As an IT professional you know how important patch management is to your overall system security. Yet developing an effective strategy to deal with outstanding patches is difficult and often takes a back seat to other more pressing matters. Don’t worry, you’re not alone. NTT Group’s 2015 Global Threat Intelligence Report found that 76% of vulnerabilities are more than 2 years old, and the Verizon Data Breach Report found that some of the most exploited vulnerabilities are nearly a decade old. We know you’re dreading the patching backlog, so we put together a patching strategy to get your systems up to date and stay up to date.
CONDUCT AN AUDIT
Start with understanding the state of your overall network. Do you know how many endpoints you’re managing? At the enterprise level this is easily thousands of devices and any one of them could be the low hanging fruit for a cyber attack. So the first step of an effective patch management strategy is to audit your network. This means getting a handle not just on what you have behind the firewall, but on every remote laptop, server, docker container, and other endpoint that is connecting through the cloud.
Intimidated? Don’t be, you don’t need to boil the ocean. New cloud based patch management solutions enable you to quickly and easily see your entire network. At this stage you have a view of the network vulnerabilities, but now you need a game plan. The next step is to run a vulnerability assessment. Knowing where the biggest threats reside enables you to develop a game plan to tackle the most critical patches first. There are a variety of excellent vulnerability management tools available and the US CERT website is a great place to begin.
You’ve got a clean picture of what needs to be done, and we’ve reached the step where the rubber meets the road, patching. While the process is not new to you, new solutions have made it easier than ever to update all of your devices. Firewalls, while necessary, are antiquated when it comes to the front line of security defense. Even if your workforce isn’t distributed, nearly everyone works from home or coffee shops from time to time. The cloud is the only way to access and manage devices to maintain security protocols. Applying updates only when people are in the office isn’t feasible in today’s work environment.
Patch deployment for operating system updates, server updates, and third party software updates through a cloud based application has resulted in an average time savings of 90% for our customers. The ability to quickly and easily patch on your schedule with your policies has turned the once dreaded task into one the fastest ways to address new security threats. And with Automox, you can patch Windows, Linux, and Mac from a single solution.
You’re network is now far more secure and for lack of a better word, cleaned up, which brings us to the next step, monitoring. While the audit was a snapshot of your system at a single point in time. Monitoring makes sure you never find yourself in this position again. The challenge is two fold. First, patches are being released with increasing frequency. Second, newer, ever more powerful software applications continuously coming on line. How many of the devices you just updated were still running older, outdated third party apps? These are a favorite of hackers who can easily exploit these well known vulnerabilities.
Most cloud based patch management solutions provide monitoring and reporting dashboards that enable you to see the status of your network on a real time basis. Monitoring is critical to maintaining a secure network. Once the heavy lifting of getting the network up to date is done, monitoring keeps you on the front lines of any new threat.
The final step of a sound patch management strategy is reporting. While patching is important to the entire organization, pretty much anyone outside of the IT department doesn’t fully understand the complexity of managing endpoints. Communication is critical. Providing weekly or monthly snapshots of the system status, patches applied, and outstanding threats keeps patching top of mind with the executive team. They may not understand the amount of work that an effective patch management strategy requires, but they do like knowing that the system is secure. And the more they are in the loop, the more support you’ll receive when a critical need arises.
If you have more questions about developing an effective patch management strategy, drop us a note, we’re here to help. If you’d like to learn more about Automox and our any OS, any system, anywhere approach, let’s talk.