Patch Management: Why it is a Security MUST!

by Martin Quinn & Samantha Woollard 21 May 2017

What is Patch Management?

Patch management is the process of handling all the updates of components within the companies information system. These include routers, firewalls, servers, operating systems, anti-viruses, along with many more that could exist within a network.

After hardware and software is released, flaws may be found within them which have not yet been discovered; these are classed as zero-day vulnerabilities. Zero-day vulnerabilities are exploitable but do not yet have a fix. When a vendor releases a patch for these, they are no longer zero-day flaws and the component can be updated to correct the issues.

An analogy of patch management within your business can be seen as maintaining a car. Without regular check-ups, new tyres and parts, you can still drive your car, however it will become dangerous to drive if you keep avoiding the mechanic. Eventually, the car may break down or cause an accident.

Patches are released constantly for different software and hardware, meaning vulnerabilities are also found consistently so the importance of a scheduled patching procedure is critical within every business.

Why Is Software So Insecure?

Software is a creation through humans’ work and like everything else, human error comes into play. Unintended errors may happen and this leaves a door of opportunity for an attack from malicious hackers.
Code reviews before product deployment may not be carried out properly leaving flaws in memory, logic and other areas within the components. As reviewing code is extremely time consuming and increases the cost, companies often take the risk and rush the testing phase to reduce the delay to the market.

Reasons to Patch

Zero-day Attacks Account For 0.1%

Zero-day attacks rarely occur. This is due to the lack of time between the discovery of the flaw and the creation of a patch, an attacker does not have enough time to create an exploit against the vulnerability. This means that 99.9% of attacks happen due to commonly used exploits and commonly found vulnerabilities existing in companies’ systems, that have not yet been patched. Many attacks could easily have been prevented and systems protected however due to bad patching practices were not.

Unsupported Software

When a vendor stops supporting software, it means that they will no longer release patches for discovered vulnerabilities. If new flaws come to light, they will remain vulnerable as nothing will be done to fix them. It is advised to stop using this software as exploits for these will become more common and this will only attract attackers to this low hanging fruit.

Outdated Anti-virus

It is estimated that 24% of computers have out of date anti-virus making it pretty much useless. If anti-virus is out of date then new threats that have been discovered since its last update cannot be picked up by the anti-virus, as they have no record of it being a vulnerability. Patching anti-virus means that it can pick up everything that it should do, that is the reason it is running in the first place.

Keeps Costs Low

No one can know exactly how much a security breach will cost, but if you are breached due to lack of patch management it will be very expensive for the business. If there is no plan in place on how to manage the systems after the incident then the breach will become unmanageable; resulting in the loss of more money. Patch management also includes guidance if something were to go wrong, so that employees are aware of what to do.

Tips On Patching

Patch Policy

Have a security policy in place of how often you patch, when it occurs and how it is done is very much encouraged for all companies. Keeping to this policy can help you remain in compliance.

Involve Senior Management

Patch management can happen a lot more smoothly when senior management is involved. Trying to conduct regular updates without the consent or help from top management can only prolong the process making patching a hindrance for everyone involved.

Backup Before Patching

Applying patches can sometimes go wrong, resulting in the loss of information. That is why it is important to complete a backup before introducing a new patch.

Educating staff

This is also an important tactic within patch management, so that if certain software can be updated by employees on their machines, that they know what needs updating and how to do it.

Patching Personally and Within A Business

Personal machines at home should have automatic updates turned on, however in a business any updates or changes to the system should be tested before implementing into production. Updates may affect day to day activities and could result in the failure of business-critical processes. To ensure no information is lost or damage to the main system, ensure that updates are applied in a controlled environment.

Relax. Your security is Intact.

Author: Intact Security

Google

Posted on by Martin Quinn in Security Blog