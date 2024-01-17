Where there is a will (read: corporate priority), there is a way. The end-user support and technology team at Tokio Marine HCC International, a specialty insurance company, clearly understands this.

About 18 months ago, the company’s international division established a team dedicated to better supporting its 2,300 underwriters and other staff. The initiative focuses on improving both productivity and security and is responsible for end-user satisfaction and ensuring security measures extend to individual endpoints.

Streamlining Patch Management

Before the team was formed, employees who faced issues such as slow device response times, unreliable internet access, or the dreaded “blue screen of death,” would contact the service desk, just like everybody else.

“We were constantly trying to meet expectations, but there was no real structure,” said Darren Edwards the company’s end-user support lead. “It was more about capturing user feedback based on ticket responses and then reaching out to users individually to try to improve their experience.”

Like most other companies, Tokio Marine HCC pushed out operating system patches monthly following Microsoft’s update announcements. The team followed the same practice for issuing firmware and application patches. The team would then wait for feedback from the service desk to understand the impact of the patches and rush to fix any problems that arose. However, the team lacked sufficient data for informed decision-making and needed more advanced processes for patch management and vulnerability remediation.

“We wanted to have a better testing mechanism so we could have more faith in the updates and patches we were deploying to fix vulnerabilities,” explained David Hiller, Tokio Marine HCC end-user technology lead. The team also wanted a more holistic and granular view to understand the devices in use, track the patches and vulnerabilities that had been resolved, and identify any outstanding issues.

Using Nexthink for Improved Insights

While the team had some tools at their disposal, they weren’t specifically designed to meet the team’s requirements. So, they got creative. For example, the company used the Nexthink Workplace Experience Platform, initially adopted in 2019 for asset management, though not for patch management. Recognizing its capability to view devices and installed software, Hiller thought it could be valuable for other metrics related to patches if the team could build the right dashboards.

The team got to work configuring custom dashboards with current and historic status and productivity data for each asset. With that information, it was simply a matter of comparing the device status before and after deploying a test patch. For instance, if the number of application crashes declined significantly after a test patch was deployed, it’s probably a good idea to widely deploy the patch. Conversely, if there are more instances of blue screens of death or slower machine response times after the test patch is applied, the team might opt for more investigation before rolling out the patch companywide.

Nexthink is also integrated into Tokio Marine’s instance of ServiceNow. The integration enables service analysts to access the patch level of a user’s device when they contact the service desk due to issues such as slow performance or application glitches. “Instead of having to reach out to the 100 users we tested the patch on and asking them if [their] is machine worse or better from these updates, we have the data and graphs in front of us,” Hiller said.

Coordinating Tools for Vulnerability Management

After improving patch management, the team set their sights on vulnerability management. Once more, they used tools already in their environment, finding creative ways to use them to get the desired results.

Upgrading vulnerability management was a different animal than patch management due to the involvement of malicious actors. While patch management aims to optimize device performance, vulnerability management focuses on ensuring that security is ironclad through effective patching.

With that in mind, Hiller’s team combined three tools to develop a practical solution: Axonius for cyber asset attack surface management, ServiceNow for IT service desk functions, and Qualys, an IT and security compliance platform. To make it work, agents on end users’ machines report back to the Qualys administrative center, which is regularly updated with the latest vulnerabilities identified on the web. Qualys then assesses whether Tokio Marine HCC’s machines have specific vulnerabilities.

By integrating Axonius with Qualys, the team can extract detailed reporting data from Axonius. The integration allows the team, for example, to request a list of all devices monitored by Qualys that have a particular vulnerability.

The link to ServiceNow is the final piece of the puzzle. It plays a role in determining, for instance, the location of machines with specific vulnerabilities in the U.K. by business unit. This information is critical because Qualys doesn’t know where the devices are located—it only knows that they have specific vulnerabilities, Hiller explained. With that granular information, a second-line support technician can then fix those specific machines.

Troubleshooting With NextThink’s Capabilities

What’s really exciting, Hiller and Edwards said, is the potential to troubleshoot all kinds of issues by combining Nexthink’s capabilities with the other tools. They highlighted the example of using Axonius to pull data from Qualys and ServiceNow to create dashboards for engineers. If engineers have problems pushing out updates to patch vulnerabilities or receive user complaints about slow or malfunctioning machines after an update, the team can use Nexthink to visualize the timeline of update installations. The more data available, the better the service, Edwards said.

Here’s another example: Using Nexthink, the team addresses issues such as device startup speed, network speed, WiFi connectivity strength, and number of application crashes in the last seven days. These factors are averaged to generate a composite score on a scale of 1-10, where 10 is the best. If the average scores hover around 8, it may indicate that the device is missing a critical patch needed for compliance with security standards. By examining all dashboards and reports to pinpoint the missing patches, the team might be able to raise that 8 to a 9.

The Importance of Patch and Vulnerability Management

The steps taken by Tokio Marine HCC’s end-user support team to enhance patch and vulnerability management make a lot of sense, given the fact that these issues pose ongoing challenges for many companies.

“Patch and vulnerability management are really the original proactive tools for organizations,” noted Andrew Braunberg, a principal analyst at Omdia. “The problem is that the ongoing digital transformation we have been watching for years stretched the ability of security teams to keep up with the scale and complexity of patch and vulnerability management.”

These factors explain the shift towards proactive and risk-based vulnerability management, where risk management features are integrated into virtual machine solutions, Braunberg said. The approach enables organizations to evaluate and prioritize the risk associated with any asset or particular vulnerability. Importantly, it allows organizations to not only identify the vulnerabilities posing the highest risk but also pinpoint those that don’t present a serious risk and can be safely deferred or ignored.

