Microsoft debuts personalized patch dashboard for IT pros
Web-based myBulletins organizes security updates; gets a 'C' grade from one professional
Computerworld - Microsoft today launched a Web-based security dashboard for IT professionals that displays a customized view of the company's past patches.
Called "myBulletins," the dashboard shows the security updates for user-selected products, including the permutations of Windows, the iterations of Office and the various versions of its server-side software.
"[myBulletins is] a customizable online service that offers IT professionals a personalized list of the Microsoft security bulletins that matter most to their organization," Tracey Pretorius, a director in the company's Trustworthy Computing group, explained in a Wednesday blog.
The dashboard draws on the list of security bulletins -- the latter is Microsoft's term for its updates -- that Microsoft has long published on its website. In some ways, it replaces that list's search and filtering functions.
To use myBulletins, customers must log in with a Microsoft account, then step through a short wizard to select the product lines, a process that includes drilling down to specific products, like Office 2010, Windows 8.1, or SQL Server 2012.
Bulletins can be sorted by identifier, product, impact, severity and whether a reboot is required. The information can also be downloaded in Excel format for further manipulation.
One security professional was less than impressed.
"If their intent was to create a single customized dashboard of Microsoft security issues affecting my organization, then I'd have to give Microsoft a 'C' grade on this round," said Andrew Storms, director of DevOps at San Francisco-based CloudPassage.
Storms dinged myBulletins for not providing notifications of new bulletins that met his criteria, for not offering direct links to the associated knowledge base articles Microsoft publishes on its support site, and for not including security advisories that outline vulnerabilities that have not yet been patched.
"They can't send me a notification? I have to go and log in to this?" Storms asked. "I suspect they went for the minimum viable product here, but sadly for me, they are missing the two most important features: notifications and advisories."
Most IT personnel have access to similar lists already, Storms noted, through WSUS (Windows Server Update Services), the Microsoft patch management tool that's widely used in businesses. WSUS also shows those updates that have been applied to the organization, something myBulletins is incapable of duplicating, as it doesn't actually scan a PC or group of PCs.
"If I just wanted to see all the security patches affecting my enterprise, then WSUS already provides that," Storms said. "Maybe version 1.5 or later [myBulletins] might become more useful."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts