Consistent Patch Management Is the First Line of Defense against Being Hacked
Do you ever feel like all you do is patch your systems to fix security vulnerabilities and deter hackers? If you answer yes to this question, good for you! If you constantly feel pressure to patch your systems the right way but can’t seem to find time — at least it’s on your radar. Many IT professionals and their managers don’t think about proactively patching their systems until a breach occurs.
Whatever you do, whatever tool you choose, and whatever procedures work best in your environment, keep your systems patched! This goes for operating systems, web servers, databases, mobile apps and even firmware on your network infrastructure systems.
Patching is avoidable but inevitable. The only real solution to eliminating the need for patches is developing secure software in the first place, but that’s not going to happen any time soon. A large portion of security incidents can be prevented with some good patching practices, so there’s simply no reason not to have a solid patch management process in place.
If you can’t keep up with the deluge of security patches for all your systems, don’t despair; you can still get a handle on the problem. Here are somebasic tenets for applying patches to keep your systems secure:
Make sure all the people and departments that are involved in applying patches on your organization’s systems are on the same page and follow the same procedures.
Have formal and documented procedures in place for these critical processes:
Obtaining patch alerts from your vendors, including third-party patches for Adobe, Java, and so on, which are often overlooked
Assessing which patches affect your systems
Determining when to apply patches
Make it policy and have a procedure in place for testing patches before you apply them to your production workstations, and if possible, servers. Testing patches after you apply them isn’t as big of a deal on workstations, but servers are a different story. Many patches have undocumented features and subsequent unintended side effects. An untested patch is an invitation for system (and job) termination!
You can use various patch deployment tools you can use to lower the burden of constantly having to keep up with patches.
A robust patch-automation application works well, especially if you have these factors involved:
A large network
A network with several different operating systems (Windows, Linux, and so on)
A lot of third-party software applications, such as Adobe and Java
More than a few dozen computers
Be sure to check out these patch-automation solutions:
Quest Patch Manager (formerly ScriptLogic Patch Authority Ultimate)
The GFI LanGuard product can check for patches to apply and deploy.
Use one of these free tools to help with automated patching: