Windows Autopatch + Aiden = IT Security Innovation
When Bill Gates started Microsoft, he had envisioned “a computer on every desk and in every home,” but I’m convinced he never imagined back then how hard it would become to keep every computer updated, patched, and free of software and firmware vulnerabilities. The innovation of computer networks and the Internet, coupled with rapid adoption of enterprise software, has made Windows environments incredibly complex. Plus, the recent move to WFA hybrid work models brought on by the Covid-19 pandemic has vastly expanded the attack surface, leaving computers vulnerable and difficult to secure. The recent launch of Microsoft’s Windows Autopatch is a testament to how difficult it has become for IT security teams to keep their Windows enterprise updated, but it’s only addressing the tip of the iceberg.?
Unless you’re a computer nerd like me, or you’ve been buried in tedious work because it was just ‘Patch Tuesday’ (ha-ha), you might have missed how large the problem is globally. Here’s some quick math to put it into perspective. Last year, there were 1,862 data breaches and the average cost of a breach was $4.24 Million. If you take into account that around 60% of data breaches are the result of a missing patch, the annual cost of poor patch management is approximately $4.74 Billion dollars.?
From a cybersecurity perspective, keeping computers updated is essential for cyber hygiene, and don’t just take it from me; Emma W., Head of Advice and Guidance at the National Cyber Security Centre, stated that “patching remains the single most important thing you can do to secure your technology.” Since Russia invaded Ukraine, the latest recommendation to IT security teams came in the form of CISA’s “Shields Up” notice, designed to “ensure that software is up to date…” but, this should be obvious to anyone working in IT.?
Back in 2004, while working for Invisible IT (an IT service provider that was acquired in 2011 by Milestone Technologies, Inc.), my co-founder and Principal System Architect, Sean Maloney realized there were many tools trying to make it easier to manage software and Windows updates, but none of them actually solved the problem for his team or their customers. Software deployment and patch management tools claim today that they “automate vulnerability management,” when they mostly focus only on providing a wide view of the issues and a convenient place to find some helpful patches, without getting into the depth of automation required to solve the problem. Unfortunately, the existing tools on the market require expensive engineering labor and technical training to script complex automations. The rising costs from breaches year-over-year are clear evidence that these tools still fall short for most organizations.??
This is why Sean and our product team have spent the past two years bringing valuable hyperautomation to software deployment through a unique implementation of DevOps methodologies, artificial intelligence (AI), and natural language processing (NLP).?
So, what’s the point???
Good question. The point is that Microsoft’s Autopatch announcement on Tuesday was the greatest validation so far that there’s a serious amount of pain experienced by IT security teams, business leaders, and users of computers everywhere. There’s vast complexity involved in maintaining Windows and patching vulnerabilities. Thankfully, at a time when it seems virtually impossible to keep up, Aiden’s hyperautomation solution is already bringing a modern, intelligent, and desperately needed new approach to solving this problem once and for all.??
Aren’t you worried that Microsoft has created significant competition??
The short answer is no. From what we can tell, Windows Autopatch is an inventive step forward in solving a portion of the bigger problem. In the description of Windows Autopatch, Microsoft is primarily concerned with getting their customers up to more current (and fewer) versions of Windows and Office. While there may be some overlap in our philosophy and approach, we are already solving for many other use cases that are of critical importance to our customers.??
To better clarify how Windows Autopatch and Aiden differ, I turned to Sean:?
领英推荐
JA: Can you please elaborate on what Microsoft has announced??
SM: Windows Autopatch will attempt to automate the scheduling and approval process for Windows updates, Office updates, and some drivers and firmware. This will help save time when rolling out enterprise Microsoft software for IT system admins, but also requires an enterprise be fully up-to-speed with using Intune as its primary method of deployment to manage computers.?
JA: Why is this important when we already have scheduling and approval tools for managing Windows updates??
