As you have no doubt experienced, the increase in device operating systems connecting to the company network has resulted in an increase in your attack surface. It wasn’t that long ago that Microsoft Windows was the dominant OS, and their update service, WSUS, handled the majority of patching needs. In recent years Apple OS X and different Linux distros have grown in market share, and today nearly every organization runs a mixed OS environment.
This proliferation of operating systems presents a challenge for IT teams who need to keep track of every system in their infrastructure, the vulnerabilities each system could be exposed to, and the new patches released by OS. As the number of devices and operating systems increases, staying current with patching becomes critical to maintain data security. Patching mixed environments is obviously more difficult and time consuming than patching a network running entirely on Windows. Let’s look at the top challenges to patching mixed environments.
- Lack of Time
Time is one of the most valuable resources for IT security teams, and the time it takes to patch manually is a top reason patching is often put off. A recent survey of IT professionals1 found that nearly half admitted that they cannot keep up with patching.
We know Windows based systems can rely on WSUS to manage updates, though the process is error prone and often frustrating. And Mac and Linux systems require time intensive manual patching. This was less of a problem when there were few Mac or Linux systems being used. However, as they have become more prevalent, attacks on non-Windows systems2 have increased.
- Patch Testing is Complex
One element of patch management is testing patches before they are fully deployed to ensure they are reliable. Compatibility testing3 of patching is, by its nature, a time-consuming task. With a mixed OS environment, the dependencies IT Managers need to check to ensure a new patch won’t affect other applications becomes more challenging.
- Inability to Report Patch Status
Knowing what patches are outstanding is important for IT teams to prioritize work and gain visibility into their organization’s security. Keeping records of patching is more difficult when users are operating multiple systems. Instead of gathering data through one patch management program, IT Managers need to look at two or more systems and then manually compile a full patch status report.
When new attacks happen, executives want to know in real time if their system is vulnerable. Verifying systems are secure in a mixed OS environment and then providing a report that shows patch status across an entire infrastructure becomes an all hands on deck fire drill that impacts the overall productivity of the IT team.
- Difficulty Tracking Inventory
As infrastructures grow, IT teams need to maintain an updated inventory of individual systems and software applications. This is important both to track company resources and to stay on top of security updates. In a mixed OS environment without current inventory visibility, workstations and servers are likely to be running different versions of their operating systems. Some may even run multiple operating systems in virtual environments. Keeping track of these systems, and knowing when new systems are added, is a burdensome task which can quickly get out of control.
- Maintaining Compliance
Data security is under increasing scrutiny. The need to be compliant is becoming a requirement of new data security regulations. For example, if your company processes credit card data, you must adhere to PCI requirements which state that critical patches be applied within one month of release.
Regular patching is often included as a compliance requirement, and multiple operating systems make this requirement more difficult to meet. Compliance audits often fail due to lack of patching. In one study, 81% of failed audits4 could have been prevented with patching or a configuration update. It’s crucial that companies with multiple environments invest the resources to stay patched. Compliance is not a one time event, but an ongoing security requirement.
Automated Patching for Mixed-OS Environments
Multi OS environments are a reality, and the inability to patch them in a timely matter is a security risk. When looking for a patch automation solution, focus on those that can patch multiple environments from a single dashboard.
1 https://www.tripwire.com/misc/combating-patch-fatigue-register/
2 http://www.zdnet.com/article/mac-users-you-have-to-patch-too/
3 http://searchitoperations.techtarget.com/tip/Server-patch-management-for-multi-OS-data-centers
4 http://www.eweek.com/security/software-patches-could-prevent-most-breaches-study-finds
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.