Patching and Security Benchmark
This benchmark survey has been designed to help establish the maturity of any organisations that need to patch or update their endpoints, systems or servers regularly to ensure security compliance.
On completion of the survey, a short Benchmark report will be sent to the respondent, providing benchmark scores and recommendations as appropriate.
On completion of the survey, a short Benchmark report will be sent to the respondent, providing benchmark scores and recommendations as appropriate.
Endpoints - What percentage visibility of your endpoints do you feel you have currently? (Select one)
Greater than 95%
Between 80% and 95%
Less than 80%
Endpoints - Do you have in place an existing Endpoint management system or service? (Select one)
Yes - We have an existing, fully utilsed system
Yes - We have a system but it is not regularly used
No - We rely on Windows Updates
No - We do not have a formal system
Endpoints - Do you have a method or tool for detecting new systems connecting to your infrastructure? (Select one)
Yes - We have auto discovery that identifies and quarantines any new systems
Yes - We have a system than can discover but it is a manual process
No - We have no way of knowing what has recently connected
Endpoints - Can you see when endpoints no longer connect to your infrastructure? (Select one)
Yes - We see when devices disconnect and we can set warnings and alerts
Yes - We can see when devices are disconnected
No - We have no visibility of the status of connections
Schedule - What is the starting point for your patching cycle? (Select one)
We always start on "Patch Tuesday"
We start on the 1st day of the month
We start on another fixed day every month
We have no fixed cycle starting point
Schedule - When do you typically scan or detect your endpoints? (Select one)
We scan every day
We scan at least once a week
We scan at least once a month
We have a tool that constantly scans
We do not have scheduled scans
Schedule - Can you see or report on Devices that fail to scan regularly? (Select one)
Yes - our system sends us alerts
Yes - we run reports to establish which devices failed
Yes - but we have to manually search to find the systems
No - we are not able to see that information
Subscriptions - How do you set which patches are downloaded for deployment? (Select one)
We have to select the patches manually from our patch provider
Patches are downloaded in line with selected criteria
Our system totally decides what we need from inventory
Subscriptions - What are you able to patch? (Select all that apply)
Microsoft Windows OS
Microsoft Applications
Other Operating Ssytems (OSX, Unix, Linux etc)
3rd Party Applications
Subscriptions - How do you keep your subscriptions updated and current? (Select one)
We manually update when we need to
Our system updates subscriptions based on inventory
We are not able to easily update our subscriptions
Deployment - When do you deploy updates and patches to your endpoints? (Select one)
As soon after "Patch Tuesday" as we can
On a set schedule through every month
On a random schedule or on demand when we can
Deployment - Do you deploy first to test machines? (Select one)
No - there is no need, as our patches are all pre-tested
Yes - We always deploy to a test set of endpoints first
Yes - We have a predefined set of multiple "Test rings" that we use
No - We just deploy them
Deployment - Do you retry any endpoints that have missed or failed to deploy? (Select one)
No - We have no way of easily seeing endpoints that fail
Yes - We get failure alerts so we can take action
Yes - We have a pre-set second deployment run scheduled to take care of that
No - We have taken the decision to leave those endpoints until the following month
Deployment - Do you have a method for recalling patches that may have caused issues? (Select one)
No - We have to manually identify and remove each patch
Yes - our system has full rollback functionality
Yes - But only if the patch is able to be rolled back
No - We are unable to recall or rollback patches once they have been deployed
Deployment - Do you use different methods for patching your mobile or remote workforce endpoints? (Select one)
No - We just patch mobile devices along with every other endpoint
Yes - We communicate with our mobile workforce about updates to ensure they are updating their own devices
Yes - We ask our mobile workforce to make sure they connect and update regularly
Yes - We employ a "Patching on Demand" methodology for our mobile workforce
No - We don't patch mobile endpoints
Deployment - Do you patch servers using the same method? (Select one)
No - We patch our servers manually
Yes - We include our servers as part of the same patch routines
Yes - We use the same method, but different schedules, timing etc
Emergency - Do you have a method in place to quickly deploy a single emergency update if required to address an urgent vulnerability? (Select one)
No - We do not have the ability to do this
Yes - We are able to run a manual deployment at short notice
Yes - We are able to add the urgent patch to an emergency routine which can be scheduled at short notice
Communication - How often do you choose to communicate with your Enduser community about patches and updates? (Select all that apply)
We never talk about patching and do everything silently
We send regular bulletins to provide information to the community
We send pop up alerts as patching starts to inform the Enduser
We ask the user to reboot their device whenever a reboot is required
We don't force required reboots for Endusers when they are required
Success - What measures do you take to show the success of your patching and updates? (Select all that apply)
We use live dashboards to display success and escalations
We run scheduled reports to inform us of success, progress and escalations
We have defined Key Performance Indicators (KPI's) that we use to measure success
We regularly publish patch and update success to the business via reports, bulletins and dashboards
We report on success but do not have defined KPI's
We don't report on progress or success of our patching and updates
We are unable to report on progress or success of our patching and updates
How satisfied are you with your existing Patch Security toolset? (Select one)
We don't have a formal tool implemented
I am happy our toolset meets our basic requirements
I am satisfied our toolset does everything that we need
Our current toolset is brilliant, I wouldn't change it for anything
I am not happy with our toolset but I will keep using it
I would drop my toolset like a "Hot Rock" if I had an alternative
Thank you for taking our Benchmark Survey
Your Benchmark report will be emailed to you shortly