SM: Microsoft says, “We have analytics that look at pattern changes in the machine health and performance. For example, we have an ability to see when app crashes are increasing in your environment.” This new system promises to automatically halt, and even rollback deployments, based on the performance and predicted impact of the patch or update!?
JA: So, how does Autopatch compare to Aiden???
SM: (eyes light up) Imagine this technology applied to all types of deployments for Windows… patches for all apps, drivers, & firmware, new software deployments, OS deployments, and full desired state configuration. I’m excited because this is where Aiden thrives.?
JA: Can you help us compare Aiden to Microsoft’s latest innovation from a product strategy perspective??
SM: Well, is their idea to slowly expand a Microsoft-only offering (Windows Autopatch), or will they allow third-party-led expansion through integration opportunities [such as Aiden]? At least at first, they [Microsoft] may get slow adoption with Windows Autopatch because it is limited to Windows and Office updates on Intune-managed devices, which means it does not support most applications, and does not support Windows Server, Windows multi-session VDIs, or traditional AD-only joined devices. Our customers know well that Aiden already supports all the above with ease and proficiency.?
In short, Sean and I concur that automation and analytics are the future of managing and securing the world’s computing devices, and we feel Windows Autopatch is an exciting push in the right direction. We look forward to testing out Windows Autopatch and continuing to provide Aiden’s innovations so that IT security leaders get time back in their days and sleep better at night, knowing that their Windows environments are updated and secure.?
Absolutely thrilling to see innovation like Windows Autopatch stepping forward, Matt! ?? Like Steve Jobs once said, “Innovation distinguishes between a leader and a follower.” Microsoft is truly leading the way in simplifying IT security! ???? Speaking of innovation, Treegens is offering a unique opportunity by sponsoring the Guinness World Record for Tree Planting. It's a chance to be part of history and environmental stewardship. ????https://bit.ly/TreeGuinnessWorldRecord
?? "Innovation is the ability to see change as an opportunity - not a threat." - Steve Jobs. Windows Autopatch stepping into the realm of automated patch management is indeed paving the way for a future where IT security is more proactive and less reactive. Let's embrace this shift together! ???? #Innovation #Change #FutureIsNow
Senior Program Manager at Microsoft - WSD, Windows Commercial and Autopatch CAT
1 年I'd be interested to talk with you Joshua Aaron
Cyber Advisor, Speaker, Thought Leader, Consultant
2 年I'm sure you know my thoughts right off the bat: a) good job Microsoft and it's about time and this is born out of necessity not innovation. b) none of this matters if the firmware vulns at the root of trust underneath the OS aren't addressed with the same rigor and cadence...in fact auto-patching at the OS level will only FURTHER drive attackers down to the firmware layer where they have been going the last 3-5 years. The majority of the CISA KEV's are firmware vulns... KEV's being those vulns (~4% of the 20,000 vulns per year) that actually get exploited ITW. I was skeptical of this at first, so our team did analysis of the KEV's here: https://eclypsium.com/2022/06/28/know-your-enemy-and-yourself-a-deep-dive-on-cisa-kev/ For reference, firmware had 184 KEV's and OSes (all OSes, not just MS) had 161. So, will say it again: this is a great initiative but auto-patching, nor chip-to-cloud architecture / Secured Core technologies matter if you can still bypass via firmware vulns. Heck the demo we recently did for "Everyone Gets a Rootkit) showed how every single windows box since 2012 can have a boot kit installed, even the very latest Secured Core PC's with all OS level controls enabled (BitLocker, secure boot, Defender, etc.)
Totally agree that this is a good first step. But the reality is this is a VERY big problem to solve and to do right. Automation will certainly reduce grind for IT staff, especially for the focus areas Microsoft targeted for this roll out. But the elephant in the room is all the other applications, software and device settings that need to be managed over time that frankly represents the bulk of the endpoint risk. In the vein of one of Robert Frost's most famous lines, we have miles to go before we sleep.