A user inquired about using ControlUp for remediating CVEs in their organization with 40k+ devices. They were looking for a proposal template to use and announced their plan to target the most vulnerable devices first in batches. Another user shared that they have been patching their devices on a monthly basis and asked about others’ patching schedules. A response mentioned that they encountered some issues related to scheduling but they have since been fixed and the product has been stable for months. The user then thanked them for the feedback.
Read the entire ‘ControlUp for CVE Remediation in Large Organizations’ thread below:
Hello, I am in an organization with 40k plus devices. Looking to start using control up for remediating CVE. Has anyone used a current template for proposal of remediation? My organization is adverse automating these remediations at this time so I will probably be proposing we target most vulnerable devices first in batches.
we have approx 12k devices all being patched on a regular basis with SecureDX. There were alot of issues when we first rolled out, but since then CU has done an amazing job of fixing all of those issues and integrated them into the product. One question is, what are your patching schedules? We have a patch window every night for our different customers, which works fine as a weekly schedule. If you are wanting monthly schedules, thats not quite there yet but its coming soon
Thank for the response Josh. We patch OS on a monthly basis via a separate application. I’m looking into proposing weekly patching for CVEs on apps and monthly patching for compliance. I would reserve OS and config patching to another team. Ultimately this will be up to our change advisor board. I’m curious about what issues you may have encountered or still encounter during remediation. I’m sure my organization will not be ready to commit to automating this until it can be proven stable. I will be running jobs to target set groups on an internal schedule most to start with most likely.
yes sounds good. The issues we encountered were related to scheduling and things not kicking off on the right days, however, these have been stable for months and no regressions have occurred. For basic CVE remediation the product has been super stable. The edge cases revolve around 3rd party patching as you can imagine.
Excellent, Thank you for the valuable feedback.
Continue reading and comment on the thread ‘ControlUp for CVE Remediation in Large Organizations’. Not a member? Join Here!
Categories: All Archives, ControlUp for Compliance