Consistent Patch Management Is the First Line of Defense against Being Hacked - dummies

Consistent Patch Management Is the First Line of Defense against Being Hacked

By Kevin Beaver

Do you ever feel like all you do is patch your systems to fix security vulnerabilities and deter hackers? If you answer yes to this question, good for you! If you constantly feel pressure to patch your systems the right way but can’t seem to find time — at least it’s on your radar. Many IT professionals and their managers don’t think about proactively patching their systems until a breach occurs.

Whatever you do, whatever tool you choose, and whatever procedures work best in your environment, keep your systems patched! This goes for operating systems, web servers, databases, mobile apps and even firmware on your network infrastructure systems.

Patching is avoidable but inevitable. The only real solution to eliminating the need for patches is developing secure software in the first place, but that’s not going to happen any time soon. A large portion of security incidents can be prevented with some good patching practices, so there’s simply no reason not to have a solid patch management process in place.

Patch management

If you can’t keep up with the deluge of security patches for all your systems, don’t despair; you can still get a handle on the problem. Here are somebasic tenets for applying patches to keep your systems secure:

  • Make sure all the people and departments that are involved in applying patches on your organization’s systems are on the same page and follow the same procedures.

  • Have formal and documented procedures in place for these critical processes:

    • Obtaining patch alerts from your vendors, including third-party patches for Adobe, Java, and so on, which are often overlooked

    • Assessing which patches affect your systems

    • Determining when to apply patches

  • Make it policy and have a procedure in place for testing patches before you apply them to your production workstations, and if possible, servers. Testing patches after you apply them isn’t as big of a deal on workstations, but servers are a different story. Many patches have “undocumented features” and subsequent unintended side effects. An untested patch is an invitation for system (and job) termination!

Patch automation

You can use various patch deployment tools you can use to lower the burden of constantly having to keep up with patches.

Commercial tools

A robust patch-automation application works well, especially if you have these factors involved:

  • A large network

  • A network with several different operating systems (Windows, Linux, and so on)

  • A lot of third-party software applications, such as Adobe and Java

  • More than a few dozen computers

Be sure to check out these patch-automation solutions:

The GFI LanGuard product can check for patches to apply and deploy.

Free tools

Use one of these free tools to help with automated patching: