Axonius
By Daniel Trauner and Alex Oloriz
Navigating the labyrinth of patching unmanaged applications in a corporate environment can feel like an uphill battle, with new vulnerabilities lurking around every corner. As organizations scale and strict controls for corporate endpoints are still being established, it becomes increasingly difficult to restrict the software employees install. How can we efficiently manage this flood of vulnerabilities when it’s impractical to centrally patch every single application?
In this blog post, we'll explore how the Axonius security and IT team leverages our Cybersecurity Asset Management platform coupled with its Enforcement Center's "Send Email to Assets" action, to encourage users to patch unmanaged software. This approach transformed the company’s employees into powerful allies in strengthening corporate security posture.
Patching unmanaged browsers: the Firefox challenge
Our centrally managed browser of choice is Google Chrome, which has built-in updater controls resulting in rapid adoption of updates. We also implemented automated patching with forced reboots for both Windows and macOS, handling Safari and Edge patching respectively.
Upon examining other browsers used by employees besides Safari, Edge, and Chrome, we identified a significant number of Firefox users, some of whom were slow to install updates. This included patches for critical vulnerabilities highlighted by CISA's Known Exploited Vulnerabilities Catalog. As the number of Firefox users grew, so did the number of consistently unpatched installations. Given the critical role that web browsers play in employees' activities and the company's security, we decided to start by reviewing our approach to patching Firefox, which didn’t have centralized patching at the time.
Initially, we relied on manually sending wider announcements and targeted notifications to affected users when critical vulnerabilities in unmanaged software would pop up, but as the company expanded, these methods became unsustainable.
The Axonius Enforcement Center: automated and targeted employee outreach
The Axonius Enforcement Center module offers various actions to help bridge the gap between identifying and fixing vulnerabilities. While direct tie-ins to tools (like MDM) can handle patching, we turned to the "Send Email to Assets" action for cases that led to a faster reduction in risk in the interim before IT had the bandwidth to build a new application into our formal patch management program. When this action is configured, the solution sends a message to the email address that is associated with each device identified by a Devices Query.
Given the high internal engagement at Axonius for security-specific action items, we experimented with sending targeted email notifications to users with devices harboring critical or high severity Firefox vulnerabilities. We opted to send these emails every five days, striking a balance between urgency and minimizing disruption.
The results were dramatic. Not only did the user-driven patch rate soar from approximately 40% to 75%, but the patching speed increased as well. Even better, these metric improvements have been consistently maintained for months since implementing this change!
While we continue to employ automated controls whenever practical (including building deployment/patching strategies with tools like MDM), this approach serves as an effective mechanism to distribute security responsibilities for approved, user-specific software for those who want to use it.
Conclusion: empowering users for a secure future
By leveraging Axonius Cybersecurity Asset Management solution and its Enforcement Center's “Send Email to Assets” feature, we transformed users into security champions, taking ownership of their role in keeping corporate assets in a secure state. This straightforward approach of periodic email reminders has led to a more secure environment and has helped solidify our culture of security awareness and distributed responsibility.