The Challenge
The Arthur Companies has around 20 locations across three states, and its workstations are spread among those locations. The three-person IT team is responsible for keeping all company devices up to date with the latest security patches and managing them effectively. Previously, the team used ManageEngine Patch Manager Plus for these purposes; however, it proved to be ineffective for the devices that were off network. Moreover, an increasing number of devices were not joined to the company domain, and ManageEngine Patch Manager Plus could not work for them either. As a result, 20% of the company’s devices were not properly patched — which increased security risks significantly.
Joe Holder, IT Director at the Arthur Companies, started looking for a solution to mitigate these risks. The search became even more urgent when the FBI released a security alert that warned of a likely increase in ransomware attacks on the agricultural sector and named unpatched vulnerabilities as a main attack vector.
“Any security event of this kind could cost hundreds of thousands of dollars and impact our global supply chain,” says Joe. “If we were unable to move grain, load trains, and fulfill our contracts with customers due to an attack, it could affect food producers worldwide.” Accordingly, Joe’s main requirement for the tool was the ability to easily deploy security updates and software on all endpoints regardless of their location.
The Action1 Solution
Joe evaluated several RMM tools and chose Action1. He ruled out NinjaOne because it included many features he didn’t need and lacked some that he actually needed. In addition, he found the tool’s software deployment process to be confusing, while Action1 enabled him to install software at the push of a button. He also liked Action1 interface and ease of use. Most importantly, as a cloud-native tool, Action1 doesn’t depend on infrastructure constraints and empowers Joe to manage both off-site devices and machines not joined to the company domain. Finally, he was thrilled to discover that Action1 enables him to manage firmware updates — yet another important capability that his previous tool couldn’t deliver.
The Benefits
Improved security. With Action1, Joe’s team was able to establish a robust patch management program that covers all their devices, including those not handled by their previous tool, which dramatically reduces the risk of ransomware infections and other security incidents. “We were able to fully replace ManageEngine Patch Manager Plus with Action1,” reports Joe.
With our previous tool, we were under constant risk, as 20% of our network was not being patched with security updates because they were off-site or not joined to our company domain. Action1 addresses this security gap by enabling us to establish a robust patch management program that covers 100% of our devices.
- Patch release date — Joe prefers to wait seven days after release before deploying a patch to ensure the vendor has enough time to recall it if it is problematic.
- Working hours — Joe defined a patch deployment window from 8 pm to 4 am so that users who leave their laptops offline overnight are not hit by a wave of updates when they start their workday. He also specifies a convenient time for updates that require reboots, ensuring that they get installed without impacting productivity.
Streamlined device provisioning & software deployment. Action1 is vital to the company’s initial build process, ensuring that the correct applications get installed efficiently. Joe and his team utilize Action1’s App Store and scripting capabilities to automate deployment of custom apps across their machines; for example, they install ThreatLocker and ESET to further protect endpoints against cyberthreats like ransomware.
Configuration management. Joe’s team is able to proactively manage device configurations using Action1 scripts. For example, configuration scripts control the use of certain registry keys and the creation or modification of local user accounts. These capabilities give them complete control over their endpoints.