Re: Tool and Software Suggestions

["Camacaro Latouche, Jose David" <jcamacar () IU EDU>]

Hello Justin,

 

As a Device Management Systems Engineer at Indiana University, I would like
to share some of my insights and experiences with patch configuration and
management for Windows-based systems, via Microsoft's System Center
Configuration Manager (AKA SCCM or ConfigMgr) [1]:

 

Key technical features: 

 

*       Configure and keep up-to-date Windows Defender (Windows 10 built-in
Antimalware software).

 

*       Configure Microsoft patches.

 

*       Configure and deploy software, scripts, configurations and operating
systems.

 

*       Built-in reports on all of the above.

 

*       Both template and customizable RBA capabilities.

 

*       Heavy integration with AD.

 

 

Myths and recommendations:

 

*       ConfigMgr is NOT a replacement of GPO's. If anything, they
complement each other.

 

*       ConfigMgr is NOT an asset management solution. If anything, you can
utilize ConfigMgr to augment your actual asset management solution with
data, relevant to your business unit (e.g. BIOS version, primary end-user,
etc.)

 

*       ConfigMgr is NOT dying because of Microsoft's Intune [2]. If
anything, it continues to:

 

*       Enhance current features and newer ones, to help IT Pros transition
from traditional device management to Modern Device Management [3], where
applicable [4].

 

or

 

*       Support IT Pros who are not ready just yet, to leap onto the "cloud"
for device management.

 

 

Considerations and expectations for Higher-Ed:

 

*       Regardless of where you find yourself in the IT management pendulum
of "centralized" vs "non-centralized", I highly recommend avoiding a
"tenant-based" ConfigMgr model. If you have the opportunity, authority and
staffing, I recommend to architect ConfigMgr vertically, not horizontally;
primarily for the following reasons:

 

*       Reporting is more likely to be homogenous.

 

*       Resource consumption is more efficient and controllable.

 

*       Transparency of operations reduces the likelihood of service
interruptions.

 

*       Maintain a consistent line of communication with your IT security
office. While ConfigMgr is not a SIEM product, it can help assess and
address some security configurations on Windows-based devices. Word of
caution: ConfigMgr does not operate with the colloquial understanding of
"live data"; make sure your team understands the data processing times and
workflows before representing them to other IT security stakeholders.

 

 

Reputation and community:

 

*       A leader in Gartner MQ for Unified Endpoint Management [5].

 

*       Heavily and progressively documented [6].

 

*       Big -and very active- global community of MVP's and IT Pros
[7][8][9].

 

 

There are many other advantages, but I wanted to focus on the ones that
would matter the most, from an evaluation standpoint, such as the one you
are in right now. Feel free to ask me about anything else about ConfigMgr.
While I do not dare to consider myself an "expert", I have invested a
significant amount of my professional life on it.

 

 

Sincerely,

 

Jose Camacaro Latouche

UITS Leveraged Services

Endpoint Management

INDIANA UNIVERSITY

 

Further reading:

[1]:
https://www.microsoft.com/en-us/cloud-platform/system-center-configuration-m
anager

[2]: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune

[3]:
https://docs.microsoft.com/en-us/windows/client-management/manage-windows-10
-in-your-organization-modern-management

[4]:
https://docs.microsoft.com/en-us/windows/client-management/images/windows-10
-management-range-of-options.png

[5]:
https://www.microsoft.com/en-us/microsoft-365/blog/2018/07/25/microsoft-emer
ges-as-a-leader-in-gartner-mq-for-unified-endpoint-management-uem/

[6]: https://docs.microsoft.com/en-us/sccm/

[7]: https://mvp.microsoft.com/en-us/MvpSearch?
<https://mvp.microsoft.com/en-us/MvpSearch?&ex=Enterprise%20Mobility&sc=e&ps
=48&pn=1> &ex=Enterprise%20Mobility&sc=e&ps=48&pn=1

[8]: https://mmsmoa.com/

[9]:
https://social.technet.microsoft.com/Forums/en-US/home?category=ConfigMgrCB

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Justin Hensley
Sent: Monday, November 19, 2018 4:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] [SECURITY] Tool and Software Suggestions

 

This message was sent from a non-IU address. Please exercise caution when
clicking links or opening attachments from external sources.

 

Hello All:

The Office of Information Security here at University of the Cumberlands was
just opened this past spring and I moved from an operational IT role to
Director of Information Security.  I have a new budget available to my
office for the first time, and I'm working on getting budget numbers
together.  I'm hoping that members of this group can suggest some tools and
software that you use in your infosec office that is invaluable to you.  I'm
primarily looking to start in the categories of vulnerability assessment and
penetration testing, identity and access management monitoring (we're an
Active Directory shop), and patch configuration and management.  I'm aware
of many tools and software packages in the market, but I'm always finding
new ones by reading posts in this listserv so I'm hoping this will help me
and others also.

 

Thanks.

 

Justin O. Hensley, CEH, CISSP
University of the Cumberlands
Director of Information Security
Division of Information Services
Gatliff Administration Building | Lower Level | Room 008
104 Maple Street, Williamsburg, KY, 40769 
606.539.4197 Office | 606.539.4144 Fax
justin.hensley () ucumberlands edu <mailto:justin.hensley () ucumberlands edu> 

www.ucumberlands.edu <http://www.ucumberlands.edu/> 

 

CONFIDENTIALITY: This email (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this email in error, please
notify the sender and delete this email from your system. Thank you.

Attachment: smime.p7s
Description: