Skip to main content
Tag

wsus

|||

10 Reasons You Should Stop Using WSUS

By BlogNo Comments

10 Reasons You Should Stop Using WSUS

What are the downsides to using Windows Server Update Services (WSUS)? Find out why WSUS can't be relied on to protect your organization.

[vc_empty_space]
[vc_single_image image=”365736″ img_size=”full”]

What Is WSUS and how does it work?

Microsoft Windows Server Update Services (WSUS) is an add-on Windows operating system product for installing Microsoft product updates. Typically, every corporate network has it by default.

However, relying on WSUS to protect your corporate network might not be a good idea. In this article, we will share the downsides of WSUS which make it an unreliable solution for protecting your organization from cyberattacks.

[vc_separator]

1. Set Up and Product Configuration

WSUS is difficult to set up and configure due to a long list of system requirements for both the Server and Client sides of the product. Additionally, it is time-consuming to configure the system, so that it both checks and automatically applies updates.

Even if you spend time modifying the settings, WSUS can still fail at synchronizing on particular devices. You will have to look for a problem manually if it occurs on an unsynchronized device.

 

What Syxsense offers instead:

Syxsense can be completely set up in under 5 minutes with a lightweight agent. After it is set up and configured, Syxsense provides 100% visibility into your corporate system. You will be able to see all the endpoints (servers, desktops, laptops, and more) that are based on Windows, Mac, and Linux.

Additionally, you’ll be able to check the device inventory and its history to make sure that there are no serious vulnerabilities and the results of the completion of your tasks are satisfying.

[vc_separator]

2. WSUS Isn’t Actually Free

Though WSUS is stated to be free, it is supported exceptionally on Windows Server, which requires an expensive license. Overall, WSUS’s hidden hardware, software, and operational expenditures can reach over $120,000/a year for a system with 500 devices.

 

What Syxsense offers instead:

Due to its cloud-native architecture, Syxsense requires neither on-premise servers nor maintenance by end-user, which makes it much less expensive while increasing the effectiveness of all IT security processes.

[vc_single_image image=”365745″ img_size=”full” css_animation=”fadeIn”]

3. Lack of Reliable Automation

WSUS doesn’t allow to automate IT workflows with complex logic, so system administrators will have to complete more manual work to organize security processes properly. As threats continue to evolve, automation is becoming critical for IT departments.

 

What Syxsense offers instead:

Syxsense Cortex is a drag-and-drop visual interface that allows automating complex IT and security processes without creating a single line of code. It is possible to automate linear sequences of actions and even the sequences that have more than one possible further action.

[vc_separator]

4. Insufficient Reporting

WSUS doesn’t provide adequate reporting on network-wide vulnerabilities, and IT security specialists have to patch together reports from several sources and hope they have accounted for everything. Besides, WSUS offers no exportation of reports to different file formats. This lack of reporting can result in unpatched vulnerabilities going unnoticed and failed audits.

 

What Syxsense offers instead:

Syxsense reports give the proof of patched and secured devices necessary for compliance agencies like HIPPA, SOX, PCI, or documentation for executives.

[vc_separator]

5. Device Discovery

Device discovery with WSUS is a very time-consuming process, as discovery takes place once in a determined period, and can’t be done more often on-demand.

 

What Syxsense offers instead:

Due to a two-way open connection, Syxsense provides adaptive device discovery, which means that you can see every device on your network and its inventory in real-time.

It is possible as you get all the necessary fresh data directly from the device avoiding its storing in a database. Thus, you can discover any new device connected to your network on-demand. Also, automatic discovery takes place after the pre-identified periods.

[vc_single_image image=”38151″ img_size=”full” onclick=”custom_link” css_animation=”fadeIn” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

6. Patch Inefficiency

WSUS doesn’t push a given patch instantly. All the agents have to check in and approve patch installation on the workstation, which could be days depending on the environment.

 

What Syxsense offers instead:

If any approvals are needed, Syxsense can be controlled remotely with micro-agent technology.

However, to install new patches, the software doesn’t require any approvals. Syxsense allows to schedule maintenance windows out of office hours and automatically pushes all the necessary patches within the scheduled time-lapse.

[vc_separator]

7. Compatibility & Third-Party Patch Management

Most companies include non-Windows operating systems into their infrastructures, and WSUS is designed to work with only Windows solutions.

WSUS also works inefficiently with third-party applications, like Oracle or Mozilla. To patch such software, you will have to design a complex workaround, and still, you won’t get an intuitive catalog that is easy to work with. Given that third-party applications increasingly serve as a backdoor for cybercriminals that let you into corporate systems, this is one of the biggest downsides of the WSUS.

 

What Syxsense offers instead:

Syxsense deals equally well with devices based on Windows, Mac, and Linux. Additionally, Syxsense has an industry-leading database of third-party application patches and the database is constantly updating.

[vc_separator]

8. Inability to Quarantine

Even if you detected an infected device, it is impossible to isolate it from the corporate network via WSUS to save other devices from infection until you fix the issue.

 

What Syxsense offers instead:

Syxsense software allows quarantining an infected device to protect the whole corporate network from malicious programs. And though the quarantined device is isolated and doesn’t threaten other endpoints, you still have full access to the device which allows you to remediate it from the same console.

[vc_separator]

9. Patch Status Updates

WSUS doesn’t update on patch status for all devices properly. Moreover, it doesn’t send notifications on the reason for the failed updates.

You may think that you patched your system, however there may still be critical vulnerabilities left unfixed. This leaves your organization vulnerable to cyberattacks.

 

What Syxsense offers instead:

All the patch statuses are updated in Syxsense in real time, so you can be sure that your network is 100% protected.

[vc_separator]

10. Inability to Distribute Software

It is impossible to distribute new software through WSUS, so in case you decide that your employees have to work with a new solution, you have to install it manually or buy another software to distribute the application automatically.

 

What Syxsense offers instead:

Syxsense can not only update existing software, but also automatically distribute new software from the cloud over all the devices in the corporate network.

[vc_separator]

Is WSUS Worth It?

With so many downsides, WSUS is extremely difficult to work with. Many IT professionals will spend countless hours trying to make the product work for their organization, only to end up frustrated and inevitably exposed to threats.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind with Syxsense and set up a free trial today.

[vc_single_image image=”331859″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1632759194629{padding-right: 60px !important;padding-left: 60px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”]
||||Microsoft WSUS is Not Enough||||

Why Microsoft WSUS is Not Enough In 2022

By Patch ManagementNo Comments

Why Microsoft WSUS is Not Enough In 2022

With just Microsoft WSUS, can you keep your network and IT infrastructure protected from unpatched software vulnerabilities?

[vc_empty_space]
[vc_single_image image=”38784″ img_size=”full”]

What’s Better than WSUS?

You may already have Microsoft Windows Server Update Services (WSUS) in your IT environment for deploying Microsoft product updates to your Windows workstations. However, have you thought about patching non-Microsoft software that you run on your enterprise computers?

These non-Microsoft software products, such as Oracle, Java, and Adobe Reader, may expose your corporate environment to vulnerability exploits when left unpatched.

Manage Microsoft, Linux, Mac, and Third-Party Applications

Syxsense is a powerful solution for deploying, managing, and reporting on MicrosoftMacLinux and third-party patches on tens of thousands of workstations and servers across your enterprise.

# Features Microsoft WSUS Syxsense
1 Patching Microsoft Software Updates Yes Yes
2 Patching Non-Microsoft third-party Software Updates No Yes – See an industry-leading library of supported third-party products.
3 Visibility into Application Inventory Limited Hardware Inventory; No Software Inventory Yes – Microsoft & other third-party applications, hardware inventory, disk space & other metrics. Inventory history to compare devices state change within time.
4 On-Demand Patching No Yes
5 Reporting Visibility into Patched and Unpatched Systems and Software Limited Yes – HIPAA, SOX, & PCI Reports offer both executive summary and detailed information about the vulnerability status of your environment. No programming necessary.
6 Filtered Views No Yes
7 Scheduled Approvals No Yes
8 Notification of Failed Updates Limited – Does not provide information on why the update failed Yes – Provides information in both reports, dashboards offering a quick path to redeploy.
9 Patch Scheduling Limited – Basic patch scheduling such as choosing a particular hour of the day, and optionally a single day of the week, with the hope the target machine is actually powered on at that time Yes – Push patches at discrete times to accommodate different time zones and network impacts of patching large numbers of endpoints.  Set maintenance windows to automatically maintain a fully patched, secure status.
10 Wake-on LAN for booting target systems for patch management No Yes
11 Third-Party Pre-Built & Tested Packages No Yes – For many common applications
12 Custom Package Creation No Wizard-driven – Package Creation Wizard for complex before and after deployment scenarios
13 Client Health Diagnosis & Remediation No Yes – Device Health
14 Device Quarantine No Yes – It allows isolating potentially vulnerable devices from the network to check and remediate any issues without creating a threat for other endpoints
18 Device Discovery Yes. Yet, discovery takes a lot of time, as endpoint check-in to the WSUS server after a defined interval. Yes – Syxsense shows the system state in real-time, so new devices are discovered immediately.
21 Remote Control Yes – However, the process defers depending on the Windows version, so you have to figure out how to organize remote control every time Yes – And the process is simple and intuitive
23 Detection Logic and Default Patch Supersedence No. WSUS does not automatically decline superseded updates in favor of the new, superseding update. Yes. Patch supersedence is completed by default, so you don’t have to research which updates are required.
25 Software Distribution No Yes
26 Visual Drag-and-Drop Interface For Complex IT Workflows Automation No Yes – An intuitive no-code interface allows you to create and schedule complex workflows in just a few minutes

 

Why Syxsense?

Syxsense maximizes your investment in security and allows you to patch all endpoints with more visibility, control, and reporting from the simplicity of a single, centralized, intuitive interface.

Syxsense gives you key management capabilities that help you simplify the entire patch management process from patch notification, to import/synchronization, publishing, approvals, deployment, scheduling, reboots, and more.

Patch Management

WSUS lacks the ability to patch applications outside of Microsoft products. It also struggles to effectively schedule patches and report on patch status, superseding patches, inventory, and its history.

Additionally, WSUS leverages stale data. With the time between the discovery of a vulnerability and the emergence of an exploit decreasing, threats require immediate responses. Besides, with WSUS, it’s impossible to quarantine the device until the problems with it are solved.

The Syxsense Advantage

Syxsense allows you to:

  • See your full inventory and vulnerability status
  • Prioritize and deploy patches based upon severity, and manage superseding patches effectively
  • Start patching endpoints within minutes
  • Automate complex IT workflows with intuitive no-code interface
  • Discover new devices entering your network in real-time
  • Quarantine the devices that pose a threat to the entire network
  • Distribute software across all the endpoints within maintenance windows

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1591217514287{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||||

Why WSUS and Remote Work are Incompatible

By BlogNo Comments

Why WSUS and Remote Work are Incompatible

How do you keep a remote workforce secure? WSUS is not only a nightmare for work-from-home, it could also be putting your network at risk.

[vc_empty_space]
[vc_single_image image=”38766″ img_size=”full”]

Securing Remote Devices for COVID-19

As the COVID-19 pandemic continues to stretch across the globe, many organizations are protecting their employees and communities by maintaining a remote workforce, creating an entirely different health concern: keeping devices secure.

Connecting these large numbers of home users to corporate resources is pushing enterprise VPN’s to a breaking point. Imagine hundreds, if not thousands, of remote devices checking-in to the same corporate environment via VPN. These devices will require security updates at least monthly, and that can cause severe contention across that same connection.

For Windows devices, which many administrators patch using WSUS, the average combined Patch Tuesday of Windows and third-party updates from December 2019 to the present is 1.5GB – 1.6GB per device. An organization managing 500 remote devices alone may expect up to nearly a terabyte of outbound traffic to keep the devices patched and up-to-date.

[vc_single_image image=”38056″ img_size=”full” onclick=”custom_link” css_animation=”fadeIn” link=”https://www.syxsense.com/wsus-patching-alternative”]

If you’re still using WSUS for patch management, there’s a better strategy for managing and protecting your business.

WSUS Creates Massive Headaches for Remote Work

With or without VPN, WSUS alone can be a nightmare. First of all, it’s a Windows-only solution thus limiting its usefulness. Devices require direct access to the WSUS server (whether one or many WSUS servers which increase the headache) and sync failures are common. Administrators are forced to manually approve each and every update as well as there is no support for any third-party applications whatsoever.

There’s a massive dependency on Group Policy management, which limits the effectiveness for roaming devices, as well as the on-premise content repository that must be constantly maintained. Even if patching is successful, how do you know? Reporting is always limited and end-users are known to defer reboots indefinitely. It’s hardly an update service, and more of a burden.

What should organizations do?

The simple solution is to migrate all patching services, both operating system and third-party (which WSUS cannot provide), over to a cloud-based architecture. Forget managing Classifications on-premise with WSUS. Forget standing-up WSUS replica servers, which increase administration and storage costs. Forget relying on the work-from-home users to connect via VPN to manage them.

Syxsense is a fully cloud-based solution that helps organizations better secure their endpoints through software patching, deployment, remote assistance, and vulnerability scanning. By default, Syxsense provides auto-approval strategies to ensure the right updates are approved while leaving the optional and problematic updates to the side.

The solution follows the same security protocols as VPN to adhere to any industry: 2048-bit encryption, multi-factor authentication, and even location security so that only specified networks have access for management.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

The Real Costs of WSUS

By Patch ManagementNo Comments

The Real Costs of WSUS

Although WSUS comes with Windows, it isn't necessarily free. Consider the hidden expenses and headaches that come along with Microsoft's tool when managing your environment.

[vc_empty_space]
[vc_single_image image=”37988″ img_size=”full”]

Is WSUS Actually Worth It?

“Why should I pay for an IT management tool? I get WSUS for free with Windows!”

While WSUS might come with Windows, it is certainly not free—there are hidden expenses to consider.

Looking at the number of hours wasted and additional software needed to fully manage your environments, WSUS comes out as more expensive than any paid-for IT management software.

According to analysis by Tolly, using WSUS requires an average of 2,454 hours of labor per year. With an assumed IT labor rate of $50/hour, that’s $122,700 a year! Then you have to factor in the management of servers, Mac devices, Linux devices, and third-party software.

Why Syxsense is the Better Choice

Spending so many resources on only updating your Windows OS is a dramatic waste of the time your IT team could spend on more critical or interesting projects.

Implementing a solution, such as Syxsense, will simplify your deployment process. From a single browser Syxsense can manage PCs, Macs, and Linux devices, as well as devices inside and outside the network. You can also deploy third-party software, track task status, generate reports, and more. You can manage and secure everything, everywhere, all from the cloud.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patch management and vulnerability scanning.

With an IT management solution like this, you save money. The cost of the software is offset by the time and resources reallocated into IT projects that improve your company.

Proactively Protect Your Organization

It’s important to get the most out of your investment, and in this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense|||” css=”.vc_custom_1587528997190{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||||||||

Can You Trust Your Vulnerability Report?

By Patch ManagementNo Comments

Can You Trust Your Vulnerability Report?

Vulnerability reporting is critical, but not every patch management tool provides data you can rely on. Compare Microsoft ‘WSUS’ and Nessus to Syxsense.
[vc_empty_space]
[vc_single_image image=”33130″ img_size=”full”]

IT Reporting Isn’t Always Accurate

If you have yearly governance audits, you know how stressful it can be when your patch management tool provides inaccurate reports or evidence that auditors can use to fail your accreditation. Let’s explore several industry standards to compare the results of the toolset against the devices themselves, to see if there are conflicts or discrepancies—something you should know before your audit.

We will base our accreditation on an industry standard of PCI/DSS compliance. Any company which processes credit card information should conform to a level of PCI/DSS. The different levels of PCI/DSS are dependent on the size of the business or transactions processed by that business yearly.

Another critical thing to note—if a data breach occurs, the amount of compensation paid in the form of fines vary dramatically on that level. This is why companies that process billions of transactions a year must attain the highest level of PCI/DSS to safeguard their business.

Evaluating WSUS and Nessus Reporting

The two well-known patch management tools we will use in this review are Microsoft ‘WSUS’ and Nessus. Nessus uses the Tenable detection engine and is know as one of the industry “go to” tools for audit software.

We have a device installed with Windows 10 Enterprise (1903) and Windows Server 2012 R2, and several updates are needed on both systems. To create a baseline for comparison, we have used Syxsense to deploy all updates missing to the device, and have rebooted multiple times to ensure all updates have taken.

Windows 10 Enterprise | Feature Update 1903

1. Syxsense records no updates are needed.

[dt_fancy_image image_id=”33134″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]
[vc_separator border_width=”2″]

2. Next we performed a full scan of the device using Nessus which uses the Tenable detection engine.

[dt_fancy_image image_id=”33146″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]

Nessus reports two updates are needed.

