Federal Agency Entrusts Adaptiva for Patch Management

Impact

OneSite Health and OneSite saves this federal government agency more than $8 Million.

With OneSite Health to build custom health checks and OneSite to automate deployment of patches, this federal government agency sped up remote content distribution and patch deployments to 90% of their 215,000-plus devices in less than 4 days. They were able to remove 14,000 boundaries in addition to 700 DPs, thus reducing complexity in tools and people needed to manage their network. This resulted in a savings of over $8M over 5 years in both labor and resources, allowing this team to shift budget, time, and resources to focus on endpoint security solutions and strategies.

Challenge

Lack of a unified endpoint management strategy led to undelivered content and failure to meet security compliance goals.

The agency’s increasingly remote workforce suffered from poor WAN connections, low bandwidth, and lacked a unified endpoint management system. Without endpoint security solutions in place, critical patches and application upgrades were very slow and/or long overdue, even when using SCCM patch management and MS Endpoint Manager deployment methods.

• 80% of endpoints patched after 28 days or even longer using multiple deployment methods including SCCM.

The lack of unified endpoint management software led to low software delivery success rates and manual health checks revealing more non-compliant devices. Meeting security uptime compliance KPIs seemed impossible. When implementing new remediation methods, newfound vulnerabilities made the task even more overwhelming.

• Low software delivery rates.
• Manual health checks were insufficient to identify issues.

Any new zero-day threat requiring an immediate patch created a scramble from leadership to the most junior employee and still took over a month to patch. The risk was catastrophic. They needed an enterprise cloud security option.

Solution

OneSite Health, allows this federal government agency to run health checks for MEM. Using OneSite and our unique software distribution in low bandwidth areas, endpoints are patched within hours.

With OneSite Health, this federal government agency creates custom health checks for their SCCM client, Windows Update agent, and WMI to collect data on the exact state of each device. Without needing to first address the larger problem of low WAN connections, the endpoint device check data is immediately provided to the IT team. For the first time, they knew exactly what upgrades and patches are needed per endpoint, making endpoint management a sustainable process. In addition, the central IT team remotely checks available disk space and deletes unnecessary files prior to sending a new content package. This new endpoint monitoring workflow saves a significant amount of time for everyone.

• Create custom health checks for their SCCM client, Windows Update agent, and WMI.
• Proactively validate available disk space and removed unnecessary files prior to content deployment.

Once health checks are completed and the out of compliance devices known, the custom workflows that were created using OneSite's no-code tools initiated top priority security and anti-virus patches to automatically remediate the out of compliance endpoints. OneSite pushes upgrades using innovative peer-to-peer content distribution during business hours and off-hours over the WAN using available bandwidth. With this workflow, low bandwidth regions still receive necessary updates, the WAN was never oversaturated, and critical business traffic remained a top priority. All of this is possible without human intervention or waiting until after hours for fear of oversaturating the network. By running the workflow over the weekend, the IT team can return to work to solve a much smaller percentage of remaining issues.

• Top priority security and anti-virus patches automatically remediate out of compliance endpoints without human intervention.
• Peer-to-peer content distribution during business hours over the WAN using available bandwidth and never oversaturating the network.

Using OneSite Anywhere and OneSite Health together, became mission critical for this government agency. It makes autonomous endpoint management possible, creating more efficiency and also eliminates the risk of human error. Establishing automated workflows prepares this large federal government agency for zero-day threats or exposed vulnerabilities that could arise immediately.