Microsoft debuts personalized patch dashboard for IT pros
Web-based myBulletins organizes security updates; gets a 'C' grade from one professional
Computerworld - Microsoft today launched a Web-based security dashboard for IT professionals that displays a customized view of the company's past patches.
Called "myBulletins," the dashboard shows the security updates for user-selected products, including the permutations of Windows, the iterations of Office and the various versions of its server-side software.
"[myBulletins is] a customizable online service that offers IT professionals a personalized list of the Microsoft security bulletins that matter most to their organization," Tracey Pretorius, a director in the company's Trustworthy Computing group, explained in a Wednesday blog.
The dashboard draws on the list of security bulletins -- the latter is Microsoft's term for its updates -- that Microsoft has long published on its website. In some ways, it replaces that list's search and filtering functions.
To use myBulletins, customers must log in with a Microsoft account, then step through a short wizard to select the product lines, a process that includes drilling down to specific products, like Office 2010, Windows 8.1, or SQL Server 2012.
Bulletins can be sorted by identifier, product, impact, severity and whether a reboot is required. The information can also be downloaded in Excel format for further manipulation.
One security professional was less than impressed.
"If their intent was to create a single customized dashboard of Microsoft security issues affecting my organization, then I'd have to give Microsoft a 'C' grade on this round," said Andrew Storms, director of DevOps at San Francisco-based CloudPassage.
Storms dinged myBulletins for not providing notifications of new bulletins that met his criteria, for not offering direct links to the associated knowledge base articles Microsoft publishes on its support site, and for not including security advisories that outline vulnerabilities that have not yet been patched.
"They can't send me a notification? I have to go and log in to this?" Storms asked. "I suspect they went for the minimum viable product here, but sadly for me, they are missing the two most important features: notifications and advisories."
Most IT personnel have access to similar lists already, Storms noted, through WSUS (Windows Server Update Services), the Microsoft patch management tool that's widely used in businesses. WSUS also shows those updates that have been applied to the organization, something myBulletins is incapable of duplicating, as it doesn't actually scan a PC or group of PCs.
"If I just wanted to see all the security patches affecting my enterprise, then WSUS already provides that," Storms said. "Maybe version 1.5 or later [myBulletins] might become more useful."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts