Skip to content
BLOG

Inside look: How PDQ's IT team uses PDQ Detect

Meredith Kreisa headshot
Meredith Kreisa|May 1, 2024
Purple PDQ Detect logo
Purple PDQ Detect logo
Sections

We have a confession: We kept PDQ Detect under wraps for months, covertly using it internally without letting on that we had a new favorite toy. But now that we’ve officially announced PDQ Detect, we’re eager to share how it’s improved our internal processes and put a noticeable spring in our cybersecurity expert’s step.

Employing agent-based and agentless scanning

PDQ Detect offers both agent-based and agentless scanning, and our IT team relies on both for a comprehensive overview of the vulnerabilities in our environment.

“That's the best practice because it will give you the most information,” said Rachel Coleman, senior SOC analyst. “Your agentless scanner is only going to see what your computer is broadcasting. When you do an agent-based scan, it's going to be credentialed; it can see more details.”

Rachel then generates a report containing the results of both scans, allowing her to see vulnerabilities in PDQ’s internal and cloud infrastructures. 

PDQ’s IT team treats the Detect agent as a baseline app that goes out to new devices automatically. SimpleMDM distributes the agent to Apple devices, and we use PDQ Connect for Windows devices.

Gaining visibility across devices

Anything that connects to your network could be a threat to, well, everything else on your network. That’s why PDQ Detect’s agentless scanner looks at all connected devices, whether they’re Windows computers, Macs, BYOD iPhones, and IoT devices. (And with the agent installed, we gather even deeper insights.) 

For our IT team, that means exceptional visibility into what vulnerabilities present within the environment, regardless of the device type and whether an endpoint is owned by PDQ or its employees.

“You're just trying to get as much visibility as possible,” said Rachel. “You want to get as much data as possible to start with.” 

Leveraging reports 

PDQ Detect offers a wealth of reporting options. It offers a Customer Vulnerability Report (CVR), a technical report, a device report, a contextual risk scoring report, an Active Directory Status Report — and those are just the tip of the iceberg. But at PDQ, our IT team is particularly fond of the remediation report. 

According to Josh Mackelprang, Director of Service Operations, “That report gets generated, exported to Excel, and dumped into an IT ticket. And then from there, someone on the IT side of the house picks it up and picks which tool they need to use to patch it.”

While this process is currently manual, that’s going to change in the near future, which we’ll discuss in a bit. (The dramatic tension builds.) 

PDQ Detect’s remediation report is a team favorite largely because it saves so much time. “Rachel has to spend a whole lot less time prioritizing what to patch first,” said Josh. “She's basically just taking the Detect prioritized report at face value — maybe a few tweaks — rather than having to say, ‘Oh, I actually don't care that this computer is doing this and all of this esoteric information that doesn't really matter.’” 

Thankfully, we have the tools we need to install patches quickly and easily. We use PDQ Connect to push out updates to Windows devices and SimpleMDM for Apple devices. A few clicks is all it takes to improve our security posture. Thank goodness we have a ping pong table to occupy all the time our IT team saves.

Cutting through the noise 

PDQ Detect’s advanced contextualization has lowered our IT team’s collective blood pressure (peer-reviewed clinical studies are not yet available, but we’re pretty sure).

If you’ve ever overseen an organization’s vulnerability scanner, you know that it can detect literally thousands of vulnerabilities. And the real kicker: Many of these vulnerabilities may be present in the same outdated app, making a relatively simple fix difficult to notice.

“I would see a lot of data,” said Rachel. “If you're out of date by a couple of versions, you're going to have a ton of CVEs.” 

Detect’s remediation report condenses these findings to highlight the actionable information that incorporates both business and technical context. For example, rather than looking at a list of 20 vulnerabilities in an old version of Chrome, you’ll see them grouped together with a remediation suggestion to resolve them.

“We're updating it to the latest version, so I just need to know which devices to update to the latest version,” said Rachel.

Improving automations 

Having a detailed, prioritized list of vulnerabilities makes it easy for our IT team to spot automation opportunities, saving them time down the road.

If a vulnerability appears on multiple devices and an automation is not yet set up, our team may add one. However, if we spot a vulnerability despite having an automation in place, the team will keep an eye on it and adjust faulty settings if necessary. 

Assigning tasks 

If you’re lucky enough to have separate security and IT personnel, then delegation can be a bit tricky. Lucky PDQ Detect makes it easy for our security expert (Rachel) to hand off tasks to a member of our IT team (hi, Jake 👋). Once she’s identified the top priorities, she can just assign out vulnerabilities directly through Detect in an Action Plan, and IT can take it from there. 

“I can set deadlines,” said Rachel. “I can say ‘Hey, this week fix these things,’ and then I get a report back at the end that says, ‘Hey, these things were fixed.’ That's huge.”

Maintaining compliance

We’re SOC 2 compliant, and it’s one of our greatest sources of pride (along with our extensive whiskey collection). But maintaining compliance requires addressing vulnerabilities quickly. PDQ Detect helps Rachel stay on top of that.

“I know if I see a critical and it's been there longer than 2 days, that's a problem and that's what I need to focus on because we have specific SLAs that we have to meet,” said Rachel. “Especially with SOC 2, that's what auditors are looking for when they ask for evidence of a vulnerability management program.” 

Looking to the future

Like all of our children, PDQ Detect has our love (it’s our youngest child but without any of that annoying-little-brother energy). However, we want to make vulnerability management easier than ever. And that means ... 🥁 drum roll, please 🥁 ... incorporating some of PDQ Detect’s functionality into PDQ Connect. That’s right: It’s already on the Connect roadmap. And our IT team can’t wait to use the integrated offering.

Don’t get us wrong: Detect will also still be available as a separate offering. But an integration is our dream.

“To be able to see vulnerabilities in Connect and then push a button to fix it ... That would be like the most revolutionary thing that I can think of,” said Rachel.

Ready to try PDQ Detect yourself? We got you. Sign up for a free trial of PDQ Detect to unlock vast vulnerability insights.

Meredith Kreisa headshot
Meredith Kreisa

Meredith gets her kicks diving into the depths of IT lore and checking her internet speed incessantly. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.

Related articles

Patch Tuesday (light blue)

Patch Tuesday May 2024

SECURITY

General grey

How to manage Windows 11 feature updates with WSUS

GENERAL IT

General darkBlue

SaaS user management best practices

GENERAL IT