Smooth Sailing with Patch Management as a Service

Challenge

Streamline deployment of application security patches cross-fleet in a consistent and timely manner to employee workstations while maintaining a seamless user experience.

Solution

Microsoft-first framework leveraging Intune, Azure, and integrated vulnerability intelligence to automate, validate, and streamline global patch deployment.

Result

Significantly matured patch management program with increased automation and reduced deployment failures.

Summary

When a global cruise company with over 300,000 employees sought to enhance their IT security and application management, they turned to SDG. The objectives were clear: Identify vulnerabilities, manage application publishing, ensure seamless deployment and upgrades of applications, and minimize package installation failures. This initiative focused on improving the application packaging and deployment process while leveraging Microsoft technologies already deployed.

In Depth

Challenges

The organization faced several significant challenges, including identifying and addressing vulnerabilities across a vast number of devices, managing the constant release of patches and updates, and ensuring the efficient deployment and upgrade of applications. Additionally, they needed to reduce installation failures and streamline their application package creation and deployment process.

Specific challenges to overcome:

Vulnerability Identification: The organization had a vast number of devices, each posing significant vulnerabilities that needed to be identified and addressed

Deployment and Upgrades: Ensuring the smooth deployment and upgrade of applications on remote systems was challenging due to the company’s size.

Patch Management: Keeping up with the constant release of new patches and updates was a major challenge.

Installation Failures: There was a need to reduce the instances of application package installation failures in the production environment.

Application Publishing: Managing and streamlining the publishing of applications for a large number of users was complex and resource-intensive.

Process Inefficiency: The existing application package creation and deployment process was inefficient and required a revamp.

Solution: Microsoft-Powered Patch Automation Strategy

SDG developed a comprehensive strategy leveraging Microsoft Intune, Microsoft Azure, and Tenable.IO. The strategy included a robust approach to vulnerability assessment, application packaging, and deployment, supported by customized scripts and thorough testing.

Patch Lab: Developed an isolated, replicated environment test package deployments, ensuring only production ready releases are distributed.

Vulnerability Assessment: Vulnerabilities were identified, analyzed, and validated through penetration testing on in-scope devices, providing a clear picture of the client’s risk landscape

Zero-Day Management: Zero-day vulnerabilities were promptly addressed as solutions became available, ensuring minimal exposure.

Application Packaging: Packages of client-provided applications were created and deployed in lab systems using Intune, ensuring they were ready for rollout.

Custom Scripting: Customized scripts were used to enhance application packaging, minimizing installation failures in the production environment.

Thorough Testing: The client was provided with thoroughly tested packages ready for deployment in the production environment, ensuring reliability and stability.

Results

The implementation of SDG’s comprehensive strategy led to significant and tangible results, addressing the client’s initial objectives and improving their overall IT security and application patching processes.

In addition, SDG successfully:

Addressed Gap Remediation: Identified gaps were addressed with a remediation plan that defined precise corrective actions, ensuring thorough coverage.

Reduced Risk: Vulnerability risk was significantly reduced, lowering the probability of a breach and enhancing overall security.

Improved Visibility: Visibility into vulnerability and patch management was vastly improved, enabling better oversight and control.

Enhanced Deployment: Experience in application deployment and testing through Intune was extensively enhanced, ensuring smooth operations.

Revamped Processes: The application packaging process was revamped and made more efficient, streamlining workflows and reducing delays.

Reduced Failures: The rate of application package deployment failures in the production environment was noticeably reduced, improving reliability.

Improved Onboarding Efficiency: The improved application packaging process allowed for efficient onboarding of endpoints in Intune, preparing the production environment for seamless deployment.

Conclusion

Through its partnership with SDG and Microsoft, the cruise line successfully transformed its global patch management operations. By standardizing Microsoft Intune and Azure and integrating Tenable.IO for vulnerability intelligence, the client now benefits from automation, accuracy, and real-time visibility across its entire IT fleet. The result is scalable, secure, and proactive patching framework that reduces risk, streamlines operations, and strengthens endpoint resilience.