War is on.
Attacks are becoming more sophisticated, hackers are becoming smarter, and so should be the defenders.
The attacker eyeing your organization is looking for the misconfiguration that will let them in. So should you.
At Gytpol we are always on the lookout for these misconfigurations, as they could be exploited by threat actors resulting in a cyber-attack such as ransomware.
Common causes of misconfiguration are human error. This is where the IT practitioner either lacks the correct skills for the tasks at hand, or they falsely believe that the task has been completed correctly.
At Gytpol we frequently witness and report Software-update management mistakes. In this post we will cover some of the common ones, and how to find them.
Keeping your OS and other applications up to date with the latest patches is important to ensure you have all the critical updates to keep your environment secure.
Patch Tuesday is the name given to when Microsoft releases its Cumulative Updates (CU) which is typically the second Tuesday for each month (and sometimes the fourth Tuesday).
Most organizations will use the Microsoft SCCM tool to manage software updates. There are many great guides or online videos which can walk you through the steps to achieve this using the tool. The general process is:
If you are familiar with the process you will know there are many steps and configurations required to perform what appears a simple task.
However, there are two types of misconfigurations which can cause a security risk and act as an initial attack vector by hackers
To keep an organization secure, the IT and SecOp teams need to ensure all endpoints are patched and up to date. They need the visibility on the status of patch updates on all endpoints including those who are remote and not connected via a VPN.
Gytpol Validator is helping organizations overcome these two common misconfiguration scenarios.
Firstly, it monitors all workstations and servers in an organization and will identify & alert to IT Admins and SecOps when the baseline is out of date / missing critical patches. Secondly, it will also report which endpoints have not been updated and allowing remediation actions to be taken. Gytpol is constantly reporting the endpoint status, whether it’s connected to the network or working from home remotely.