This brings us to the next topic, which is a frequently used buzzword today: Evergreen. As previously described, it is important to update to the latest PowerShell version. But in security, this is for sure not all. All possible vulnerabilities will continuously be fixed by patches. Updating to PowerShell version 5 for the whole company might be a good starting point, but in general we are speaking about the complete Evergreen process. Evergreen in a simplified way stands for the continuous update process of:
- Software
- The operating system
- Drivers
It is frequently used in the context of Office 365 or Windows 10 with Windows as a Service. By staying Evergreen, you will have the latest patches installed and be using the software with the latest features, as these ones are progressing drastically and many new security features are being invented and integrated into the products themselves. We will take a more dedicated look here at Windows 10 security, but this is going to be a continuous process, no matter when you will start.
One of the biggest impacts can be seen in the necessity of adopting Evergreen in the operating system. Microsoft calls this process Windows as a Service, which basically means that Windows will practically stay on its last version, Windows 10, but will practically bring two upgrades each year. These updates are called Feature Updates and are actually new versions of the operating system. This situation gives administrators a major problem, as operating systems have always been deployed with the old good waterfall model and its principles:
However, using this model for the Evergreen approach takes too much time in the testing step. You can see a lot of similarities here to traditional software development in monoliths, followed by the modern approaches of DevOps and Continuous Deployment. Unfortunately, it is important to recognize the importance of being agile and adopting new bits as early as they are being published, especially from a security perspective:
Interesting here is that PowerShell, with its automation capabilities, supports this process drastically. Later in the book, we will also take a look at how PowerShell can be used to automate and simplify complex deployment steps.