[vc_separator border_width=”2″]

3. We did the same for WSUS and performed a full scan.

[dt_fancy_image image_id=”33155″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]

WSUS reports everything is up to date.

[vc_separator border_width=”2″]

Windows Server 2012 R2

1. Syxsense records no updates are needed.

[dt_fancy_image image_id=”33178″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]
[vc_separator border_width=”2″]

2. Next we performed a full scan of the device using Nessus which uses the Tenable detection engine.

[dt_fancy_image image_id=”33167″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]

Nessus reports a huge host of updates are needed.

[vc_separator border_width=”2″]

3. We did the same for WSUS and performed a full scan.

[dt_fancy_image image_id=”33170″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]

WSUS reports only 1 update is needed.

[vc_separator border_width=”2″]

4. We downloaded the binary from the Microsoft site and tried to install it manually.  You can see from the screen shot that the update reported by WSUS was not actually needed.

[dt_fancy_image image_id=”33172″ width=”” border_radius=”1px” image_decoration=”shadow” shadow_h_length=”1px” shadow_v_length=”1px” shadow_blur_radius=”2px” shadow_spread=”1px” shadow_color=”rgba(219,219,219,0.6)”]

Manually running the patch binary.

[vc_separator border_width=”2″]

Examining the Results

We are most surprised that the patch management toolset, known globally as one of the best and most accurate detection toolsets, provided the most false positives against WSUS and Syxsense. If our customers were using this toolset alone, we can only imagine what issues they would have using these reports as evidence of compliance against PCI/DSS.

What should concern anyone using WSUS for their compliance needs is that WSUS reported an update was needed, but could not even be installed manually.

Many tools do not detect or correctly report patch supersedence (which is when a new patch makes the need for an old patch obsolete) and are showing that superceded patches are required and devices are non-compliant or vulnerable even though they are in-fact fully patched and complaint.

Can you imagine failing a PCI/DSS because of vulnerabilities which you were not even vulnerable for?

Leverage Syxsense Vulnerability Reporting

Over the few tests conducted, Syxsense proved to be the most consistently reliable at detecting the updates needed. If you are not using Syxsense for your vulnerability reporting, we recommend using multiple patch management toolsets to compare multiple sources. However, the penalty for failure for any breach could cost millions of dollars.

Additionally, Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patch management and vulnerability scanning.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial of Syxsense” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586984596067{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||||||

Is There a Patching Alternative to WSUS?

By Patch ManagementNo Comments

Is There a Patching Alternative to WSUS?

Still using WSUS for patch management? There might be a better strategy for efficiently protecting and managing your business.

[vc_empty_space]
[vc_single_image image=”38053″ img_size=”full”]

Still Using WSUS?

Tired of scouring through forums to figure out why WSUS isn’t installing updates? Do you keep getting errors even though you followed every step perfectly?

While WSUS is a free update tool, it is extremely limited. There is no way to track the status of your tasks, report on work done, or deploy non-Microsoft updates.

Why You Should Pay for an IT Management Solution

While WSUS might come with Windows, it is certainly not free. There are hidden expenses to consider. Looking at the number of hours wasted, and additional software needed to fully manage your environment, WSUS comes out as more expensive than any paid-for IT management software.

Spending so many resources on only updating your Windows OS is a dramatic waste of the time your IT team could spend on more critical or interesting projects.

Implementing a solution, such as Syxsense, will simplify your deployment process. From a single browser Syxsense can manage PCsMacs, and Linux devices, as well as devices inside and outside the network. You can also deploy third-party software, track task status, generate reports, and more. You can patch everything, everywhere, all from the cloud.

The Syxsense Advantage

Syxsense allows you to:

  • See your full inventory and vulnerability status
  • Prioritize and deploy patches based upon severity
  • Start patching endpoints within minutes

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1588108526444{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Microsoft Announces Critical Security Update For All Windows 10 Users

By NewsNo Comments

Microsoft Announces Critical Security Update For All Windows 10 Users

Microsoft has launched a feature called Tamper Protection that will make Windows 10 devices more secure for all 900 million users.
[vc_empty_space]
[vc_single_image image=”34927″ img_size=”full”]

After the release of Windows 10 version 1903 (May 2019 Update), Microsoft has officially announced the introduction of a new Tamper Protection feature for its Microsoft Defender Antivirus service.

