Dennis Walker 2025

Blog

  • Product: 3rd Party Patching

    Third-Party Patching: Everything You Need to Know

    Timely deployment of patches is critical for maintaining the security of your IT systems. Through efficient patch management, you can regularly deploy software patches and keep your IT infrastructure up to date. While most remote monitoring and management (RMM)/ endpoint management solutions feature patch management functionality, third-party patching is a key component that shouldn’t be overlooked.

    What is third-party patching and why is it important? Keep reading to find out!

    What are Third-Party Applications?

    A third-party application is software created by a company other than the original manufacturer of the device on which the application running or the operating system (OS) that supports it.

    For example, Adobe Acrobat Reader is a third-party app that is available for both Microsoft Windows and macOS.

    Commonly Used Third-Party Applications

    Some of the most commonly used third-party applications include Adobe Acrobat Reader DC, Adobe Photoshop, Google Chrome, Google Drive, WinZip, TeamViewer, Evernote, LibreOffice, and Cisco Systems Webex Productivity Tools. Each of these third-party apps are used every day by businesses for their day-to-day operations.

    For example, WinZip is a popular third-party app used for compression, sharing, encryption and backing up files. Adobe Acrobat Reader DC is used to view, open, print, sign, search, annotate and share PDF files. Businesses also frequently make use of the file storage and synchronization service offered by Google Drive.

    What is Third-Party Patching?

    Third-party patching or third-party patch management, is essentially the process of deploying patch updates to third-party applications that have been installed on one or more of your endpoints (e.g., servers, desktops, or laptops). Third-party patching addresses bugs or vulnerabilities in the software that either affect its function or security. Patching software vulnerabilities is a critical part of your overall IT security process that helps prevent exploitation by hackers.

    Endpoint management tools also perform patch management for operating systems including Windows, Windows Server and macOS to keep them up to date and protected against cyberattacks.

    What is an Application Patch?

    An application patch is a version of the software that has been designed to fix a vulnerability or bug in the application. As noted above, patches may address functional bugs or security vulnerabilities.

    What is the Difference Between a Patch and an Update?

    It is not uncommon for people to confuse patches with updates, although they differ from each other, with each serving a unique purpose. Updates are designed for software enhancement and are focused on adding new or upgraded features and functionalities to an existing program.

    On the other hand, patches are specifically designed to fix security vulnerabilities or bugs in the software to improve its usability/performance, minimize the attack surface (by remediating software vulnerabilities) and protect the system against potential cyberattacks.

    Why is Third-Party Patching Important?

    Cyberattacks are a major threat to the productivity and sustainability of any organization. While many organizations maintain proactive efforts at patching their OS software, they often fail to follow the same discipline in keeping their third-party software patched and up to date.

    From small businesses to large enterprises, all companies leverage a variety of third-party software in their daily operations. In recent years, third-party applications have become the primary attack vector for a variety of cyberattacks, such as malware. In the 2020 Verizon Data Breach Investigations Report, about 6 percent of security breaches (not attacks, actual breaches) involved exploits of software vulnerabilities. As such, it is imperative for businesses to proactively embrace third-party patching to minimize the attack surface for cybercriminals.

    Dangers of Neglecting Third-Party Application Patches

    The consequences of delaying or ignoring third-party patching can be disastrous for any organization. There were more than 18,000 publicly disclosed software vulnerabilities 2020 and more than 4,300 of them were rated critical. Unpatched critical vulnerabilities in third-party applications are a gateway for cybercriminals to enter the corporate network and wreak havoc on the business.

    Every time you don’t deploy the patches released by vendors to fix application security bugs, you are exposing your systems to potential cyberattacks. The infamous ransomware attack Bad Rabbit, which first appeared in 2017, was disguised as an Adobe Flash installer (a third-party app) and spread via drive-by downloads on compromised websites.

    Third-party applications, such as Mozilla Firefox and Adobe Reader, have recently emerged as being responsible for a steady upward trend in the number of vulnerabilities that continue to affect users around the world.

    Automating the patch management process enables you to avoid the disastrous impacts of serious yet preventable cyberattacks.

    How Often Should You Perform Third-Party Patch Management?

    Unlike Microsoft, which sticks to a regular patch release schedule, most third-party vendors do not follow a specific frequency for releasing patches. Third-party vendors usually roll out security patches as and when a bug or vulnerability is detected and they need to fix it.

    The sheer volume of third-party apps organizations use on an everyday basis makes it next to impossible to manually keep track of all of the relevant patches.

    Given that third-party patching (like OS patching) is critical for keeping your organization secure, it only makes sense to automate it. Automating third-party patching ensures that patches for third-party software are automatically deployed within a short time of their release. Generally, you should try to apply patches within 15 to 30 days of availability. For critical vulnerabilities, the sooner the better, of course.

    Automated Third-Party Patching

    Automating the process of third-party patching ensures that all patches are deployed on time and according to your company’s security policies. Needless to say, automated third-party patching not only helps keep your IT infrastructure secure and up to date but also saves you the headache of performing manual patching.

