Patch Management

Want to Prevent Fire drills on Your Systems? Start Patching!

By July 11, 2016 No Comments

Of all the risk factors in the InfoSec domain, vulnerabilities are probably the most discussed, tracked, and assessed over the last 20 years. But how well do we really understand them? Their link to security incidents is clear enough after the fact, but what can we do before the breach to improve vulnerability management programs?

A patch deployment strategy focused on coverage and consistency is far more effective at preventing data breaches than “fire drills”. Keeping your systems patched as soon as patches are released is and can be the strategy to avoid the last minute rush to get it all done. Not only does that not leave room for error; it’s stressful on your teams; it’s difficult to schedule; and, the impact to your customers and testing can be unpredictable and disruptive. Did you know that “More than 80 percent of all publicly known exploits have patches available on the day of the vulnerabilities public disclosure”? Crazy that we still continue to be relaxed about the the prevention of a security incident or a data breach.


What is the difference between an incident and a breach?

Security incident: Any event that compromises the confidentiality, integrity, or availability of an information asset.

Data breach: An incident that resulted in confirmed disclosure to an unauthorized party.

Verizon released a report recently on 2015 data breach investigations: “We found that 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated Common Vulnerabilities and Exposures (CVE) was published.” The study also showed CVE’s over the last 15 years and many of them are still around; meaning that any vulnerability management program should be able to cover the older CVE’s not just the most recent. In fact, a remediation strategy is the only way to prevent these old CVEs from affecting your systems; because hackers will continue to use the oldies as bait as long as they get bites.

Effective vulnerability management cannot be based on starting the patching “fire drill” only when a critical security vulnerability is announced.  Even well-tuned Windows patching processes are not 100 percent effective, and non-Windows processes lag even further behind. To provide shielding, IT security departments need the ability to employ technologies to the network, servers and desktops; these include patch management, firewalls and intrusion prevention systems. Close coordination is needed among security, network, server, application and desktop operations groups to provide timely and effective shielding against vulnerabilities.

Start working on a consistent process to improve your patch management; prevention will far outweigh the cure. Drop us a note at support@automox.com if you have any thoughts, questions or want give our solution a try – your first 5 systems are free.

Jay Prassl

Author Jay Prassl

A self-described “Nerd with a big mouth” Jay is an 18 year startup veteran specialized in pre-IPO, hyper-competitive environments with a focus on new technology introduction, partner / customer acquisition. VP of Sales and Marketing at SolidFire (sold to NTAP), LeftHand Networks (sold to HPQ), Hewlett Packard.

More posts by Jay Prassl

Leave a Reply