Tamper Protection is a feature of Microsoft Defender (previously Windows Defender) for both corporate and consumer versions of Windows 10. When enabled, it hinders any changes to the Windows Security settings by other programs, so that the only way to change the settings is through the Windows interface using an administrator account.

Work on the feature began back in December 2018, when it was first rolled out to Windows Insider previews and starting this week, the feature is available for all Microsoft Defender users on the May 2019 Update.

“Customer feedback on deployment and other aspects of the feature were critical in our journey towards today’s GA.” – Shweta Jha of the Microsoft Defender team.

Microsoft stated that the feature will be enabled by default for all users in the coming weeks, in a multi stage rollout. (If users don’t prefer to wait, Microsoft has stated they can also enable Tamper Protection right now.)

According to Microsoft, with Tamper Protection, malicious apps won’t be able to perform the following:

  • Disable virus and threat protection
  • Disable real-time protection
  • Turn off behavior monitoring
  • Disable Defender’s antivirus components
  • Disable cloud-delivered protection
  • Remote security intelligence updates

Microsoft states that Tamper Protection halts and prevents security settings from being altered through third-party apps and methods such as:

  • Configuring settings in Registry Editor on a Windows machine
  • Changing settings through Powershell cmdlets
  • Editing or removing security settings through group policies

“Tamper Protection prevents unwanted changes to security settings on devices. With this protection in place, customers can mitigate malware and threats that attempt to disable security protection features,” Jha from Microsoft elaborated. “We’re currently turning on the feature gradually…We believe it’s critical for customers, across home users and commercial customers, to turn on Tamper Protection to ensure that essential security solutions are not circumvented. We will continue working on this feature, including building support for older Windows versions.”

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]

WSUS Can’t Handle This

By News, Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Microsoft Releases Fix for Patch Tuesday Blunder

When Patch Tuesday rolled out earlier this month, it came with an unexpected problem. Two updates, KB4480970 and KB4480960, created network shares accessing errors. Patch deployment strategies had to be halted and the update required removal.
Now, Microsoft has released a new update, KB4487345, that should fix the networking issues.
With the mess that this botched update created, Microsoft has shone a bright light on to the limitations of certain update software. WSUS, Microsoft’s own proprietary system, is one of the weakest available.

Deploying the previous, broken updates, along with this new fix, with WSUS would induce massive headaches. Essentially, you would be deploying your updates blindly. There is no function within WSUS to check if devices already have an update deployed. So, if you patched your Patch Tuesday updates as regular, you may have the broken updates on your systems. There is also no option to roll back updates. Uninstalling them would require an immense amount of work.
Even after you had figured out which systems had the bad updates, uninstalled them, and then deployed the fixed update, you’d still have a major problem. WSUS does not show the status of a task. There is no way to confirm within the software that an update was successful. This also means there is no evidence to prove you have executed this critical task.
There can be no more waiting in implementing a true patch management solution. Look to Syxsense.

Why choose Syxsense?
1. Detection: With Realtime security information, Syxsense displays the current state of your devices and software. This is a reflection of right now; not minutes or hours ago.
2. Roll Back Patches: Not only can you deploy updates with a strategic method, but the Patch Manager can also uninstall updates. The task can be configured to remove a specific update, or group of updates, from all devices or just a selection of them.

[vc_single_image image=”26877″ img_size=”full”]

3. Task Status and Reporting: Along with that Realtime data display comes accurate task status information. You can follow along as the task runs and analyze which devices succeeded or failed to implement the update. From there, our reporting section organizes vital information into easy to understand reports. These are perfect for emailing out to prove needed work has been completed effectively.

[vc_separator]

What is Realtime Security?

Syxsense Realtime Security pulls live data from thousands of devices, direct to a web console, in seconds. By eliminating stale data, IT management and security decisions are based on what is happening right now, not in the past.

[dt_default_button link=”url:%2Fsyxsense-trial%2F|||” size=”medium”]Start A Free Trial[/dt_default_button]

If device scans are run at night when devices are offline, hidden behind a firewall or roaming, security and IT teams have an incomplete view of their environment. Realtime Security eliminates blind spots enabling teams to manage their environment with 100% visibility.
With no steep learning curve, Realtime Security’s simple to learn web interface leverages AI, and empowers teams with the information and skill to act instantly.
Why juggle multiple consoles for device and security management? In a single place, security and IT operations can understand their exposed security risk, patch, deploy software, stop security breaches, satisfy compliance agencies and more.

