Patch Management should be a standard in any organization. When patching is not considered important, or is only considered as an afterthought, your organization is at risk.
Why it is important to patch often?
- Vulnerabilities are known to cyber hackers. If a vendor releases a security patch, it’s an acknowledgement that a vulnerability exists and needs to be patched to be secured. Cyber hackers look for these announcements and seek out devices or applications to exploit these vulnerabilities.
- Vendors create patches for a reason. Imagine the fence in your yard is starting to slant slightly. Over time that fence will fall if you do not fix it. So instead of just replacing a few bad posts to help reinforce that fence, now you must replace the whole fence because you didn’t fix immediately when it was a problem. Patching helps resolve issues before they become too problematic.
- It can be a compliance issue. How would your customers feel if they knew you had their data and your environment is not maintained? How would you feel if your bank provider didn’t maintain their environment? Probably not too good.
- It is the norm to patch more often. Security patches should be applied as soon as possible. Additionally, you should have monthly or quarterly patching plans. Workstations, Servers, Network Equipment, all should be patched!
What are some patching best practices?
- Make sure you’ve accounted for third party patching! Statistics from 2014 show that 76% of vulnerabilities are related to third party patching. http://www.labtechsoftware.com/blog/4-patch-management-best-practices/
- Manage the 5%. The 95/5 rule is the theory that most patches approved for deployment will apply to most of the systems you manage. You must manage the remaining 5% of individual computers or servers. Systems that fall into this category typically have special software or configuration that results in patching issues.
- Save time and remove clutter. If you have known systems that are not in production, but still have them connected to your network, it is a risk to not patch them. It is also time consuming to patch any system, workstation, or network equipment that is not in use. The only exception to this is if there is a stock of equipment, but typically this is not on the network until it becomes in use.
- Stage Patch Deployment. Testing patches throughout your environment is important. If you have a Dev, Stage, and Prod in your environment; stage out the patches to ensure they do not break anything that could be deemed as critical.
We understand that patch review is more time consuming than patching itself. We have a solution to help resolve this–so you can focus on your business and we handle the patching. If you are interested in learning more about our Patch Management solution email us at firstname.lastname@example.org for a complimentary consultation.