Alpha Generation Distribution Ltd is a 4SEC Group Company
Follow us on Twitter Follow us on LinkedIn
Call us on: 01777 852222

Is Your Golden Image Really Up-to-date?

Is your golden image really up to date

In IT, there’s a lot of frustrating repetition. It’s your goal to standardise as much as possible, across hardware and software, but that inevitably means repeating the same tasks on numerous identical machines. It’s time-consuming, expensive, and boring.

So, in a large organisation, it makes sense to use a single image of your standard Microsoft Windows install – a ‘golden image’ that represents the most up-to-date Windows version with all the drivers, patches, and applications your users will need. Then, you can deploy that image to new machines as soon as they come online.

But while this is great for efficiency and standardisation, it’s not ideal for security. Typically, you would change that golden image quarterly, or when significant changes occur in your organisation.

And the threat of application vulnerabilities moves a whole lot faster than that.

Software gets out-dated at breakneck speeds

According to the Flexera Vulnerability Review, 17,147 vulnerabilities were disclosed in 2016. While those vulnerabilities didn’t pace themselves evenly through the year, it’s not unreasonable to think you could be looking at as many as 4,000 vulnerabilities per quarter.

Of course, you won’t be using every application that’s affected – but it only takes a single vulnerability to let an attacker in. And if you think you could avoid every vulnerable application, the numbers aren’t on your side.

Third-party application versions don’t last long, but your golden image probably isn’t updated every time an application needs an incremental patch. At worst, that leaves new machines exposed to known vulnerabilities. At best, it means you need to spend time updating applications from the golden image as part of your on-boarding process.

Which flies in the face of everything a golden image is supposed to do for you.

You could create a new golden image more often – but it’s not a very practical approach. That’s because:

  • It’s not a fast, automated process, but one that takes manual time and energy
  • You could find yourself creating a new golden image when very little has changed in the application versions you use
  • How often is enough? The only way to be completely protected would be to check and recreate the golden image every time it is used

A golden image can help you deploy new machines quickly and efficiently. But your standard Windows tools need some extra support to keep your image secure.

Bring ongoing patching to your golden image

Flexera Corporate Software Inspector identifies third-party applications on your network, checks for vulnerabilities, evaluates how critical each vulnerability is, and works with deployment tools to deliver the appropriate patches.

However, it’s just not just the software on existing machines across your network.

Corporate Software Inspector applies updates via Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM). So when a new machine comes online, third-party applications can be patched before the PC is delivered to its intended user. Automatically.

As a result, you can take advantage of a consistent golden image to speed up deployments – and use the same familiar interface to speed up patching, too.

Automate your patching process with Corporate Software Inspector