15:45 CET, 30th November 2012 By Kent Agerlund, Senior consultant and Configuration Manager MVP at Coretech..
A few years ago I wrote a blog posts on Microsoft SCUP and Secunia CSI 5.0. Back then my conclusion was that Secunia had a superb security database but required a custom agent and didn’t have an easy Configuration Manager Console integration. With the latest release of Secunia CSI those “obstacles” are removed and the solution looks very promising. In this, my first test drive of the product, I will see how quickly I can install the solution and start patching my environment.
CSI requires that you first install the CSI administrator console and then the CSI SCCM plug-in. The installation process takes less than 1 minute and is straight out-of-the-box. You can download a free evaluation copy here
Configure WSUS and Configuration Manager Integration
In order to configure the integration you need to do a few things first, like configuring WSUS, create or configure the self-signed certificate and deploy the certificate. CSI allows you to configure all of these settings with a simple wizard. The wizard is perfect for lab environments and small business but also allow mid-sized and enterprise organizations the flexibility to configure their own settings.
We need to deliver compliance information to Secunia before updates will be made available. The compliance data can be delivered using one of the four different scanning solutions.
In this test drive I will use the software inventory information from my ConfigMgr. clients.
Approving and deploying patches can be performed from within the CSI console or in the ConfigMgr. console using the CSI plug-in. The plug-in is creating a Secunia folder in Software Library from where you can configure WSUS settings and see a list of all insecure applications in the environment. In this example I only had a few Adobe applications installed but the scan process will find many more apps like Java, Google Chrome, Firefox and the list just goes on.
To deploy a patch do the following
You might wonder why you have to go thru a 4 page wizard to deploy an update. To me, it’s all about control and having the flexibility to do almost whatever I want. This scenario is fairly simple, but there could be other scenarios where you might want to uninstall several older versions of the application before start to deploy the new version.
Senior consultant and Configuration Manager MVP (Microsoft Valued Professional) at Coretech.
Visit Kent Agerlunds original blogpost on coretech.dk