The 4 Critical Elements of a Best-in-Class Patch Management Strategy
Imagine you’re at work and you remember you left your house unlocked. How quickly would you rush home to lock it?
The answer might depend on if its your front door or your back door, how soon you were about leave work anyway and maybe even your neighborhood. But you can bet you’re going to feel some level of anxiety until it’s taken care of.
That pit in your stomach should be the same feeling you get when it comes to security vulnerabilities. Every vulnerability is an unlocked door that bad guys can use to come in and wreak havoc on your network and your data.
Yet, when it comes to cybersecurity, patch management is often at the bottom of the list. Despite freely available patches, enterprises continuously fail to patch devices across their network in the days, months or sometimes even years after a patch is released. It’s not just zero-day exploits you need to worry about; the Verizon Data Breach Report 2016 showed that most exploits in 2015 came from vulnerabilities discovered in 2007, while vulnerabilities from as far back as 1999 still accounted for a significant amount of exploits. That goes beyond the “timely patching” advice you usually hear to “just patch it, already!”
Patches can often address vulnerabilities before an exploit is discovered. However, they only work if you deploy them. According to Microsoft’s Security Intelligence Report Volume 18, most exploit kits rely heavily on vulnerability exploits for which security updates have been available for months or even years, targeting computers that still don’t have the appropriate updates installed.
An effective patch management strategy is all about velocity and coverage. While the right technology is required to distribute patches quickly at scale over your entire network, technology isn’t always enough. It also requires a culture that’s based on visibility, responsibility and agility.
A best-in-class patch management strategy requires the following elements:
360º view of security: For many enterprises, their IT security plan places a premium on big ticket initiatives like network security, personal security practices and maintaining hardware. However, too often these initiatives are strategized and managed independently of each other by different teams in different parts of the world. When that happens, it can be easy for something like patch management to fall through the cracks. Top organizations take a holistic, top-down view of their IT security plan, which can quickly reveal the role patch management plays in strengthening every other aspect of their major IT security initiatives.
Patch champions: With enterprises running hundreds or even thousands of different apps across millions of end-points around the globe, many organizations have no idea about the patch status of their entire network. However, a single unpatched endpoint is all it takes to introduce an exploit into their company. The best organizations empower patch champions to track, manage and deploy patches as quickly as possible. Because time is a factor in deploying patches, a patch champion is better able to prioritize patching than a security team with a long list of to-dos.
Agile support culture: While agile methodologies are common in software development, IT support teams still often work using a siloed, waterfall process. In an enterprise environment that means patches can take days or weeks to elevate up the org chart to get approval to deploy. Rather than making patches a periodic process, top enterprises provide the structure, management visibility and technology to make patching a continuous process.
Technology: When patch management becomes a priority, you end up deploying a lot more patches! While undeniably a good thing, all this extra data can have a significant impact on your network. The best organizations have the right patch management solutions in place to quickly deploy patches at scale without impacting users or network performance.
More and more, enterprise IT security will succeed or fail based on their patch management process. Companies that prioritize keeping patches up to date will have a significant business advantage over those who don’t. The right processes, people and technology are all critical to deploying patches quickly, easily and effectively.
Related Blog Posts
In comics, myths and movies, no matter who the main character is, he or she always has a crippling vulnerability. Whether he’s Jedi, Son of Krypton or the Amazon Princess, the villain always finds their weakness. And while it shocks us when such a mighty archetype’s...read more
Data-driven decision-making is increasingly becoming the de-facto expectation throughout the enterprise, but the process to collect, analyze and produce key insights can be very challenging if you don’t have the right analytics tools in place. The good news is that...read more
By announcing their end-of-life plan to no longer support or maintain Flash by the end of 2020, Adobe has effectively ended an era of enterprise video applications relying on Flash players. We all knew Flash had some problems but it was still...read more