The right program can make it much easier for businesses to automate their patch management.
We’ve often made recommendations about patching your systems. Patching is a simple concept to explain: Keeping all your various digital components (hardware, software, and networking infrastructure) up to date with the most recent versions. However, it can be easier said than done – this is due to the fact that our day-to-day operations have become complex systems that interconnect and intersect in ways that are hard to predict.
There may be questions that arise, such as: Which systems should I patch first? What about my browsers and IoT devices (such as connected printers and network storage appliances)? Can I be proactive or automate my patch management?
In a nutshell, the right program can not only provide answers to each of the above questions, but it can also make it much easier for businesses to automate their patch management.
Taking the time to patch your systems has numerous benefits, especially if you do it early and often. Here are some of its benefits:
Looking over recent breach history, there are numerous situations caused by unpatched systems, including three of them during 2017: The Equifax breach caused by an outdated Apache Struts implementation, and the Cloudbleed and WannaCry exploits. This is nothing new – for example, Target’s 2013 breach was also caused by poor patch management.
In its latest Data Breach Investigations Report, Verizon offers some element of hope: “We’re patching more and we’re patching faster.” While that is great, patching is a constant game of whack-a-mole, and no one can rest with their efforts because the pace of patching is a constant, and ever-increasing one. And thanks to the pandemic and more remote workers using their own equipment, patching has taken on a greater urgency and sense of importance.
Managing the patching process is a somewhat different animal from vulnerability management. However, that latter term is usually a much broader concept to manage all kinds of risks, not just the ones associated with outdated systems.
For many years now, Microsoft has consolidated its patching efforts around the second Tuesday of each month, better known as Patch Tuesday. Typically, dozens of patches are released at a time, some of them very important, to fix critical vulnerabilities.
Speaking of Verizon, the company has summarized a seven-point patch management plan. This includes monitoring all vendors’ schedules, downloading the appropriate patches, and testing them to make sure they actually work as anticipated.
Planning is critical and should encompass the following elements:
Coordination is key. You want to have consistency across all of your Windows desktops, for example, to ensure that first you have found all the vulnerable systems, and second that all patches have been successfully applied. This is where automated tools, such as Avast Business Patch Management service, can come in handy. However, if your company does not have the means to support this or does not have an IT administrator, finding the right managed service provider is a good way to stay on top of your patching needs.
Patching too slowly is another issue. Some of those infamous 2017 breaches were caused by enterprises that delayed their patching. You want to be responsive and patch when an issue is identified and the patch is available. For example, we provide the severity and CVSS scores with our Patch Management service to make it easy to prioritize patches, and ensure that security vulnerabilities are fixed as soon as possible. This is why, as mentioned above, it’s crucial to find the right managed service provider, if needed.
Knowing when to replace outdated equipment and software is also important. Can I see a show of hands of those who are still running Windows 8.1, for example? Not to pick on you specifically, but this OS is nearing its end of life in January 2023. For SMBs without a dedicated IT admin to take care of replacing outdated equipment, consider finding a partner to manage this task for your business.
Don’t forget about drivers and firmware. Related to the above, drivers and firmware are things that are often left unpatched. In order to be sure these don’t get skipped over, lean on the expertise of a reliable partner to handle their updates.
Finally, employ a partner to manage your measurement efforts. TechTarget has a series of key performance indicators here for their 10-point plan, such as counting the number of failed and successful patches and how often you check for compliance. These are all things that a partner can take care of for your business, which ultimately leaves employees with more time to focus on their core work.
How SMBs can keep data and devices protected - no matter where work is being done.
How organizations can become more cyber resilient, and how they can fix blind spots in their cybersecurity strategy.