packaging process was revamped and made more efficient, streamlining workflows and reducing delays.
• Reduced Failures: The rate of application package deployment failures in the production environment was noticeably reduced, improving reliability.
• Improved Onboarding Efficiency: The improved application packaging process allowed for efficient onboarding of endpoints in Intune, preparing the production environment for seamless deployment.

Conclusion

As a result of partnering with SDG, our client matured their end-user computer patch management process with an efficient, frictionless, secure, and repeatable program. SDG’s strategic approach to identifying and managing vulnerabilities, along with their prompt response to addressing zero-day threats, greatly improved the mean time to patch and overall posture. The use of Tenable.IO, Microsoft Intune, and Microsoft Azure allowed for comprehensive testing to occur, ensuring minimal disruption, streamlined application deployment, and reduced installation failures through custom scripting. This successful implementation not only improved operational efficiency and reliability but also positioned the cruise line for future success in a dynamic digital landscape.