Call: 1300 422 542

Calibre 1 Essential 8 Series: Patch Applications

patch applications

Calibre 1 Essential 8 Series: Patch Applications

This blog is part of a series of blogs on the essential 8 and how you can implement each in a cost-effective way.

 

Previous Blogs in the Series

Backups
MultiFactor Authentication (MFA) Maturity 1
Patch Operating Systems
Restrict Administrative Privileges
User Application Hardening
Microsoft Office Macro Settings

 

Introduction

Patching is so nice, it’s in the essential 8 twice!!  This time we’re in for a treat as we tackle applications on repeat.   This one line up with the previous blog Patch Operating Systems, however, addresses those application and productivity suites that lie on the operating system themselves.  These systems and applications often are a little more difficult to keep on top of than the operating system counter parts and the steps, and management of such systems is ever a challenge.    For the essential 8; applications are, office productivity suites (Microsoft Office), Web Browsers and their extensions, PDF Software, and security products, and then everything else*.  

*Everything else only matters at level 2+

 

Every (2) Day(s) I’m patch-(el)-ing, patch-(el)-ing

We maintain the same rapid 48-hour schedule for Known Exploited Vulnerabilities.  For Maturity 1, it’s only internet facing, at maturity 3, it’s all devices.  For the record, I agree with timeline, and believe that daily patching across the board lowers the risk of breach considerably.  However, your mileage may vary when weighed up against the balance of availability vs confidentiality & integrity – it’s a risk discussion, and I am happy to have the risk discussion with those to determine the best fit for your organisation.  The CISA has an RSS feed that you can subscribe to ensure you stay up to date, Calibre 1 also have our security team on top of this sort of thing, and are reviewing the KEV list as it updates and taking appropriate actions, so feel free to lean on our support team if that suits.  For Non-Internet facing devices, the patch cycle at each level is 1 month, 2 weeks and weekly.  For something that is going to be sorted by automation, I would look to set this up to be a daily task and have it automatically updated – in most instances, this is what happens.

 

I’m scanning and I know it!

A vulnerability scanner is deployed and in use on workstations – As discussed on the Patch Operating systems piece, Microsoft have created a fantastic offering that covers this niche in Microsoft Defender P2 – the best part is that it comes on the business premium offering of Microsoft 365, so in most instances this will just require rollout via the Microsoft Endpoint manager portal.  Those internet devices need to be scanned daily, and notification profiles can be set up for anything it finds.  At each level its simplest to set this up to scan weekly for all applications – However there is technically only a requirement for fortnightly for some applications.

Anything that’s end of life, end of support – replace it with something that’s getting active patching.

 

Conclusion

That’s really it for this one, we have 1 more to go to round out the Essential 8, but don’t wait!  Give us a call and let’s get started on bringing your ICT through the essential 8.  Not only do I appreciate talking to all you great people out there about security – but more importantly the Ukraine Russia conflict is something we’re all keenly aware of in the media, with petrol costs skyrocketing and projected to hit $2.50+ we are truly going to see small – medium businesses begin to suffer from ransomware attacks, and ultimately that kind of thing hurts the little guy more than it hurts everyone else.  Make sure you’re taking appropriate measures to address business continuity and give your layered cyber defence a boost by implementing the 8.  Give us a call – we’re here to help.

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email
Subscribe To Our Newsletter
Name*
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More To Explore

In The Media

2 Great Companies Come Together

A sign of further consolidation in the Australian ICT channel as Brisbane’s Azentro buys Adelaide’s Calibre One. The enlarged group, with combined sales of $A35m

Read More »

Find out what our team can do for your business.

Let us know how we can help

Contact Us
Name*
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.