It is accepted wisdom that one of the best way to protect systems from exploits is to keep up to date with software patches.
But software is being used on more devices than ever, and it is increasingly important to a growing number of users as a result of digital transformation and related initiatives. Effectively, "we're all knowledge workers [now]", Windows system management specialist 1E's senior vice-president for sales, John Hammond, told iTWire..
Furthermore, regulatory changes such as GDPR mean a successful attack can mean large fines on top of the cost of remediation and reputational loss: "the game has changed," he said.
This means bringing together IT security and IT operations – operations sees patching 90% of systems within 30 days as a success, "but that door is still 10% open".
So 1E provides tools to automate patching — even across fleets of tens of thousands of computers — and to provide real-time visibility of all the software running within an enterprise (avoiding the lag associated with conventional asset management software), including which versions and whether or not a reboot needed to complete a patch process actually happened.
The company's tools integrate with a variety of other products (open source and commercial, including anti-malware, network scanners, threat intelligence and service desk) in order to detect incidents and then automate a response.
For example, an anti-virus product might detect a particular piece of malware on a computer, and then 1E's tools can rapidly identify every computer with the same file and quarantine them until the most appropriate response has been determined and implemented. That response might be to simply remove every occurrence of that file, or stronger action may be required, such as completely reinstalling Windows.
Another example is that a threat intelligence service might report a breaking threat, in which case 1E's tools can identify systems that have already been affected, along with those that are vulnerable because they have not been patched.
Or network traffic symptomatic of particular attacks can be detected and blocked.
The process retains a copy of a system's previous state, so rollback is simple in the event that an update proves incompatible with essential software, or other problems occur.
Importantly, all this can be done in real time, automatically, and remotely – even in very large networks. Techniques used to control the impact on normal operations include peer-to-peer patch distribution (each system that receives a patch passes it on to seven other systems at the same location, and so on), and "reverse QoS" so that traffic associated with 1E's tools only uses the spare bandwidth of any given link.
According to Hammond, this approach is relevant to organisations with at least 1000 computers, especially when they are spread across multiple locations.
1E's products include Tachyon (real-time remediation of security and operations issues), Windows Servicing Suite (end-to-end automation of all Windows servicing scenarios), AppClarity (real-time software asset management) and NightWatchman (PC power management allowing powered-down systems to be patched and restarted).
Local customers include Bakers Delight plus some of Australia's largest retail chains, two of the big four banks, two of the largest mining companies as well as large Federal and State Government agencies in New South Wales, Victoria and Queensland, including those states' emergency services. Internationally, 1E's products are used by 25 of the 100 largest organisations (by market capitalisation). In all, it has sold more than 31 million licences to 1700 organisations, Hammond said.
1E opened a Sydney office in July and recently appointed Andrew Herman as its ANZ regional director. The company has a number of local partners, including Avanade, DXC, HCL, IBM, and Thomas Duryea Logicalis.