Patch Management in Minutes with Action1
Action1 is the #1 risk-based patch management platform for distributed enterprise networks trusted by thousands of organizations globally. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.
This quick-start guide shows how to enable patch management for third-party apps and OS in under 5 minutes.
Step 1. Add Endpoints
Before you can start patching your endpoints, you need to install the Action1 Agent. It is a tiny application with a minimal system footprint, which sits idle unless an endpoint needs patching or a status refresh.
- Navigate to Endpoints and select Install Agent.
- Click Download Agent. The downloaded setup will be preconfigured with connection parameters specific to your organization.
- Install Action1 Agent. Go through the install wizard steps. In the last step, the installer will ask to elevate the privileges to install the agent.
- Check Status. Go back to Action1 Console and click Next Step to proceed to Check Connection step to verify the connection.
- Click Finish to go back to Endpoints page and see the newly added agent details there. It will automatically display all system information for the endpoint, such as missing updates, installed software, and hardware details.
Step 2. Manually Review and Deploy Patches
All endpoint information, including missing patches, installed software, and OS details is refreshed in real time. You don’t need to schedule periodic scans to understand if any updates are missing.
- In the Endpoints section, click on the endpoint name.
- Select the Missing Updates tab and pick the updates you want to deploy. All applicable updates, both for OS and third-party apps will be shown in one view along with the update type and security severity.
- Click Deploy Update to start the update wizard. It will prepopulate the list of selected updates in Step 1.
- Adjust the Reboot Options as needed. The default is to give users up to 60 minutes to save their work if any of the updates being deployed require a reboot.
- Click Next Step twice to see the scheduling options in Step 3. Leave the default Run Now for testing purposes and click Finish.
- Action1 will begin deploying the selected updates and report status in real-time.
Try later: Check out the Vulnerabilities view to remediate vulnerabiulities.
Step 3. Automate Deployment of Critical Updates
Automate patch and vulnerability management routines to ensure compliance of your endpoints, The following example configures an automation to deploy all critical security patches for OS and apps 3 days after they are released.
- Navigate Automations , select New Automation and specify Deploy Update.
- On the Deploy Update step, select Matching Filters.
- Click Add filter, select Update severities, and select Critical.
- Below the filters, click Additional options, select Automatically approve and deploy all matching updates and enter 3 days as the delay parameter.
- Adjust the Reboot Options as needed, similar to the previous step.
- Then Add Endpoints to select the endpoints or groups.
- On Schedule step, define a schedule for your automation, such as weekly, Sun&Sat at 2am.
Try later: create another automation that requires manual approval of updates and use the Update Approval section to selectively approve or decline updates. Another option is to create a broader automation to cover updates outside of critical updates.
Step 4. Generate Patch Compliance Reports
Action1 comes with a real-time patch compliance dashboard and live reports to facilitate periodic reviews of your security posture and assist with compliance audits.
- Navigate to Dashboard to see a birds-eye view of your endpoints health state including vulnerability remediation compliance, pending deployments, how many endpoints need a reboot, etc.
- Go to Built-in Reports | Patch Management to generate reports on daily and weekly patch statistics, updates still missing, reboots required, and more.
- Click Tools | Subscribe within any of these reports to receive them in your email on the desired schedule (such as every Monday).
Action1 comes with many other capabilities to streamline your patch management. Once you are comfortable with the basics, explore the following steps:
Bulk agent deployment
Use Action1 Deployer to automatically scan your Active Directory for new computers and deploy agents to patch all of them. Go to Configuration | Agent Deployment section.
Create endpoint groups
Segment your organization to assign different policies based on server types, department, location, OS version, and more. Navigate to Endpoints and click Create Group.
Inventory of installed software
Go to the Installed Software section to see all applications, their versions, and whether any updates are available for them.
Remotely install and configure dozens of applications pre-configured in Software Repository. Select one or more endpoints and click Deploy to Endpoints to get started. To add a custom app, go to Software Repository and click Add to Repository to get started.
Remove unneeded or legacy applications manually or automatically. Select one or more endpoints and click Uninstall Software or create an Uninstall App policy to streamline automatic uninstalls.
Action1 comes with Script Library to perform remote management activities, such as blocking Windows Feature Updates, deleting temp files, and more. You could also add your custom PowerShell scripts to Script Library.