In order for you to protect your organization from attack, the company as a whole must maintain good cyber security practices and educate all individual employees on how to improve their own cyber hygiene – the practice of being trained on and adhering to a set of security procedures. Cyber hygiene has become increasingly important in the past several years, as data breaches stemming from known vulnerabilities and employee mistakes are on the rise. One study found that 72% of employees would share sensitive or confidential company information under certain circumstances, and in 2017 there were more than 5,000 disclosed breaches, with many stemming from known vulnerabilities that spurred a string of fast-spreading malware and ransomware including WannaCry and Petya. It’s clear that continuous patching is good cyber hygiene.
Patching known vulnerabilities has long been a part of network security, but the time it takes for companies to apply patches to all the devices, systems, and 3rd party applications within an infrastructure has increased as networks have grown larger and more complex. The average company now takes between 100-120 days to apply new patches, and this fact is regularly taken advantage of by hackers looking for easy ways to gain access to sensitive data or hold systems for ransom.
Continuous patching is difficult and many companies have traditionally followed the lead of vendors such as Microsoft, who release patches once a month, and created a monthly patching schedule. However, with the high number of new vulnerabilities disclosed, checking for patches once a month or even once a week is no longer sufficient. This is especially true when companies fail to apply patches they are aware of due to the complex process of applying the patches across their infrastructure, which is comprised of different operating systems, multiple versions of software, and remote devices.
To improve cyber hygiene and overall security, companies must implement continuous patching to reduce their time-to-patch and ensure all applications and operating systems are updated and secure within a reasonable amount of time after a patch is released. In addition, this practice has to be enforced company-wide, regardless of where endpoints are located. The simplest way to do this is through a modern cloud based patching automation solution such as Automox. Automox enables you to adopt continuous patching of all endpoints, provides full visibility into patch status across the entire infrastructure including remote devices, and control what software is installed on employee devices.
Automox achieves this through a lightweight cloud-based agent which can be quickly installed on all endpoints, and a powerful policy engine which regulates the patching automation process. Through flexible rules, IT departments can control which patches are applied automatically, which need to be approved or tested before being deployed, what software is blacklisted in their network, and much more. This results in an automated continuous patching solution that provides you more control over your patching process.
Using Automox, companies can reach 100% patched status within just hours of patch releases, and the time it takes IT departments to apply patches is reduced by up to 90%. Continuous patching is a critical part of good cyber hygiene, and Automox ensures all endpoints are following this best practice. To try Automox for yourself, sign up for our free 15-day trial and get full platform access with no endpoint limit.