Patch Management: 4 Best Practices and More for Today’s Banking IT Leaders

An InformationWeek Financial Services Webcast

Sponsored by

Webcast Logistics

Today’s Presenters

Gerald BeaulieuDirector of Product Marketing

Kaseya

Corey EllisInformation Technology Officer

Century Bank & Trust

Polling Question 1

What is your biggest pain point for Patch Management?

- workstation- server- laptop- other

Patch: It’s the Same Problem

B. Getting the patch to all your servers and PCs

A. Knowing about the patch, the severity, and the risk

How Bad is Manual Patching?

Monitoring for new patch: 10min/d or 61hr/yr61hr * $70/hr = $4.5K

Applying new patch: 10min or 0.16hr0.16hr*500PC*$70/hr = $5.6K per patch

MSFT patches/yr = 72 (3 yr avg)

Impact of managing 1 image/yr: $4.5K+($5.6K*72) = $408K

Source: Microsoft, 2010

And the Exploit Timeline is Shrinking

As this cycle keeps getting shorter, patching is a less effective defense

Automation for testing and deployment needed

Days Between Patch & Exploit

180

Nimda

Source: Microsoft, 2010

331

151

25

SQL Slammer

Nachi Blaster

Finance Institutions: Patching is Top Automation Target

IT ServiceSW upgrades & patchesBackupsMonitoringTicketing

Response*75%61%58%38%

*Out of 174 finance IT leaders when asked – by Kaseya – their top 2011 target for automation

4 Best Practices for Patch Management... + 1 Bonus Tip

Discover & assess

Identify & test

Evaluate & plan

Deploy & remediate

Automate

1

2

3

4

5

Best Practice #1Discover & Assess

Are there any threats in your environment?Has anything changed in your operation?Do you have an accurate, current inventory?Can your infrastructure support patch management?

Discover & assess1

Best Practice #2Identify & Test

• How do you learn about new patches?• How do you decide if the patch relevant? Needed?• Which PCs/servers will need a patch?• What is/are the system priority/ies?• Which systems are most vulnerable?• How will you test the patch itself?

Identify & test2

Best Practice #3Evaluate & Plan

How do you ensure all parties agree with “need to deploy?”Exceptions?

How will you install the patch?PC vs server? Corporate vs remote?Do you combine with other tasks?Who will do it?

When will you install the patch?How will you test an installed patch?

Do critical business functions still “work?”How much testing is required?Where does testing occur?

Evaluate & plan3

Best Practice #4Deploy & Remediate

• Pre-deployment– Do you notify users? Support?– Do you provide training?– Did you check all your distribution/deployment points?

• At deployment– How do you monitor patch distribution progress?– How do you deal with slow connections?

• Post-deployment– How do you deal with exceptions?

13

Deploy & remediate4

Best Practice Bonus TipAutomated Patch Management• Assess

– Use predefined, predetermined network scans to assess installed - and uncover missing - patches

• Identify– Create alerts to capture new software added to inventory– Create new patch schedules, where needed

• Evaluate– Create periodic vulnerability reports - and compare to patch policy - to

determine which patches are needed– Create patch-analysis and patch-test scenarios

• Deploy– Schedule patch distribution by time, by system, by group, or by user-defined

collection of systems– Create exception-handling routines– Create real-time deployment reports for users and management

Automate5

Recap: 4 Best Practices for Patch Management + 1 More

Determine current state of environment

Employ procedures to obtain patches and stack-rank for use across environment

Develop patch deployment policy and schedule, as well as a corresponding exception plan

Coordinate distribution with stakeholders, manage patch exceptions, and compile relevant reports

Automate to reduce delivery cost, improve staff productivity, and ensure system performance

Discover & assess

Identify & test

Evaluate & plan

Deploy & remediate

Automate

1

2

3

4

5

Deploy & remediate4

About Kaseya• Value Proposition

– A single Kaseya user can proactively manage 1,000s of automated IT systems tasks in the same amount of time required by a team of technicians using other techniques.

• Key Facts– Founded 2000 & HQ in Switzerland– Privately held, no debt, no external capital requirements– 33 offices worldwide in 20 countries with 450+ employees– 10,000+ customers– 5,000,000+ assets managed– Patented technology and FIPS 140-2 compliant

Patented#7,827,547

The Kaseya Solution for Automated Systems Management

Comprehensive Automates all systems

management tasks Integration friendly Scalable and flexible

Uncomplicated Lightweight, 1 agent Cross platform Easy to install & use

via a single pane

Affordable On-premise or cloud

http://www.kaseya.com/products.aspx

Integrated Patch ManagementAutomated scans, policies, deployments & reports

http://www.kaseya.com/get-started/demo.aspx

No WSUS!

Our CustomersOther Market

LeadersUniversities and K-

12 SchoolsHospitals and Care

Facilities

Proven ROI

• Cano Petroleum (100 PCs) usedEE to demonstrate SOX compliance with 100% IT control

• Integrated Health Management (250 workstations) achieved target HIPAA compliance every year since EE first deployed

• BankFirst (150 PCs) used EE to satisfy FDIC compliance regulations – since 2007

Reduce Risk

• Advanced Motion Control (500 workstations) used EE to reduce monthly CADD updates from 2 hrs/PC to 5 mins/PC

• Redbox (10,000 clients) used EE to reduce number of kiosk-technician visits by 90% in 1 year

• National Health Service (1,000 PCs) saved 15 hrs/month on mandatory SW updates with EE

Reduce Cost

• Family Health Center – San Diego (1,000 PCs) deployed EE and improved core application uptime from 85% to 99.6%

• Virginia Tech (500 PCs) used Remote Access (IT Toolkit) to decrease MTTR by 83%

• N. Conejos School District (500 clients) saved $100K with automation and increased PC availability from 80% to 99%

Improve Service

Other AccoladesIndustry Awards Industry Reviews

“Kaseya's products have a reputation for being easy to install and use, compared with many competitive products.”

Gartner, 2011 (#G00209766)

“Service automation is vital to IT success. Kaseya is purpose-built for this next era of computing.”

OVUM, 2010 (#TA001974ITM) “Kaseya’s strength lies in the ease of implementation, support for their customers, and comprehensive service level management.”

IDC, 2009 (#219336)

“Kaseya’s IT Automation Framework can help many types of IT management organizations. Quickly. Affordably.”

EMA, 2008 (#1429091307

Polling Question #2

Would you like to learn more about …

- Yes, I’d like to try Kaseya free for 30 days- Yes, but I have no idea what Kaseya costs- Yes, please have someone contact me- No, not at this time

ON24 INSTRUCTION – Do not push results of this poll

Q&A

Please Submit Your Question Now

Q&A and Resources

• Explore Kaseya Patch Managementhttp://www.kaseya.com/features/patch-management.aspx

• Learn More About Kaseyawww.kaseya.com/PPSresources

• Contact Ussales@kaseya.com or toll free +1 877-692-2003

• Join the Kaseya Conversationwww.kaseya.com/community.aspx