Patch Management in Minutes with Action1
Action1 is the #1 risk-based patch management platform for distributed enterprise networks trusted by thousands of organizations globally. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.
This quick start guide shows how to enable patch management for third-party apps and OS in under 5 minutes.
Step 1. Add Endpoints
Before you can start patching your endpoints, you need to install the Action1 Agent. It is a tiny application with a very small system footprint, which sits idle unless an endpoint needs patching or a status refresh.
- Navigate to Endpoints and select Install Agents.
- Click Download Agent. The downloaded setup will be preconfigured with connection parameters specific to your organization.
- Install Action1 Agent. Go through the install wizard steps. In the last step, the installer will ask to elevate the privileges to install the agent.
- Check Status. Go back to Action1 Console and click Next Step to proceed to Check Connection step to verify the connection.
- Click Finish to go back to Endpoints and see the newly added agent details there. It will automatically display all system information, such as missing updates, installed software, and hardware details.
Step 2. Manually Review and Deploy Patches
All endpoint information, including missing patches, installed software, and OS details is refreshed in real time. You don’t need to schedule periodic scans to understand if any updates are missing.
- In the Endpoints section, click on the endpoint name.
- Click Missing Updates and select the updates you want to deploy. All applicable updates, both for OS and third-party apps will be shown in one view along with the update type and security severity.
- Click Deploy Update to start the update wizard. It will prepopulate the list of selected updates in Step 1.
- Adjust the Reboot Options as needed. The default is to give users up to 60 minutes to save their work if any of the updates being deployed require a reboot.
- Click Next Step twice to see the scheduling options in Step 3. Leave the default Run Now for testing purposes and click Finish.
- Action1 will begin deploying the selected updates and report status in real-time.
Step 3. Automate Deployment of Critical Updates
The following example configures a policy to automatically deploy all critical security patches for OS and apps 3 days after they are released.
- In Policies, click New Policy | Deploy Update in the top right corner.
- On the Deploy Update step, select Matching Filters.
- Click Add filter, select Update severities, and select Critical.
- Below the filters, click Additional options, select Automatically approve and deploy all matching updates and enter 3 days as the delay parameter.
- Adjust the Reboot Options as needed, similar to the previous step.
- Click Next Step and then Add Endpoints to select the endpoints or groups.
- Click Next Step and select Frequency, such as Weekly, Sun&Sat, at 2am.
Try later: create another policy that requires manual approval of updates and use the Update Approval section to selectively approve or decline updates. Another option is to create a broader policy to cover updates outside of critical updates automatically.
Step 4. Generate Patch Compliance Reports
Action1 comes with a real-time patch compliance dashboard and live reports to facilitate periodic reviews of your security posture and assist with compliance audits.
- Navigate to Dashboard to see a birds-eye view of your patch compliance, how many endpoints need a reboot, and how many updates need your approval.
- Go to Built-in Reports | Patch Management to generate reports on daily and weekly patch statistics, updates still missing, reboots required, and more.
- Click Tools | Subscribe within any of these reports to receive them in your email on the desired schedule (such as every Monday).
Action1 comes with many other capabilities to streamline your patch management. Once you are comfortable with the basics, explore the following steps:
Bulk agent deployment
Use Action1 Deployer to automatically scan your Active Directory for new computers and deploy agents to patch all of them. Go to Configuration | Agent Deployment section.
Create endpoint groups
Segment your organization to assign different policies based on server types, department, location, OS version, and more. Navigate to Endpoints and click Create Group.
Inventory of installed software
Go to the Installed Software section to see all applications, their versions, and whether any updates are available for them.
Remotely install and configure dozens of applications pre-configured in Action1 App Store. Select one or more endpoints and click Deploy App to get started. To add a custom app, go to App Store and click +New App to get started.
Remove unneeded or legacy applications manually or automatically. Select one or more endpoints and click Uninstall App or create an Uninstall App policy to streamline automatic uninstalls.
Action1 comes with Script Library to perform remote management activities, such as blocking Windows Feature Updates, deleting temp files, and more. You could also add your custom PowerShell scripts to Script Library.