The traditional thinking in IT is that by patching Microsoft OS, the IT shop has effectively protected the environment from the most likely entry points. This could not be more wrong! Microsoft and Apple have both made aggressive moves in how the OS is patched, which will cause cybercriminals to shift their focus on haphazardly managed 3rd party software to exploit.
You are more vulnerable than you think!
The traditional thinking in IT is that by patching Microsoft operating system instances, you are protecting your infrastructure from the most likely entry points. While that may have been true at one point, it is no longer the case.
In recent releases, both Microsoft and Apple have made aggressive and positive moves in how the OS is patched, which is causing cybercriminals to shift their focus to haphazardly managed third-party software for exploitation.
The most widely used third-party applications are the best hacker targets. According to the Common Vulnerabilities and Exposures index, Google Chrome, Mozilla Firefox, and Adobe Acrobat Reader DC are ripe with loads of vulnerabilities. Other universally used software with numerous vulnerabilities include Apple iTunes, Oracle Java SE Development Kit (JDK), and Microsoft .NET Framework.
Until these applications are addressed, you are more vulnerable than you think.
The good news is that the majority of vulnerabilities can be stopped by staying current with patching across third-party applications.
The bad news, unfortunately, is that MSPs are generally not nearly as well versed in keeping third-party apps up to date as they are with Windows and Microsoft apps. The 2018 Kaseya MSP Benchmark Survey found that only 67 percent of MSPs provide third-party software patching and updates to their customers. And many are doing so manually.
The answer lies in taking a holistic approach to patch management that fully embraces third-party applications. A solution is needed that features unified management across all work streams, comprehensive visibility of multiple of interfaces, and scalable automation that provides administrators with critical control via profiles and policies.
Kaseya has such a solution – VSA now includes software management capabilities to simplify and automate patching and update third-party software.
MSPs such as Dataprise are putting patching and automated software management to use. In fact, Dataprise uses the solution to manage its Macs the same way it handles PCs.
“VSA is an extremely powerful framework that allows us to create real, impactful automation,” the company notes. “Software management is so much more than just patching. Our ability to create custom agent procedures and scripts to meet any customer requirement is a game changer. It allows us to take automation to the next level and deliver a higher caliber of service to our customers.”
The unified interface is a key benefit. “Kaseya’s single pane of glass is one of the most invaluable features of VSA. We live in a ‘tab-world,’ and the more tabs and consoles you need to log in to, the more complex and inefficient your process becomes. With VSA’s single pane of glass, we can see of all our modules and documentation across all platforms in one place. This holistic visibility allows us to be confident that we know the status of all our customers’ environments at any given time, and you can’t put a price tag on that.”
Tune into the Kaseya Webinar: You are Exposed: Managing 3rd-Party Software to learn what steps to take to keep your third-party software safe.
Original post can be found here: http://blog.kaseya.com/blog/2018/06/07/third-party-software-at-center-of-growing-vulnerability-risk/
To view all of our Kaseya Blog posts, visit: http://blog.kaseya.com/