Patch management is just about the oldest secops task there is. And patch management isn’t exciting. But this is a great example of how boring things can also be the most important. It would seem like in this day and age, patch management shouldn’t be rocket science. We’ve solved this, right? Not in this ever shifting landscape of hybrid everything. Here’s the latest tectonic slip.
Microsoft has announced end-of-life for venerable old Windows Server Update Services. WSUS has been around a long time and is deeply embedded in in the patch management and vulnerability management processes at most organizations.
At this point WSUS is deprecated meaning it’s not going to be immediately removed from Windows but Microsoft isn’t going to be investing any effort into it. WSUS is on life support at this point and Microsoft is going to be herding customers away from it with increasing pressure as the end-of-life cycle progresses. In fact, there are rumors the WSUS team was disbanded and there are already rumors on Reddit of problems syncing WSUS.
So it’s time to start migrating away from WSUS, and end-of-life is by no means the only reason. Consider these points:
- WSUS doesn’t cover 3rd party applications and has trouble with drivers
- Without third party maintenance scripts (AJTek) large scale WSUS management is a resource drain and often unstable product
- WSUS isn’t actually free
- While WSUS offers patches it does nothing to enforce the client compliance and offers little in reporting who is or is not in spec, or why
- WSUS does nothing for hybrid workforces unless you hope to run WSUS over VPN
So, the natural question is what is Microsoft offering as replacement? First, there is no one universal patch management solution available from Microsoft. There is a strong dichotomy at Microsoft between clients and everything else. So, we will look at Azure Update Manager and the evolving patch management scene with Intune. And, equally important, we will examine the landscape of 3rd party patch management in these Microsoft offerings; spoiler alert, it’s not robust.
Traditionally there’s always been a gap in MS patch management that creates opportunities for ISV world to fill, and I think you’ll be impressed to see how our sponsor, Action1, delivers a modern patch management platform that automates OS and third-party patching, even on offline endpoints, while providing real-time visibility into vulnerabilities, enforcing remediation workflows and ensuring continuous compliance. We will demonstrate how Action1 achieves over 99% patch coverage across hybrid environments, eliminates the need for periodic scans and simplifies compliance tracking, all in a secure, scalable platform.
Please join us for this real training for free session.