There’s only two of us here at Section 9. Deploying and using LastPass was relatively easy. What about using it in an enterprise environment with hundreds of workstations and laptops? That’s the real challenge. What features are we going to use? How do we deploy LastPass with Automox? Is SAML an option we want to use?

So many questions, so little time to figure them out.

We’ve got a patch management process. It isn’t perfect, but It’s a start. That’s way better than some organizations. What’s next? Testing it on Patch Tuesday.

After migrating to smaller, cheaper servers on DigitalOcean, I realized we need a new management process. We need a checklist that says do these 10 or 15 things. We’re starting the conversation. We hope to have this figured out soon.

Time to start thinking about secure configurations. What is a secure configuration? What gets configured? How do you manage them?

This is just the beginning!

We’ve got a HIPAA correction to make, BIND 9 changes, & a new help desk solution called Jitbit.

In this episode we talk about patch Tuesday, An issue with Automox, & HIPAA compliance. We also have a bit of interesting news. We might have our first client. There’s a minor issue. They asked about HIPAA compliance. We’re not HIPAA experts. However, there might be a way we can help them. Did you know you can map the Critical Security Controls to some of the HIPAA requirements?

CORRECTION

In this episode a reference was made to HITECH. This should be HITRUST.

HIPAA & HITECH are laws covering health records. HITRUST is a framework used to audit & secure an organization.

For more information check out the HITRUST Alliance.

The city of Baltimore wasn’t patching. They got hacked. One million systems connected to the Internet are vulnerable to BlueKeep. Why haven’t these systems been patched? When will they be hacked?

Not patching could lead to you or your organization getting hacked. That’s why we’re working on required software polices in Automox. Not only does this help us deploy 3rd party applications, but it also helps us patch them. We’re trying to patch our systems before the hackers find them.

The City of Baltimore was hit by Ransomware. We go over some of the details, including an unpatched vulnerability from 2017.

I finally took a look at the Verizon Data Breach Report. If you haven’t read it, do it now. This report helps you understand how the hackers are getting in. You need to know how they get in if you want to plan for prevention and detection.

With the help of Automox, we survived patch Tuesday. We know all of our Windows systems are patched. This process wasn’t seamless. It required a few more mouse clicks than we expected. I’ll take a few more mouse clicks over manually patching any day.