Whether organizations are looking for endpoint security or IT management capabilities, including patch management, software distribution and remote control, Realtime Security is the only cloud-based approach to security and systems management which enables 10-second endpoint visibility and control thousands of devices.
Get started with Syxsense Realtime Security and manage your entire IT environment with a simple and powerful solution.

[vc_single_image image=”25591″ img_size=”full” alignment=”center” onclick=”custom_link” link=”https://www.syxsense.com/realtime-security”]
||||

Prepare for Patch Tuesday!

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”25975″ img_size=”full”]

Do you have a patching strategy? It should include turning off Automatic Windows update.

Patch Tuesday is here. To avoid the usual splitting headache, we recommend disabling automatic updates for Windows and implementing a reliable patch strategy.

Windows 10 updates whether you want it to or not…unless you know the trick. While we recommend that you always keep your systems patched, sometimes the updates are worse than the vulnerability, like the July Patch Tuesday this year.

Win10

If you have a Professional, Enterprise, or Education edition of Windows 10, you can turn off automatic updates, but the option is hidden. You need to pull yourself out of beta testing and then delay new versions by setting the “feature update” deferral to 120 days or more. Here’s what to do in version 1703, if you have a later version of Windows 10 these settings still apply, but the wording is slightly different.

  • Press Win-R, type gpedit.msc, press Enter. This brings up the Local Group Policy Editor.
  • Navigate the left pane as if it were File Explorer to
  • Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Updates.
  • Choose Select when Feature Updates are received.
  • In the resulting dialog box, select Enabled.
  • In the Options box, type in how many days you’d like to pause updates and then in the next field type in today’s date.
  • Click Apply and then OK.

If you want to you can repeat this process for the second setting in Group Policy named Select when Quality Updates are received. Keep in mind, however, that quality updates include security updates and skipping them is not the best idea. On the upside, security updates are cumulative meaning if you do skip these updates, you can download the next one and be up to date.

Win7 and 8

  • Log in to the Windows 7 or Windows 8 guest operating system as an administrator.
  • Click Start > Control Panel > System and Security > Turn automatic updating on or off.
  • In the Important updates menu, select Never check for updates.
  • Deselect Give me recommended updates the same way I receive important updates.
  • Deselect Allow all users to install updates on this computer and click OK.
[vc_single_image image=”25987″ img_size=”medium” alignment=”center” onclick=”custom_link” link=”https://go.pardot.com/l/62402/2016-08-30/2y9m9t”]

Patch Strategy

Your IT update solution should facilitate phased rollouts and have full rollback options. These are the necessary keys to avoiding data loss or device outages.

Step 1. Identify

You can’t manage your environment if you don’t know what devices are there and which need updates. An IT solution should also be able to manage roaming devices.

Plus, if data is stale, it could mean missing a device or update that was critical to secure. Detect the state of your environment with live, accurate, and actionable data.

Step 2. Test Group Deployment

Deploy the updates to a small group of devices. These devices should be of low impact to the overall productivity of your company. Once these devices have been successfully and safely updated, you can deploy needed updates without worrying about a massive disaster.

Step 3. Phased Rollout

Now updates should be distributed to any device that needs them. However, you want this task to preform around business hours. Updates are important, but so is avoiding interruptions of productivity. A maintenance window should be set up so that any update tasks happen before and after business hours.

And to facilitate a proper patching strategy, look to a comprehensive IT solution.

Syxsense

This is the solution for all of your patching needs. Syxsense can deploy updates to Windows, Mac, and Linux devices. It is a complete patching solution that can manage devices both in your network, but also roaming and out of the office.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Software Update Service

We understand that while updating software is the #1 way to protect your environment, it’s low on your priority list. As an IT department, you have other pressing tasks that you need your attention.

With our Software Update Service, you can move forward while we keep your devices up to date.

Our expert patch management team provides reliable support with detection and remediation for Windows and third-party software updates. We work closely with you to provide safe and efficient endpoint security with your own systems management tool or ours, Syxsense.

Our team will keep your IT systems reliable with endpoints updated and secure.