What are the benefits of automated, cloud-native patch management?

Could organizations recoup their share of more than $1 billion per quarter by moving away from legacy solutions to cloud-native patch management and endpoint hardening? A new report from Sedulo Group says yes.

The 2020 TCO Study of Microsoft WSUS & SCCM report shows organizations using Microsoft endpoint management for patching and hardening spend nearly 2x as much as organizations using SaaS-based patch management platforms.

Microsoft System Center Configuration Manager (SCCM) and Microsoft Windows Server Update Services (WSUS) currently manage over 175 million endpoints and cost organizations more than $625 million per month to manage versus a cloud-native approach.

The report defines the hidden costs of legacy patching, analyzing several factors that can impact TCO such as the hardware, software, licensing, training, and personnel unique to an organization. Based on this analysis, the hardware requirements and operational costs for WSUS and SCCM have the ability to push the total organizational cost burden to over $6.6 million, or $11 per endpoint per month for typical customers.

The report found that the most significant cost savings were prevalent in “scenarios where multiple OS are in use, or workforces consist of heavily virtualized or entirely remote-based staff.”

“It’s not just operating systems that need to be regularly patched. Almost any piece of software can serve as an attacker’s entry point to a network, and each has its own patching or updating mechanism. It’s almost impossible for an administrator to learn in a timely manner when one of these apps has become vulnerable, and it’s very time-consuming to apply a patch on all instances of an app on the network,” Mitja Kolsek, co-founder of 0patch, told Help Net Security.

“I believe the optimal patching model for today’s organizations with complex, ever-changing network topology, countless software products, and attackers with 0-day and N-day vulnerabilities targeting them, comprises a cloud-based patching service for official vendor updates, combined with a cloud-based micropatching service for fixing critical 0-day vulnerabilities and N-day vulnerabilities on end-of-support systems. I envision future patching services to merge these two complementary concepts and even provide micropatches as an alternative to official vendor updates.”

The report highlights that “selecting a SaaS-based patch management solution over a legacy provider minimizes the risk of financial impact.” Cloud-native patching and endpoint hardening platforms reduce the impact of unplanned expenses and the total cost burden over time while providing greater value than WSUS or SCCM solutions by being able to rapidly deploy patches and easily meet the security needs of hybrod and remote workforces.

“Many organizations lack the ability to properly manage endpoints and are often paying too much for tools that simply cannot deliver enough value,” said Jay Prassl, CEO, Automox. “This study puts a spotlight on the cost burden that on-premise patching solutions create, and how making the switch to a cloud-native platform enables cost savings, increased capabilities, and the scalability today’s ever-changing businesses need to properly secure their workforces.”