Light Mode Dark Mode
October 25, 20227 min read

The Biggest Advancement in Patch Management is Here

AdobeStock_256229414 1

Patching 3rd Party Applications Is a Never-Ending, Unwinnable Game of Tetris – Until Now.

Tetris shapes seem to come completely at random, at varying speeds, and you never get what you’re looking for when you need it. It’s a never-ending roller coaster of stress as the shapes drop at inexplicable rates as you scramble to make them fit before “topping out” and being overrun. The object of the game? Survive. There is no real way to win (yes, it’s been proven) – success is determined by how long you can stay ahead before you lose.

 

 

Tetris is a fun game, and a great distraction from the stress of everyday life. Afterall, there is only one way to lose and there are no real stakes in the game - you run out of space to place a shape before a new one appears, the game ends, and you then you just start over. Now, imagine if there were more ways to lose, the game moved faster, was even less predictable, and if you lost you could lose millions of dollars. But, like the real game of Tetris, the longer you play the harder it gets. Would you still consider it fun? While that might sound like a cruel concept in a science fiction novel – it’s a vivid allegory to the everyday reality for IT keeping systems and endpoints patched.

Third party patching is just like Tetris

The tetrominoes (or small Tetris shapes) represent new versions of an application that needs to be deployed. And instead of only six variations in shapes, there are hundreds of variations. Each time a new patch is available, it must be deployed, and placed in the perfect spot before another patch is available – ensuring that all the pieces fit together, and, in turn, systems don’t break. They also don’t come in sequential fashion – many patches could be released at once, or in rapid succession. Further, not every patch is equal in severity. You may have started to deploy one patch, but a more severe one was since released and needs to be at the front of the deployment line. It’s no wonder this has never been a game; it’s the undeniable, very consequential reality of most IT teams.

Patches keep coming, and regardless of how many times IT has patched an application before, the work will repeat. They will go through the same motions of finding the metadata, prioritizing the patch based on severity, test the patch, deploy it, test more, fully deploy. This multi-step manual process has no multiplicity. Patch Management software treats all patches as one size fits all, with no ability to repeat work automatically.

Every patch automation tool on the market today promises automation upfront and then severely underdelivers.

And while we wish Tetris would gamify the patching process, IT unfortunately must rely on Patch Management software rather than video games to patch systems. Yet, every Patch Management tool on the market today promises automation upfront and then severely underdelivers requiring highly specialized scripting and coding skills; and those skills are in short supply.

Introducing Adaptiva's OnSite Patch

Introducing a radical new approach, OneSite Patch – the first truly autonomous endpoint patching software for third-party Windows applications.

Autonomous Patch dashboard view

Gone are the days of painful manual tasks, of doing the same thing over and over, or of cutting corners. By schematizing strategic intent and combining it with sophisticated models of enterprise business units and patching processes built by the administrator, the work is done, and patching will simply happen. Metadata will stream down from Adaptiva CDNs, and patches will be deployed at a steady pace and according to the unique patching strategy for that application. Like all Adaptiva applications, OneSite Patch is built to excel at enterprise speed and scale and will thrive in the most complex and bandwidth-limited environments.

Adaptiva’s OneSite Patch is the revolution in endpoint patching that the world has been screaming for, and we’re just getting started.

Capabilities in our public preview include:

  • Complete Visibility: You no longer have to “click and hope.” Real-time reporting and monitoring dashboards show you real-time progress to help you achieve Patching Strategy goals. You will be able to see what is happening when it is happening.
  • Set and Forget Patching Strategies: Pull together all components that define how you wish to handle the notification, approval, deployment, and configuration of applications upon the release of a patch. As soon as metadata is available, patches will be automatically deployed as dictated by patching strategies.
  • Continuous Metadata and Automated Patching: All the required information for detection, applicability, installation, severity, customization of software, along with over 100 other fields to determine the importance of a given patch. When a request is received or a new release is available, the metadata will be published to the feed system and automatically streams down to your Adaptiva server, and from there, it streams down to all endpoints that need it according to your patching strategies.
  • Notification Bots: Administrators will receive an automatic notification the moment an update is released. Notifications can be an email, text messages, Microsoft Teams message, a ServiceNow ticket, or any other kind of notification you wish to perform when an update is released.
  • Deployment Bots: When a release is available, deployment bots will trigger a workflow that will manage the initial deployment of that release. Within the workflow you can set whatever you want with that patch, such as approval processes, test deployments, service desk tickets, or any custom logic you want.
  • Deployment Channels: When a patch is ready for full deployment, it will be placed in a Deployment Channel. This acts as a queuing system for patches to aggregate patches based on their urgency and deploy them at a suitable time that won’t disrupt the end user. For example, a company may create weekly, monthly, and quarterly channels. Patch deployment bots will examine each patch, and automatically route it to the most appropriate deployment channel.
  • Customizable Production Deployment Workflows: Production rollout can take whatever form you like, with any phases, notifications, gates, and triggers you want. You can use a combination of waves and rings to decide what devices get the update and in what order. Within the workflow, you can control under what conditions a wave rollout should take place.
  • Business Unit Models: Build models of logical grouping constructs for different classifications of devices. This can be defined by business function, or could be a grouping based on device type, hardware manufacturer, geography, or any other criteria you want to group machines. This allows you to apply similar characteristics to a group of machines to define rollout behavior across the organization.
  • Rollout Models and Automatic Installation: Perform phased deployments within a business unit, depending on any criteria you have defined in the business unit models. Rollout can be as broad or granular as you like, and once the behavior is modeled for a business unit it will behave this way every single time. As soon as the rollout process begins, the actual device deployment takes place, and the right machines will perform the installation.

Model your strategies once

Now instead of these patches constantly raining down like the unpredictable game of Tetris, all you have to do is model your business and application patching strategies once, and then OneSite Patch takes care of the rest. You won’t have to scramble to figure out how to install all patches on all machines and make all the patches fit together before you lose the game. OneSite Patch will assess each patch for importance, apply your strategic intent to the release and process it through your modeled business and devices. Deployments will simply happen, and you can sit back and watch as it does. Set it and forget it: as a new patch becomes available, and the metadata is fed to the system, it will apply those patches on the endpoints you have modeled, without having to lift a finger. Gone are the days of being stuck in a flood of backlog tasks that rip open holes in your cyber-defense walls opening the entire business to significant risk.

The simple truth is humans shouldn’t be patching computers. Humans shouldn’t have to waste their time babysitting technology problems – technology should do that.

Humans shouldn't be patching computers. Technology should do that.

Adaptiva’s OneSite Patch is the only technology that requires no human intervention in the third-party patching process, thereby improving your cybersecurity posture and making it more difficult for bad actors to wreak havoc. Humans get to dictate the right strategy and then watch as technology patches itself.

Adaptiva’s OneSite Patch is now available in public preview. If you’re an existing Adaptiva customer, please contact your Account Executive to gain access. Contact us here if you are a new customer and would like to see our revolutionary product in action. OneSite Patch will be generally available in the first quarter of 2023.

AdobeStock_488605053

Ready to Get Started?

Schedule a one-on-one demo today.

Request a Demo