Security patching challenges
Patching known vulnerabilities comes at a cost. Performing the activity at scale across your organisation could result in business disruption and regression defects.
When planning for this disruption in advance, you have two choices:
- Spend additional time and resolve all known vulnerabilities over a longer patch maintenance window, at some point further in the future.
- Move swiftly to resolve high and critical priority patches, in the near term.
Organisations that move swiftly have the best security posture. Security patching consumes time and resources both during and after the patching event, therefore it is prudent to prioritise the most important patches first. Focusing on patches that are critical or high priority mitigates the likely vector of breaches and data loss for your organisation.
Thanks to Canonical’s robust tooling, system administrators have choices when it comes to deploying security patches across their Ubuntu estate. System administrators have a choice to patch their Ubuntu estate by software package name, security vulnerability’s CVE number, or the security vulnerability’s USN number. Canonical also provides tooling for on-demand patch analysis through systems which operate externally from the ones used to apply the patch. For example: a system could be patched by Landscape, and the patch can be verified through Pro Client. Alternatively, a system could be patched by Pro Client, and the patch can be verified through Landscape. OVAL analysis is also available, and this analysis can be performed on the machine itself, or it can be performed externally on a different machine.
Beyond security and vulnerability patching, Landscape is an essential component of many organisations’ broader compliance strategies. Self-hosted Landscape is free for limited personal or evaluation use. All machines with an active Ubuntu Pro subscription can use Landscape SaaS or self-hosted Landscape at no additional cost. Both editions of Landscape are included with Ubuntu Pro on AWS, Azure and GCP.
Canonical offers professional services for implementation, training, and consulting in connected, and air gapped environments. If you want to learn more, talk to us about Landscape and our professional services options