    There are patch management tools for third-party patching that regularly scan third-party software for patch updates and deploy them as soon as they are released by the vendor. Once the patches are installed, the third-party patch management solution documents the process in the form of reports and logs for future reference.

    Benefits of Automated Third-Party Patching

    Automating third-party patching helps you stay on top of your software patch updates and frees up time for your technicians to focus on more strategic and revenue-generating projects.

    Some of the other important benefits of automated third-party patching are:

    • Automated Gathering & Deployment: One of the most attractive benefits is that it saves your technicians the cumbersome task of manually searching for and deploying patches for numerous third-party applications that you use every day.
    • Consolidated Management & Reporting: Deploying an automated third-party patch management solution enables you to view all the installed patches on a single dashboard and document reports on what patches have been deployed and what issues have been addressed.
    • Maintain Security & Compliance: Automating third-party patching ensures timely and consistent installation of patches that not only helps reinforce your cybersecurity posture but also keeps your business compliant with industry regulations.

  • Product: O/S Patching

    Operating system (OS) patching is one of the most important defenses in protecting digital systems from vulnerabilities and preserving the integrity, security, and optimal performance of both Linux and Windows environments. Keeping operating system up to date with at least security patches is a must. My base O/S patching is an option with the monitoring. It provides patching on a schedule determined by your schedule. For most clients this is daily early in the morning when you are not using your computer. If you are one of those clients that this is inconvenient for, I can adjust the schedule to less frequent and on another time. Below is some information about what and why this is so important. If you have any questions, call me.

    What is OS patching? 

    OS patching is the practice of applying software patches to the operating systems installed in your environment to ensure they remain safe, secure, and protected from external threats. The IT landscape is changing. BYOD, OS diversity, and even end users accessing corporate systems via public networks all present challenges for IT departments trying to keep track of increasingly complex infrastructure and dependencies. With increased complexity comes an increased risk of cyber threats that the service ecosystem could be exposed to, as well as keeping track of new OS patch releases from vendors and suppliers. With those challenges in mind, staying current with cross-platform patch management and building a robust approach to patching have never been more relevant.

    Why is OS patching important? 

    Done well, OS patching can be the difference between a well-supported environment and one that is susceptible to unplanned downtime and performance issues. Here are some of the critical benefits of a robust approach to OS patching:

    • Compliance:Many organizations now have regulatory requirements or insurance directives mandating a regular patching regime. Non-compliance can lead to severe penalties. 
    • Availability: Keeping your systems’ patches will prevent extended downtime due to security threats and remedial maintenance/emergency patch activity.
    • Performance: Devices can crash due to software defects, so keeping your services patched means they are updated with the latest bug fixes and are more secure. 
    • Security: A common cause of network security breaches is missing patches in operating systems. Having a regular patch schedule means installing updates promptly, reducing the opportunity for data loss and damage to your infrastructure. 
    • New features: Patches are not always about protection from malware or fixing bugs. Sometimes patches can include new features that can give you greater functionality.

    Common challenges, and how to address them

    Here are some of the most common patching challenges and how to handle them:

    ChallengePossible Solution 
    No appetite for maintenance windowsIt is not always easy to justify regular downtime for maintenance, especially as many organizations are feeling the pinch in a post-pandemic economy. Remember longer downtime following a virus, cyber-attack, or ransomware incident. Work with your team to agree on a maintenance window acceptable to all users.
    Keeping track of OS patches from different vendorsUnderstanding what patches are outstanding is a crucial activity to be able to prioritize support activity.

    Dos and Don’ts of OS patching

    Are you inspired to sort out your OS patching process once and for all? Here are some tips for getting started.

    • Enable automatic software downloads whenever possible to ensure critical updates are installed as quickly as possible.
    • Don’t use unsupported or EOL (end-of-life software).
    • Do use secure vendor servers for patches and software updates.
    • Don’t install patches from unknown links or ad content.
    • Do communicate patch windows beforehand and agree to any potential downtime with the rest of the business.
    • Don’t download software updates to devices while on untrusted networks.
    • Do prioritize systems for patching so you know which have the highest risk or are most sensitive to the organization. 
    • Don’t try and patch everything. Not all vulnerabilities will be exploitable in your environment, so check if the patch is needed first.
    • Do apply patches as soon as possible (once you have confirmed they are needed). Deploy operating system patches immediately when they are released since they can have severe and widespread effects.
    • Do build in some flexibility by using pull-based deployment mechanisms to enable the end user to schedule the patch at a convenient time. 
    • Don’t allow people to put off updates indefinitely. Have something in place so that after a pre-registered amount of time, pull reverts to push so your users and their systems are protected. 
    • Do regularly scan and audit your environment to ensure any vulnerabilities can be flagged and acted upon. 
    • Do create patching procedures for routine and emergency patches so that urgent patches can be deployed quickly to mitigate organizational risk. 
    • Do understand each vendor’s release schedule for patches and updates so that you can plan and schedule maintenance work accordingly.

  • Product: Webroot DNS Protection

    To help protect from malicious websites, we recommend DNS filtering by Webroot.

  • Product: Sentinel One Control

    The next generation of endpoint protection. It does not routinely scan for known viruses and malware but monitors and logs computer activity looking for suspicious behavior. If bad behavior is detected, recovery options include killing the process, quarantine the file, roll back any changes the process made.

    For the best protection, I recommend combining Sentinel One and Webroot.

  • Product: Webroot Anti-virus

    Our old friend anti virus. I have been using Webroot for over 15 years and have never had it let me down. This is our basic anti-virus product. This is the anti-virus I have been using for over fifteen years without any significant infections. It works well and does not slow down your computer. The only reason I offer anything else is because in today’s security environment, it is possible, and I’m told likely, that new viruses are designed to bypass the type of protection provided by Webroot and other anti-virus programs. I still recommend this for residential and low priority entities.

  • Product: N-Able RMM

    N-Able N-Sight RMM is our current default monitoring agent for computers and servers. It has several optional features that allow me to provide other services. I’ll describe some of them below as well as normal default monitors. Each computer or server will get the default monitors initially and then they will be customized for your environment so that we know when an important issue arises. Prices below are per month per endpoint.

    • N-Abe Options
      • Base Install. $2.50.
      • Remote Control. Included with base price. Allows me to remote into the computer and fix issues without making a trip to your location.
      • Remote Background. Included with base price.
      • O/S Patch Management. $3.50. Monitored patch and upgrade management for your operating system.
      • Third Party Patch Management. $1.50. Monitored patch management for supported third party applications.
      • Network Scanning. Included with base price. This allows an attempt at scanning your network for dangerous devices. Depending on the device and its configuration, a scan may not tell us anything. But it might tell us if something new is attached to your secure network.

  • Monitoring

    This is the primary advantage of purchasing products from Dennis Walker over purchasing them yourself. I can monitor many aspects of your computer and internet system.

    Our primary monitor for workstations and servers is N-Able N-Sight RMM. This agent allows us to monitor most all aspects of the operation of your computers and servers as well as operation of services provided.

  • Email Security Features Offered by Dennis Walker One

    In todays security environment, there is never any guarantee that you cannot get hacked. Unless of course to turn the power off to all your computers and lock them in a vault on another planet. OK, I’m getting carried away but the point is that even if you did all that, there will always be someone who can figure out how to undo it and get you anyway. Any security system has to make enough layers of security to make id difficult for hackers to get through them all. A robust email security system is not only important to protect your computer and information from destruction, hacking, and theft, but also to protect your clients and friends if you do get hacked.

    We sell and use Proofpoint Essentials for Email Security. Here are some of the features and our default setup. You may have need to adjust some of these but we have these defaults. You may need more or less protection. For example, we could quarantine any email that fails an SPF check rather than flag it. We chose this as a default so that users could see what was happening and take appropriate action with coligs if needed.

    Incoming

    • SPF – SPF is a mechanism used to authorize internet servers to send email for a domain. If a domain like domain.com authorizes mail.domain.com to send email and an email from that domain comes from somewhere else, we will flag the email with a “Spoofed sender” tag in the subject. You should be careful about opening this email. If you know where it is coming from, you might want to inform the sender that their email SPF record has a problem and the email administrator needs to get it corrected.
    • DMARC – DMARC is similar to the SPF above but is used to verify the reply address rather than the sender address. Same action is performed. We will add DMARC Failed to the subject and again, be careful opening it.
    • DKIM – DKIM is a method to lock the contents of an email and ensure it has not been altered. It will also be flagged with a subject message “Warning DKIM failure”.
    • Virus and Malware. All viruses and malware will be quarantined and can only be released by an administrator.
    • filtering rules. We can create custom filtering rules that can redirect, quarantine, or take other actions base on several parameters.
    • Safe Senders. You can have individual or group safe senders that bypass SPAM, SPF, DKIM, and DMARC checks. They will not bypass virus and malware checks.
    • Blocked Senders. Blocked senders are quarantined immediately without being checked.
    • SPAM – I personally hate leaving the decision about whether an email is spam or not is scarry. Our spam filter has adjustable sensitivity from 1 to 22. Any email flagged as SMAM can be quarantined or flagged.

    Outgoing

    • Encryption
    • SPAM
    • Virus and Malware

    Training

    • Courses
    • Real time exercises. We can send

  • KeePass Password Manager

    KeePass is the password manager I use. Here are some tips and help getting it setup and useful.

    First, I like to install it with Ninite. Goto https://ninite.com/. Under other, check KeePass.

    Save the installer if you like. I keep it do do upgrades.

    Now that KeePass is installed.

    Keywords: keepass, keypass.

  • Computer Basic Training

    https://edu.gcfglobal.org/en/computerbasics/