Patching is the process of repairing system vulnerabilities discovered within the infrastructure or an enhancement to an existing application with addon features. The number of patches required on a consistent basis can be overwhelming. Therefore, it is necessary to devise a patch management process to ensure the proper preventive measures are taken against potential threats, and to assist in attaining new features.
For smooth patching, there are three important processes that are required:
- Pre-Patch Process
- Deployment Process
- Post-Patch Process
Kaseya offers to simplify this patch process by introducing a new module called Software Management. Software management is a vulnerability and patch management module for Windows and Apple platforms. It also manages deployment and updates of popular 3rd party software.
Pre-Patch process:
Before deploying patches to machines/infrastructure through Kaseya, it is important to determine whether the patches being released are safe to be pushed out. Microsoft releases several patches on a weekly basis, but some of them can cause issues within your environment. So, it’s very important to validate the authenticity of these newly released patches.
Kaseya’s Software Management module make this process a lot smoother for MSP’s by offering certain functionalities. The first of which is the “Scan and Analysis” profile. Admins can schedule specific scan profiles for a specific set of machines/groups/organizations. Furthermore, Kaseya admins can either fully or partially set a category of patches to be approved or denied, and later chose to perform actions on the remaining patches individually as deemed fit.
Deployment process:
Once analysis is done, software management offers a “Deployment” profile to further ease up the process with deployment. This gives flexibility to MSP’s using
to choose a day and time for patch deployments to machines/groups/organizations.
There are a few other key features, such as Pre-Post procedures, different reboot actions, and Blackout window, which prevents patches from being on the machines during a certain time frame.
Post Deployment process:
Lastly, there is the post deployment process. Throughout this process, results can be monitored through the Kaseya Software Management tabs, “Dashboard” or “Machines”, which will give all the necessary details related to pending vulnerabilities and the deployed set of patches.
Along with this, alerting can also be configured when a new patch is available, deployment fails, or OS auto update changes. Override profiles can also be created on top of deployment profiles for a global stop or push on the deployment of any specific patch or patch category.
Need help in getting this process implemented in your infrastructure? Contact us to set up a meeting!