Why Update Management is The Key to a Secure Software Environment
27 december 2019
Update management is very important for the continuity, performance and security of your systems. However, the management of updates can be very difficult and complex, leading some to simply disable or ignore them all together. As a result of this strategy, risks are emerging and companies are suffering from serious losses. CryptoLocker and WannaCry are perfect examples of ransomware attacks that had serious consequences for companies that did not manage their update and patch management ecosystem. Since prevention is better than a quick fix, Microsoft now offers a solution that facilitates the management of Virtual Machine (VM) updates on Azure. We took a closer look at the Update Management function for Azure VMs.
History of Update Management
I am sure many of the older system administrators have used the tools in the following image several times for update management and remember those days. Back then, it was necessary to pass manual patches to all systems in order to manage updates, a laborious and time-consuming process.
Later, SUS (Software Update Services) was released to help centralize Microsoft’s update management. SUS only updated Microsoft operating systems. Later, the new version of SUS, called “Windows Update Server”, was released and became the Windows Server Update Services (WSUS) that many companies still use. Using WSUS not only the Microsoft operating systems, but all the Microsoft products can be updated. Microsoft has also integrated the WSUS infrastructure into the System Center Configuration Manager (SCCM) tool and has introduced a new perspective on update management.
Update Management Challenges
Making update management a smooth process with long-term benefits is not as easy as it seems. Here are some challenges that are experienced frequently:
Lack of update management procedure
Missing development, test and pre-production ecosystems for update operations
No compatibility reports for existing environment
Detection of missing updates
Technical deficiency about update management programs
System outage problems related to poor planning
Lack of disaster recovery scenarios and procedures
New Solution: Update Management on Azure VM
In order to overcome frequent challenges when it comes to managing Updates, Microsoft came up with a new solution for Azure VMs. Update Management is the name of the new feature that manages the update of Azure VMs. You can quickly evaluate the status of available updates for your Azure VMs, initiate the installation of required updates, and review deployment results to verify that updates have been successfully applied to the VM. Azure Update Management is currently available as a preview.
Which operating systems does the Azure Update Management support?
Update Management is supported by the operating systems listed below (current at the time this article was written).
Windows: Windows 2012 and above
Linux: RedHat Linux 6 & 7, Ubuntu Server 12.04 LTS, 14.04 LTS, 15.10, v 16.04
Configuration of Azure Update Management
Update Management is not set by default on Azure VM. Click on the relevant VM to activate it, then go to the "Update Management" section under the "Operations" section. When you get there, a confirmation is sent to determine whether Update Management is enabled in the VM you have selected. If it is inactive, it will proceed from the section marked with red to activate the solution.
The Update Management tool requires some minor adjustments to control the compatibility. Moreover, there is information about how to make a payment for this data, which will be stored in Log Analytics. Activating the solution can take up to 15 minutes, during this time you should not close the browser window. After the solution is activated and the daily data starts to flow into the work area, it may take more than 30 minutes for the data to be available for analysis in the indicator table described in the next section. Program managers say that this timing will improve significantly in the future.
You can view the number of missing updates in the VM from the Update Management dashboard and a graphic representation. You can also check the compliance status of incomplete updates by severity level. If you have “hot fixes” that you need to update, you can create an update distribution for them, or load them immediately.
In zijn vorige blog “Next-Gen”- EDR gaf William Jansen de verschillen aan met Endpoint security, SIEM en de uitdagingen met standalone EDR-oplossingen. Nu gaat William in op de trend richting Managed Detection and Response, Cross Layer…
Grote organisaties maken steeds vaker de transitie van on-premise naar de cloud. De cloud voegt waarde toe, maar brengt ook complexiteit en hoge kosten met zich mee. Dave Leur en Lowin Vermeulen vertellen je hoe je blijvend het maximale uit…
Vaak is een endpoint device de belangrijkste ingang die gebruikt wordt door cyberaanvallers. Endpoint Detection and Response is een toolset voor opsporen, voorkomen en detecteren van bedreigingen. Lees meer hierover in de blog van William Jansen.