A patch deployment strategy focused on coverage and consistency is far more effective at preventing data breaches than “fire drills”. Keeping your systems patched as soon as patches are released is and can be the strategy to avoid the last minute rush to get it all done. Not only does that not leave room for error; it’s stressful on your teams; it’s difficult to schedule; and, the impact to your customers and testing can be unpredictable and disruptive. Did you know that “More than 80 percent of all publicly known exploits have patches available on the day of the vulnerabilities public disclosure”? Crazy that we still continue to be relaxed about the the prevention of a security incident or a data breach.
What is the difference between an incident and a breach?
Security incident: Any event that compromises the confidentiality, integrity, or availability of an information asset.
Data breach: An incident that resulted in confirmed disclosure to an unauthorized party.
Verizon released a report recently on 2015 data breach investigations: “We found that 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated Common Vulnerabilities and Exposures (CVE) was published.” The study also showed CVE’s over the last 15 years and many of them are still around; meaning that any vulnerability management program should be able to cover the older CVE’s not just the most recent. In fact, a remediation strategy is the only way to prevent these old CVEs from affecting your systems; because hackers will continue to use the oldies as bait as long as they get bites.
Effective vulnerability management cannot be based on starting the patching “fire drill” only when a critical security vulnerability is announced. Even well-tuned Windows patching processes are not 100 percent effective, and non-Windows processes lag even further behind. To provide shielding, IT security departments need the ability to employ technologies to the network, servers and desktops; these include patch management, firewalls and intrusion prevention systems. Close coordination is needed among security, network, server, application and desktop operations groups to provide timely and effective shielding against vulnerabilities.
Start working on a consistent process to improve your patch management; prevention will far outweigh the cure. Drop us a note at firstname.lastname@example.org if you have any thoughts, questions or want give our solution a try – your first 5 systems are free.