Patching Mobile Computers

A growing number of users are mobile.   While I’ve heard some people say these people will VPN and thus get security updates, I think that many of them don’t VPN in.   They can do so much over on their phone, connect to mail over ISA, perhaps they are using a customers mailbox.   Some are at customer’s sites and not allowed to VPN out.  Others might be travelling and just not have the time.   What happens to the security of these computers?

One of the things I found with NAC was an ability to see what was unpatched on my network.   Problem is the NAC only works if the computer is on the network.   Even if I was using a software NAC agent such as the one in Symantec Endpoint Protection, that provides enforcement only.   It can’t report back to my management server inside my firewall.

As a Microsoft SCCM user, I looked at their configuration options to allow internet based computers to connect to a computer.   It seemed expensive, complicated and hard to implement.   Native mode requires digital certificates.   Our security policy would result in a duplicate SCCM environment on a border network.

I looked at Bigfix, but its seems they would require an inbound connection from the boundary server.  That violates our company policy, so I had to keep looking.

I wondered if Microsoft DirectAccess would solve this issue.   IPv6, and digital certificate requirements make this one a bit scary.   An always-up VPN into our network is a bit scary as well.

That’s when I received a cold call from Fiberlink a company that offers MAAS360 a product for mobile computer management, reporting, and patching from the cloud.  I’m interested in using SaaS where it can be done securely and will save money.   I signed up for an evaluation.   Even with only a few computers installed, I can see some nice reporting capabilities.   As we get a bit further in the evaluation, I”m going to see if this can solve problems also by deploying patches detected as missing.

4 Comments

  1. I’ll be interested to here about the results of your test. I noticed many AV companies are now offering SaaS models so this is a logical extension of that. It definitely seems like the future direction since mobile devices and user choice is only proliferating more and more each year.

    I am following you on twitter now so look forward to some updates.
    Mark

  2. You should take a look at Secunia’s CSI product. It does good scanning and reporting. It also does patching, but I haven’t tried that yet.

    -jack

  3. Pingback: » MAAS360 eval - Roger's Information Security Blog

  4. Pingback: MAAS360 eval | HackerSafe Security Related Blog for all

Comments are closed.