Third-Party Software Patching Best Practices

Patch management is an important focus for any organization, but even when companies have the best intentions around patching, they often overlook a crucial area which can be rife with vulnerabilities. While operating systems are usually the focus of patching efforts, 3rd party software is a major source of vulnerabilities in any network: Over 75% of vulnerabilities on the average PC are due to 3rd party applications, and major data breaches including the Equifax hack were caused by unpatched vulnerabilities found in 3rd party software.

Vulnerabilities are frequently found in popular software including Chrome, Adobe, and Java, and these applications are an easy target for hackers due to their high market penetration and low patch rate. It has been found that 48% of Java users are running outdated versions, and 3rd party applications are twice as likely to be unpatched as Microsoft applications. The reason for this discrepancy is not that 3rd party software is inherently more difficult to patch than operating systems, but that each application is managed by a separate vendor, and there are few centralized systems that can patch 3rd party software from a single dashboard.

With a growth in cloud-native applications that can be installed by any employee, it is imperative that IT departments track and patch all 3rd party software on their network to avoid exploitable vulnerabilities. To do this, companies must adhere to the below best practices for patching 3rd party software:

Monitor 3rd Party Software Use: One of the reasons 3rd party software is left unpatched is due to a lack of visibility around which applications are present within a large network. Unauthorized applications are often installed without the knowledge of the IT department, and if left undiscovered there is no way to enforce patching. IT departments must take a regular inventory of the software installed on their network, either through manual checks, invoice tracking, or by installing an agent such as Automox which will automatically track 3rd party software and report on patch status for each device. Automox natively patches a rapidly expanding catalog of third-party software—click here to see the full list.

Scan for Vulnerabilities Regularly: Unlike Microsoft, which releases patches every 2nd Tuesday of the month, 3rd party vendors do not have a regular patch release schedule, and each vendor releases patches separately. The best way to ensure no patches are missed is to employ a cloud-native automated patch management solution which removes the need to sort through patch releases and identify those needed for your organization. If you do not have an automated patch management solution, you should be scanning at least once a week for new patches that affect your network.

Apply Patches From a Central Location: A major contributor to the lack of 3rd party patching is the difficulty of managing patches across hundreds of vendors and thousands of devices, many remote. Manually patching all 3rd party vulnerabilities is an extremely time-consuming task, so organizations should look to one solution which, at a minimum, can centrally patch the most popular 3rd party applications including Java, Adobe Flash, Google Chrome, and Microsoft Office. Automox natively patches these 3rd party applications, and is regularly adding to the library of applications that can be patched through its cloud-native agent.

Utilize an Cloud Native Patching Solution: A cloud-native patch automation solution like Automox will handle 3rd party software tracking, vulnerability scanning, and application of patches for common operating systems and major 3rd party applications for you. Using cloud native automation removes the risk of human error or oversight in patch application and provides complete infrastructure visibility which is difficult to compile manually.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic