The best defense is to be better prepared!
What is Patching?
In its most basic sense, patching is the process of repairing IT system vulnerabilities that are discovered after the infrastructure components have been released on the market. These patches can apply to a variety of system components, including operating systems, servers, routers, desktops, emails, client info, office suites, mobile devices, firewalls and more.
So many vulnerabilities are found everyday, and vendors keep developing new patches to handle these vulnerabilities. They release these patches on very frequent basis, but it does not result into the immediate updation or patching of customers/clients systems.
If you have had the opinion that patch management is an easy task, then let me tell you that you are grossly WRONG...
Let me share a story with you.
It was March, 2017 when Microsoft released a patch to recently known vulnerability. But a large number of Microsoft users didn't bother to patch their systems, computers for next many months. And, it was the second half of 2017, when a ransomware struck all those system which had that unpatched vulnerability. It was a global ransomware and affected the systems of over 150 countries and hundreds of organizations in the second quarter of 2017. This was the effect of poor patch management.
Thus, it is important to remember that our failure to follow adequate patch management procedures greatly increases the risk of falling victim to a devastating attack.
These unattended vulnerabilities in IT infrastructure creates companies up to numerous security challenges. It is one of the top five challenge being faced by companies.
...
Failure to upgrade the existing software and applications to improve the system security.
...
You should accept some of these seemingly justifiable excuses, your organization should take into consideration its risk appetite, criticality of IT assets and the existence of compensating controls amongst others; this will help you take adequate measures to address patch management risks.
The root cause of poor patch management in organizations have been traced to:
Weak asset inventory management
The absence of a patch management policy or procedure
No adherence to documented patch management policies or procedures
Unmonitored patch deployments
Absence of dedicated IT resource to oversee patch management
What is Patch Management?
Patch Management is the best practice of upgrading existing software applications to remove any weak security patches that could be exploited by hackers.
Patch management is not an easy practice and most of the time, organizations opt for patch management only after the systems are attacked. A better approach is to opt for patch management when the existing infrastructure is strong enough to ward off cyber attacks.
For many companies, the reason behind their failure to properly patch vulnerabilities is the simple fact that-- it IS DIFFICULT. The process is time-consuming and, depending on the size of a company, there could be numerous vulnerabilities opening simultaneously.
Depending on a company’s information system design, the method of patch management may differ slightly.
Best practices For Patch management
I may recommend these best practices that you can follow to keep your corporate security secure:
Opt For Automated Patch Management
Most of the attacks happen due to the vulnerabilities in the existing patches. Software patch management lets you upgrade your existing patches and keeps your systems secure. Where possible or applicable, automating and monitoring the patch deployment process. With the help of automated patching, you can repair existing system vulnerabilities in real time which drastically reduces the risks of cyber attacks.
When you are using automation, it means that your platform is capable of doing many things automatically. For example,
-
Discovering the assets on the networking
-
Updating itself with the all the latest definitions of Vulnerabilities on real-time basis.
-
Finding out the vulnerabilities on your computers, servers and other systems, which are there but haven't been patched yet
-
Connecting to the websites of vendors whose products have those vulnerabilities, to download the latest patches.
-
Deploying those downloaded 'patches' based on your criteria of importance and urgency, or your scheduling..
You would want all such tasks to be executed without any human interventions. In fact, there can be many more tasks which can be automated, e.g., reporting about current unpatched vulnerabilities...
Patch Management should be a priority
Cultivating a strong patch management practice is extremely necessary. Many organizations neglect the need to have effective patch management which results in compromised systems leading to cyber attacks. Hence, effective patch management should always be a priority and resources that are used regularly should be allocated for the task.
Have support for heterogeneous OS platforms
Windows is no longer the only operating system used by companies. In fact, a majority of companies now use Mac as their preferred operating systems which is less prone to more malware attacks. Hence, for effective patch management, it is necessary to have support for heterogeneous OS platforms like Windows, Mac, Linux, Android etc.
Take a comprehensive inventory of all Hardware & Software
Maintaining a comprehensive inventory of all IT asset (hardware and software) is must. It will be difficult to protect what you do not know exists. A properly maintained inventory will ensure that you do not leave decommissioned systems unpatched on your network.
Perform Application Patching with same diligence
There is a wrong belief that only OS is prone to attacks. In fact, more than 80% of attacks happen on applications installed on Operating Systems. Hence, proper patching of third-party applications is extremely necessary to ward off cyber attacks.
For effective application patch management, you need to perform it every week covering each of the applications. You can set your schedule depending on your company requirements but make sure to keep it regular.
Documenting
Documenting and implementing policies and procedures for patch management and ensure adherence to these policies and procedures.
Build a Test-Environment
Maintain a tests environment where patches are tested before deployment to production, is recommended. Management should make dedicated resources available for the timely testing and deployment of patches in the enterprise.
Frequent Assessment of Vulnerabilities
Periodically scan your enterprise network with vulnerability assessment tools to identify missing patches , if there was a slip in the deployment process.
The threat posed by poor patch management to your organization's cyber hygiene is real but avoidable or rather could be minimized.
While the recommendations above may not be an exhaustive list, your organization should take into consideration its risk appetite, criticality of assets and presence of compensating controls in the implementation of these recommendations.
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM