Ask any IT or Security team member and they’ll surely tell you that patch management is one of those tasks that are critical to security, but doing it successfully can also be a bear to tackle.
It’s not because you lack all the necessary software pieces and planning in place to simplify the process — although having all your ducks in a row helps out considerably. No, it’s difficult because in today’s modern computing environment:
- Patches are released more frequently
- Different apps/OS’s may require various methods to deploy
- Devices are distributed everywhere — from the office to remotely around the globe
- End users have varying skills, knowledge and comfort levels when it comes to technology
The Get Well approach to patch management
Each of these presents challenges that may require unique solutions for your organization to address. Such is the case that Todd Clark, Sr. IT Support Specialist and his manager, Jeremy Lynch, CISO, of Get Well discuss in their presentation. The duo highlights the steps they took to revolutionize their patch management workflows to keep devices secured from known threats with the latest patches. Also, they discuss how they achieved macOS upgrade project timelines by leveraging standardization of Jamf Pro, implementing automation and user communication to drive support of their device and security management initiatives.
Beginning with standardizing their Jamf Pro instance, Todd lovingly refers to the “dark times” before cleaning up Get Well’s MDM to succinctly identify each policy, configuration profile, smart and static group and advanced search entry with a clear naming scheme, which includes what the item does so IT can easily identify them within Jamf Pro, as well as running on devices.
Additionally, third-party tools were leveraged to further extend standardization efforts to include packages and assorted cruft that has built up over the years that may no longer be viable or serves a purpose that no longer aligns with the organization’s needs.
The following phase in Get Well’s plan involved retooling onboarding and app provisioning processes by crafting enrollment customization workflows in addition to tapping AutoPkg for package customization to silently install apps on managed devices. Doing so allowed IT and Security teams to keep devices up to date in the background without impacting the experience users have come to know and love with Apple.
The final, and arguably most important, phase of the transition is hardening Mac. For this, Todd and Jeremy both relied on Jamf Pro to deploy policies that managed local passwords and enabled FileVault 2 for additional security mitigations against risk.
Moreover, aligning Get Well’s endpoint management with established security frameworks from CIS Benchmarks and the macOS Security Compliance Project allowed Todd’s team to deploy hardening configurations to the Mac fleet, while Jeremy would frequently gather insight into device health via reports to determine if compliance is being enforced. Otherwise, issues detected would alert the team, providing them the opportunity to resolve them before they could be exploited or worse.
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.