Extend Microsoft Intune with Risk-Based Third-Party Patch Publishing
Data breaches and ransomware attacks are increasing exponentially. The number of data breaches reported per year has increased nearly 70% in the past five years. Eighty-five percent of IT decision makers report having suffered at least one ransomware attack over the same period. Organizations that fall victim to these breaches and attacks experience system downtime, damaged reputations, IP loss and other ill effects that lead to lost business. On top of that, they also face costs associated with detecting and responding to the breaches and attacks, notifying data subjects, data protection regulators and other third parties, and response activities after the breaches and attacks have been carried out, such as paying out compensation for victims and regulatory fines.
Also increasing over the past five years is the number of applications organizations deploy. Reports show the average number of applications deployed at organizations has increased 24% in that span, with much of that growth being fueled by the accelerated digital transformation of the Everywhere Workplace. It should therefore come as no surprise that third-party applications have become one of the most attractive attack vectors for cyber adversaries. Unfortunately, data breaches stemming from vulnerabilities in third-party applications are also among the most expensive and elusive, costing an average of $4.33M and taking an average of 286 days to identify and contain – meaning a breach occurring on January 1 would typically not be contained until October 13.
All this means organizations need to be diligent about updating their third-party applications, which can be challenging given the ever-increasing number of applications they must account for. Further complicating matters is the growing number of vulnerabilities to account for – an average of 61 are disclosed by the National Vulnerability Database (NVD) every day. On top of that, many IT teams find themselves struggling to retain talent and burdened with inadequate tooling. It’s no wonder that 71% of IT and security professionals find patching to be overly complex and time-consuming and 53% spend most of their time organizing and prioritizing vulnerabilities.
The good news is that organizations do not need to patch every vulnerability. In fact, only 4% of all Common Vulnerabilities and Exposures (CVEs) have been publicly exploited. The bad news is that identifying that 4% from the over 130,000 total vulnerabilities in the NVD is difficult for many organizations. Much of that difficulty is driven by deficiencies with traditional approaches to vulnerability prioritization and remediation that leave organizations exposed to a huge attack window:
- Patching only critical vulnerabilities based on the Common Vulnerability Scoring System (CVSS) v3 would cause an organization to miss out on patching 73.61% of ransomware vulnerabilities – a major gap for the 71% of IT and security decision makers that use the CVSS to score and prioritize vulnerabilities.
- Patching only new vulnerabilities is similarly insufficient, as 91% of current ransomware vulnerabilities were identified before 2021.
- Patching vulnerabilities only after they have been disclosed in the NVD is also a problem, as there is average latency of 13.7 days between the time a vendor publishes a ransomware vulnerability and the time of NVD disclosure.
This situation can be even more problematic for the many organizations that use Microsoft Intune to deliver applications and updates to their devices. While Intune offers comprehensive patch management capabilities for Microsoft applications, it provides no native functionality for updating third-party applications. Intune customers thus must rely heavily on manual processes or standalone patch management tools to keep their third-party applications updated. While these tools automate many aspects of the patch management lifecycle, most do not integrate directly with Intune or help IT teams properly prioritize vulnerabilities for remediation.
Introducing Ivanti Neurons Patch for MEM
Organizations invested in Microsoft Intune clearly need a better way to prioritize and deploy updates for their third-party applications – one that will both increase their level of protection against data breaches and ransomware attacks and decrease the strain on their IT teams. Ivanti Neurons Patch for MEM (Microsoft Endpoint Manager) is the answer.
Extend Microsoft Intune with third-party patch publishing
Organizations can maximize the return on their Intune investment while protecting against threats that stem from vulnerabilities in third-party applications with Ivanti Neurons Patch for MEM. From Ivanti’s Neurons cloud platform, Ivanti Neurons Patch for MEM publishes pre-tested third-party application updates directly to Intune. This enables IT teams to deploy third-party application updates alongside their Microsoft OS and application updates within Intune as part of their existing application lifecycle management workflows.
Proactively protect against active exploits
Ivanti Neurons Patch for MEM provides intelligence on known exploits and threat-context for vulnerabilities – including ties to ransomware – enabling organizations to prioritize remediation based on adversarial risk. Additionally, Ivanti’s Vulnerability Risk Rating (VRR) better arms IT teams to take risk-based prioritized action than basic CVSS scoring by taking in the highest fidelity vulnerability and threat data plus human validation of exploits from penetration testing teams.
Avoid failed patch deployments
Pre-tested patches and patch reliability insights in Ivanti Neurons Patch for MEM help organizations save time and avoid failed patch deployments. Ivanti thoroughly tests each patch content package we create. Testing is conducted in an extensive virtual environment to ensure the packages work across a wide array of application versions and operating systems before they are released to the product.
In addition, patch reliability insights from crowdsourced social sentiment data and anonymized patch deployment telemetry enable IT teams to evaluate patches based on their reliability in real-world environments before deploying them.
Streamline patch management processes
By providing the option to automatically publish third-party application updates into Intune for deployment as they come available, Ivanti Neurons Patch for MEM saves users time and effort and enables them to conduct most of their patch management activities directly within Intune. The pre-tested application updates in the solution’s patch catalog coupled with patch reliability insights save organizations additional time by helping them achieve more reliable patching with fewer failures.
The threat intelligence in Ivanti Neurons Patch for MEM helps further streamline patch management processes. For starters, this intelligence improves operational efficiencies by enabling IT teams to effectively prioritize patch efforts so they focus only on what matters. Additionally, available exploit and malware insight helps facilitate data and risk conversations between security and IT operations teams to improve operational collaboration.
Continue transition to modern management
Gartner has estimated over 85% of organizations will embrace a cloud-first principle by 2025 and will be unable to fully execute their digital strategies without utilizing cloud-native architectures and technologies. As a cloud-native solution, Ivanti Neurons Patch for MEM enables Intune customers to migrate their patching workloads entirely to the cloud without any additional infrastructure. Intune and Ivanti Neurons Patch for MEM combine to create a cloud-only solution that requires no on-premises infrastructure on either the Microsoft or Ivanti side.
Ivanti Neurons Patch for MEM also enables Ivanti Patch for MEM customers to progress from on-premises third-party patch management to the cloud.