WSUS Deprecation: Your Next Move in Patch Management

This Wednesday | 12 PM EST / 11 AM CET

Action1 5 Customer Stories 5 Agronomy Company Mitigates the Risks of Ransomware Infections with Action1

Agronomy Company Mitigates the Risks of Ransomware Infections with Action1

the Arthur Companies

Company

The Arthur Companies operates diverse agribusinesses, including grain elevators, a birdseed company, and a wholesale fertilizer company in North Dakota and Idaho, United States.

Headquarters

Arthur, ND, USA

Website

arthurcompanies.com

The Challenge

The Arthur Companies has around 20 locations across three states, and its workstations are spread among those locations. The three-person IT team is responsible for keeping all company devices up to date with the latest security patches and managing them effectively. Previously, the team used ManageEngine Patch Manager Plus for these purposes; however, it proved to be ineffective for the devices that were off network. Moreover, an increasing number of devices were not joined to the company domain, and ManageEngine Patch Manager Plus could not work for them either. As a result, 20% of the company’s devices were not properly patched — which increased security risks significantly.

Joe Holder, IT Director at the Arthur Companies, started looking for a solution to mitigate these risks. The search became even more urgent when the FBI released a security alert that warned of a likely increase in ransomware attacks on the agricultural sector and named unpatched vulnerabilities as a main attack vector.

“Any security event of this kind could cost hundreds of thousands of dollars and impact our global supply chain,” says Joe. “If we were unable to move grain, load trains, and fulfill our contracts with customers due to an attack, it could affect food producers worldwide.” Accordingly, Joe’s main requirement for the tool was the ability to easily deploy security updates and software on all endpoints regardless of their location.

The Action1 Solution

Joe evaluated several RMM tools and chose Action1. He ruled out NinjaOne because it included many features he didn’t need and lacked some that he actually needed. In addition, he found the tool’s software deployment process to be confusing, while Action1 enabled him to install software at the push of a button. He also liked Action1 interface and ease of use. Most importantly, as a cloud-native tool, Action1 doesn’t depend on infrastructure constraints and empowers Joe to manage both off-site devices and machines not joined to the company domain. Finally, he was thrilled to discover that Action1 enables him to manage firmware updates — yet another important capability that his previous tool couldn’t deliver.

The Benefits

Improved security. With Action1, Joe’s team was able to establish a robust patch management program that covers all their devices, including those not handled by their previous tool, which dramatically reduces the risk of ransomware infections and other security incidents. “We were able to fully replace ManageEngine Patch Manager Plus with Action1,” reports Joe.

With our previous tool, we were under constant risk, as 20% of our network was not being patched with security updates because they were off-site or not joined to our company domain. Action1 addresses this security gap by enabling us to establish a robust patch management program that covers 100% of our devices.

Joe Holder, IT Director at The Arthur Companies  

In addition, Action1 enabled Joe to develop a set of policies that enable him to patch devices in the least disruptive way possible. “That’s the challenge of security: Security and convenience are two ends of the spectrum. You have to patch to be secure, but you need to do it in a way that does not hinder people’s activity,” explains Joe. Joe’s granular policies consider the following key parameters:

  • Patch release date — Joe prefers to wait seven days after release before deploying a patch to ensure the vendor has enough time to recall it if it is problematic.
  • Working hours — Joe defined a patch deployment window from 8 pm to 4 am so that users who leave their laptops offline overnight are not hit by a wave of updates when they start their workday. He also specifies a convenient time for updates that require reboots, ensuring that they get installed without impacting productivity.

Streamlined device provisioning & software deployment. Action1 is vital to the company’s initial build process, ensuring that the correct applications get installed efficiently. Joe and his team utilize Action1’s App Store and scripting capabilities to automate deployment of custom apps across their machines; for example, they install ThreatLocker and ESET to further protect endpoints against cyberthreats like ransomware.

Configuration management. Joe’s team is able to proactively manage device configurations using Action1 scripts. For example, configuration scripts control the use of certain registry keys and the creation or modification of local user accounts. These capabilities give them complete control over their endpoints.

Patch Management That Just Works

Discover, prioritize and remediate vulnerabilities in a single solution
to prevent security breaches and ransomware attacks.

Setup in minutes to reduce your cyber risks and costs:

 

More Success Stories