How to Improve Your Security Posture With Tanium Patching
In this article
Given the complexity of an enterprise environment and its patching needs, an effective patching solution is key to a healthy and secure environment. Tanium can achieve this by supplementing, or even replacing, existing patching solutions such as SCCM. Tanium does this through robust reporting methods and therefore achieves and provides patch remediations at speed and scale.
Tanium allows customers to view the environment from a "single pane of glass," in which Windows and Linux hygiene and management are housed within the same tool. In leveraging the Tanium platform for patching requirements, patch maintenance can be significantly reduced — think days/months to mere hours.
WWT has developed operating system (OS) and third-party patching solutions across varying industries with the use of Tanium's Patch and Deploy modules, effectively moving organizations to a more mature patch compliance and reporting state. WWT has developed and deployed OS and third-party patch solutions to various endpoint types and form factors, such as:
- Organizations with as little as 16k endpoints, to organizations with well over 500k endpoints.
- OS platforms to include Linux/Unix (RedHat, CentOS, Oracle EL) and Windows OS, including legacy builds.
- Both physical and virtual server and workstations.
Engagement 1: Enhancing patch visibility and reporting
Challenge
After an organization experienced a security breach, WWT was brought in to review their patch capabilities, increase visibility into the environment and improve their patch compliance across the enterprise. Reporting was a major issue for the organization, because they did not have proper visibility into the environment.
During our assessment, it was determined that the lack of visibility left endpoints unpatched for years. The Threat and Vulnerability Management team (TVM), whose responsibility was to ensure remediation of vulnerabilities, lacked visibility which left the environment vulnerable to attacks.
Solution
WWT tailored a solution that spanned several operating groups. Using the integration with the Patch module and Splunk, we provided reporting solutions for zero-day and ongoing priority 1 findings, as well as overall environment patch hygiene. Reporting was both real-time, as well as historical, to allow leadership to track the patching lifecycle.
Outcome
The TVM team are now able to report on patch hygiene to executives with real-time data. This newly developed solution has enabled the organization to effectively manage the remediation process and overall patch lifecycle. The organization now has integrations with solutions such as Splunk, ServiceNow and other tools to allow for even more robust reporting.
Engagement 2: Improving patch hygiene and automation
Challenge
In an engagement with a utilities company, patch hygiene was to be supported by a managed service provider. When endpoints suffered attacks, an investigation into the true nature of patching of OS was conducted. Using Tanium Patch, Deploy and reporting capabilities of Asset and Trends, WWT discovered a large quantity of endpoints lacking recent OS and 3rd party software patches.
This gap spanned across Windows desktops, Windows servers and Linux servers. The customer not only needed to understand why these endpoints were lacking critical patches, but also work quickly to remediate.
Solution
WWT proposed the use of Tanium's Patch and Deploy module to assess current hygiene of all agented endpoints in the customer's environment. In addition to assessing hygiene, the WWT subject matter experts (SMEs) developed a robust OS and third-party patch process to remediate patching gaps.
Outcome
Scans were run against endpoints capturing the status of patching hygiene. This allowed WWT to provide customer leadership with gap analysis that highlighted the significant vulnerabilities in the enterprise. WWT SMEs developed a patch process for each OS team to bring vulnerable endpoints to a healthy state.
Our team of SMEs worked closely with the stakeholders to build detailed standard operating procedures (SOPs) for patch deployments. This material enabled the managed service provider to use the Patch and Deploy module to drastically increase patch hygiene.
Engagement 3: Providing sniper patch solutions
Challenge
This customer suffered from a lack of holistic patch coverage due to a current patch solution in place, coupled with a lack of visibility into endpoints and their respective patches in the environment. It was determined through a patch assessment that endpoints were missing patches and being reported to leadership as having already been deployed to the environment.
These endpoints were either knowingly being excluded from patch activities due to endpoint specifics such as business needs or offline endpoints or these endpoints were being excluded simply because failed patches and true patch hygiene was not measurable.
Solution
WWT provided a sniper patching solution that was able to target endpoints that were missed by the previous patch solution with minimal administrative work. For a zero-day or specific vulnerability, the customer was able to target highly vulnerable endpoints for quick remediation.
With the use of the Patch module, a customer would be able to successfully patch assets and maintain a greater security posture throughout the enterprise. Tanium's Patch functionality allowed for quick and effective patching exercises that addressed the security concern. To remediate, an out-of-band patch solution would be required (also known as a sniper patch).
Outcome
By utilizing the out-of-band, sniper patching methodology, the organization was able to improve and maintain a greater security posture.
Our approach
WWT adds value to the visibility organizations gain while deploying the Tanium platform by offering services that target inefficiencies associated with patch management processes. WWT reviews organizational processes to enhance the patching process.
Key activities include:
- Gap analysis of patch management relevant people, processes and patching tools.
- Rationalization of patching tools (overlaps, gaps, etc.) and product/technology recommendations.
- Determining whether current patch relevant teams are aligned with industry standard roles and responsibilities (RACI).
- Patch reporting and identification of patching key performance indicators (KPIs).
- Documentation of patch policy and procedures.
- Integration with third-party solutions.