A patch is a piece of software designed to update a computer program or its supporting data, in particular, it will strengthen any security vulnerabilities which may have made it susceptible to a cyber attack.
The majority of today’s attacks work by exploiting holes in unpatched software. Increasingly, the time between the discovery of a vulnerability and the emergence of an exploit is getting shorter, sometimes only a matter of hours – known as Zero Day. This creates incredible pressure on all IT departments who struggle to keep up with the constant release of new patches and updates.
To mitigate against cyber attacks, every business should keep an inventory of every server, switch, router, printer, application, virtual appliance, laptop and desktop on their network. Ideally, this should be done with an automated tool, linked to its database so real time information is available. This data should include hostname, location, IP address, MAC address, operating systems and current revision level.
Businesses working in conjunction with an outsourced IT Managed Service Provider (MSP)should have their patch management automatically taken care of and naturally if your IT systems are supported solely in-house this should also be the case. However in our experience some of the obvious items below are not being covered. Deploying a system that can patch more than just the operating system – consider all third-party apps and plugins
-
Testing patches before deploying them – have a set of test servers and workstations available to do your own test on the patches
-
Establish regular maintenance windows for patching – it simply has to be done so making it part of your defined work rota means it really will happen. Guidelines state critical updates should be deployed within 14 days however we recommend weekly.
-
Creating and maintaining a hardware and software inventory for the organisation – to include version numbers of software most used. This will help system administrators better monitor and identify vulnerabilities and patches
-
Standardising configurations – this can simplify the patch testing and application updating process and reduce the amount of time and labour devoted to patch management
-
Educating users – information security is everyone’s business and effective patch management can not be implemented with the cooperation and participation of everyone across the business. This is especially important for organisations that allow remote access to their network. A vulnerability exploited through an employee’s home computer system can threaten the security of the entire organisation
And remember…
-
Don’t assume you will hear about issues before they become a problem
-
Don’t assume your systems are patched
-
Don’t use a solution that only patches the operating system
If you are interested in third party support, our Platinum IT Support package includes a full patch management service.
