Situation
Headquartered in Upplands Väsby in the northern Stockholm area, Ur&Penn has 111 stores in Sweden and 9 in Finland, with long-term plans to open an additional 80 stories in Sweden.
With this ambitious plan of growth, the IT environment needed to be automated with solutions that could be easily added to each new store that opens. Emir Saffer, IT manager at Ur&Penn since 2012, was responsible for creating a plan to connect and secure this distributed environment.
No employees have shown signs of making errors in the IT environment deliberately, but since surfing, e-mail management and application usage are possible sources for attacks, IT security needs to be optimized.
Problem
If the cash register computers at Ur&Penn are unpatched, that makes them a significantly easy target for malicious hackers and are a major security risk. Today, 99.96% of active vulnerabilities for company endpoints are related to missing patches. One common misconception is that Microsoft/Windows and other programs stay updated automatically. They rarely do.
Emir Saffar had realized that in order to operate the various stores, they needed to be able to patch all stores in an efficient, remote and thus time-saving manner. After many years with Windows Update, where computers had to be shut down and some did not receive critical security patches, they looked for a dependable solution.
Without a tool for patch management, it was difficult to keep track of which computers received which patches and when the responsibility was sometimes on the employees. It could also mean that in addition to being unpatched, they might also need to restart their machines to deploy certain updates. As mentioned earlier, for Ur&Penn this also leads to direct loss of income when rebooting happens during regular business hours.
Solution
The company tested many patch management solutions, some with very advanced settings. Because Ur&Penn already had Panda Adaptive Defense 360 installed, Emir contacted his salesperson in Sweden and discovered that Ur&Penn could be the first customer in Sweden to test the latest module for Adaptive Defense - Patch Management.
When this module was applied (without any additional installation because they had already deployed Panda Adaptive Defense), Emir could immediately see how many patches had not yet been installed. Third-party patches were identified as either critical, important, or necessary, which makes it simple to prioritize that patches that should be addressed first.
One advantage is that all software identified as regular is supported, so Emir sees no need to further have to patch, as they do not use any proprietary programs.
With Panda Patch Management, all patches are in order and can be scheduled to deploy when the stores are closed so no business is disrupted. The control is comprehensive and contributes to a considerably safer environment. Everything can be seen – what happened and which patches did not succeed. The solution is simple, and very stable. This makes it difficult to make mistakes.
Emir says, “Panda AD360 is an extremely good protection. So far, we have had no problem with either malware or incidents in the programs. Nothing has happened.
With the Patch Management module, the security of the applications is further tightened and the functionality up to date; it is simple but works like a clock.”
Evaluation
Reports on which programs have been patched and which computers and services have been patched and updated are easy to generate. In summary, Emir is of the opinion that it is a very simple service that fully fulfills its function.
Main use
Panda Patch Management, within a single user-friendly solution, allows:
Audit, monitor and prioritize operating systems and application updates.
The single-panel view offers centralized up-to-the-minute and aggregated visibility into the security status of the organization with regard to vulnerabilities, patches and pending updates of the systems and hundreds of applications.
Prevent incidents, systematically reducing the attack surface created by software vulnerabilities.
Handling patches and updates with easy-to-use, real-time management tools that enable organizations to get ahead of vulnerability exploitation attacks.
Contain and mitigate vulnerability exploitation attacks with immediate updates.
Panda Adaptive Defense 360 console, in conjunction with Patch Management, allows organizations to correlate detected threats and exploits with the uncovered vulnerabilities. Response time is minimized, containing and remediating attacks by pushing out patches immediately from the web console. Additionally, affected computers can be isolated from the rest of the network, preventing the attack from spreading.
Reduce operating costs.
Panda Patch Management does not require the deployment or update of any new or existing endpoint agents, simplifying management and avoiding workstation and server overloads.
Minimizes patching efforts as updates are launched remotely from the cloud-based console. Additionally, installation is optimized to minimize errors.
Provides complete, unattended visibility into all vulnerabilities, pending updates and End of life applications immediately after activation.
Comply with the accountability principle.
Included in many regulations (GDPR, HIPAA and PCI). It forces organizations to take the appropriate technical and organizational measures to ensure proper protection of the sensitive data under their control.