I'm currently re-evaluating our patch management strategy for a small environment with about 100 endpoints. Right now, we have a setup that uses Apache as a web server, which can't be patched individually. Because of this, we often see a constant stream of vulnerabilities showing up in our Nessus scans.
One concern I've heard about cloud-based patch management solutions is that they typically require a service account with local admin credentials. Although these credentials are stored locally, encrypted as an LSA secret, and aren't sent externally, I'm wondering if this presents a significant security risk. What do you all think?
3 Answers
Our remote monitoring and management (RMM) system takes care of updates seamlessly, whether the devices are connected through a VPN or onsite.
We use Action1 for patch management across 270 endpoints. It's a cloud solution and it's free for up to 200 endpoints, so that fits our budget pretty well. It also has a remote desktop feature, which is handy. It’s not the best out there, but it gets the job done.
Regarding your concern about service accounts: it all depends on the specific solution. In many cases, the agent typically acts as SYSTEM, so it doesn't use credentials embedded in any accounts. We use Intune for our patch management, and it works really well, though it might be more than what you need for just managing 100 devices.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures