InfoSec Beat: Workstation Patching Podcast Video

TONY LERARIS: Staying current is one of the
best things that you can do to protect your environment. You’re going to get patches faster and you’re
going to get safer sooner. KRIS BURKHARDT: Hello everyone and welcome
to this week’s edition of the Infosec Beat Podcast. I’m your host, Kris Burkhardt, broadcasting
from the Nick Rivers Memorial Subterranean Faraday Cage and my guest this week is Tony
Leraris, who leads our infrastructure for our IT group here in Accenture. Tony, welcome to the program. I’m glad to have you here and I’m excited
to talk to you this week about patching. TONY LERARIS: Thanks, Kris. I’ve never been to this particular location
before. It’s great to be here with you. KRIS BURKHARDT: Well, it’s very secret,
Tony, very few people know about the undisclosed location here. So I’m glad you could make it. So, Tony, we’re going to talk about Workstation
Patching. Can you tell us a little bit about workstations
here at Accenture? TONY LERARIS: Yeah, I’d be glad to. So at Accenture, we have over 400,000 computers
that we’ve deployed to our people. That’s a range of desktops, as well as laptops
and it’s both Windows device and MACs. We’ve got about 14,000 MACs and the rest
are all Windows. We are predominately Windows 10. In fact, nearly 100% Windows 10 at this point,
except for what’s on the MAC ones. KRIS BURKHARDT: Wow, that’s impressive. That is a large fleet to keep track of. That must be quite a job keeping those all
up-to-date? TONY LERARIS: It is and we’ve learned over
the years that it’s incredibly important to be current with our Windows patching to
reduce the risk within Accenture. KRIS BURKHARDT: So when you say current, Tony,
tell us a little bit more about that. How current do you keep the fleet and other
than the security risk, I mean there must be a lot of good reasons for keeping those
guys up-to-date? TONY LERARIS: Yeah, to answer your first question,
we target to have 98% of all the Windows computers within Accenture that are online patched within
five days of Microsoft releasing patches. And we’re just about there. We sort of go between the 95 and 96% range
and that’s not how it’s been for us. So made tremendous progress patching now. As to why that’s really important, that
the first aspect is, of course, security. We know from viruses like WannaCry and so
forth that 57 days after the vulnerabilities were publicly announced, there was malicious
code in the wild. And we know that in the future one day that
might be three days, it might be five days. So we need to set aggressive targets to be
prepared for when that situation happens. Specifically, for me, it’s probably important
because if I don’t do that, I probably won’t have a job when we have these kinds of situations. KRIS BURKHARDT: You and me both. TONY LERARIS: You know, I’m the one who’s
accountable for saying how many computers we have, how many computers we are protected
from a particular malicious bit of code, how many are unprotected and, God forbid, how
many might be infected. And so, for the sake of my own job and my
abilities to support my family, I think it’s incredibly important, as I think it would
be for anybody who’s in a position similar to mine. KRIS BURKHARDT: Well, Tony, thank you for
making sure that we all stay safe and retain our jobs. So, from a user perspective, sometimes these
patches can be kind of annoying, I’ll say, right, we’ve all seen the pop-ups and whatnot. But what advice would you give to users about
their role in keeping their workstation secure and up-to-date for patching? TONY LERARIS: Yeah, I would tell people what
they read about and the process is real. And that the risks to themselves, their data,
their customers, the clients, families, is all real. And it is important to understand what a Windows
patch notification might look like and it’s really important to restart your PC on a regular
basis. This is, of course, would help the performance
of your computer and you might have a more satisfying experience as a user. But it is also what will protect you because
when these patches are applied to your machine, a restart is required for it to take effect. Rebooting regularly is really, really important. And there will be times that patches may be
installed on your machine you don’t know about it. By restarting your machine, you get the benefits
of it. KRIS BURKHARDT: That’s great. So I think we understand that and, yeah, I
think that’s good to hit that message that restarting really is what keeps you safe because
these patches can’t do their job if you don’t let them and that’s how you let
them. Shifting gears a little bit, so you said we’ve
done some things to go from a much lower patch speed and rollout. They’re much faster now. Can you talk a little bit more about that? I believe there’s been some analytics and
some networking and a couple of things involved to make that a reality? TONY LERARIS: Yeah, there is actually a lot
of things that we’ve done to make that a reality. Some things I would highlight is number one,
on our patching infrastructure, we significantly built up our capacity, so that we could deploy
patches faster. We do things like peer-to-peer technology
to help get patches to workstations without clogging up network pipes. We’ve stayed really current on our patching
infrastructure, taking advantage of all the new features that the vendors provide and
really evaluating those things. And then we have invested in our analytics
platform. So we can really understand the state of the
fleet, so that we could understand machines that maybe weren’t getting patched in our
target timeframe. We can put those into certain reason codes
and we could address the root cause of that. And what we have been able to do is see a
marked improvement in patching success. KRIS BURKHARDT: That’s great. The numbers that you speak about are really
impressive with a fleet our size. So when you look ahead and you think about
where we are on our technology journey, our journey to the cloud, all those future looking
fun topics, where does patching go? How do you see it changing as we move into
the future? TONY LERARIS: I think for us, what’s really
going to be important is patching data becoming much more real time. We have to have a really good understanding
of the status of our fleet and the status of what code is on every single end point. I envision the day where we’ll be able to
get updates on that like real time updates on our entire fleet let’s say within two
hours or four hours, whatever. And so, then we can take immediate actions
on any risk points we have or threat vectors that are out in the environments and so forth. So for me, the big thing that’s going to
happen is it’s just going to have to get much more real time in order for us to protect
our environment. KRIS BURKHARDT: We’ll look forward to that. Are there any last words of wisdom you leave
for our listeners? TONY LERARIS: Yeah, I think it’s incredibly
important to stay current. I talked a little bit about our Windows 10
journey and we certainly went fast into Windows 10, but certainly, there’s going to be times
where there is malicious code in the wild and there’s going to be fixes developed
for it. And those fixes are going to be available
to the people, companies, computers, whatever metric you want to use there for the people
that are on the newest software, newest operating systems. Staying current is one of the best things
that you can do to protect your environment. You’re going to get patches faster and you’re
going to get safer sooner. KRIS BURKHARDT: I think that’s great advice
and cherished listeners, I would encourage you all to follow. Tony’s got some great ideas there and you
should adopt them. So with that, I’ll say thank you to Tony. Thank you for joining us today and thank you
for your words of wisdom. TONY LERARIS: It’s my pleasure. I’m sure this will be the highest rated
podcast you’ve ever had and I was glad to be part of it. KRIS BURKHARDT: Thank you very much, Tony. And thank you all for tuning into the InfoSec
Beat. Till next time.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2019 Explore Mellieha. All rights reserved.