Managing Software Patches: Understanding What to Update and When
It’s like a never-ending game of cat and mouse. The cycle starts with software hackers exploiting vulnerabilities in software networks before the users and manufacturers know about them, stealing data and reaping financial booty (e.g., ransomware attacks). Software manufacturers respond by releasing patches to fix the holes in the security armor. And finally, IT professionals and users scramble to update their systems, disrupting day-to-day operations. And the cycle continuously repeats itself because there will always be hackers.
For the user, most of the time the patches work as advertised. But not always. Once-in-a-while they don’t. Occasionally a patch will cause unexpected and potentially serious problems for your business and your IT department. This may seem like a band-aid approach to a systemic issue. The problem is this – how do you know what updates are critical and must be installed? How do you avoid bad patches? How do you know what systems have been patched and which haven’t? The bottom-line question is what is the best way to minimize disruptions to your staff caused by patch notifications and all of the associated system reboots that are required?
Ferreting Through Software Patches
Unpatched software can hurt your business. It opens the door to software vulnerabilities, such as loss/theft of data, regulatory compliance issues, damage to the company’s reputation, and reduced staff productivity.
Unfortunately, IT and security professionals find patching to be complex and time-consuming. Oftentimes, there is often a lack of formal patch tracking and no vulnerability monitoring and management process. And who wants to actually respond to every patch notification sent by the various software manufacturers?
Think about your organization’s processes and procedures and how these questions could impact your operations:
- How do you know when a system or application on your network has not been updated and may be vulnerable to exploits?
- How do you know how urgent the patch is and how quickly you need to react and close vulnerabilities?
- How can you tell which updates fix problems but won’t create new ones?
- How can you stay ahead of the game to adequately protect data and users?
- How can you identify and roll back bad patches that will impede your business?
To answer these questions, you need to assess your software manufacturer’s patches as well your business processes for potential side effects. Unfortunately, IT resources are often stretched thin, busy keeping up with day-to-day operational tasks, and helping users with immediate problems. Finding the time to track patches and install the right ones to secure systems and networks without disrupting business operations typically gets delayed, leaving your security in limbo and data unprotected. This is where CCI Managed Services can help.
The Software Patch Solution that Works
We’ve been discussing CIS Control standards, the industry-proven recommendations for securing your systems and networks. At CCI, we believe these standards are crucially important for continuity of business success.
For patches, the 7.3 and 7.4 CIS controls offer the best advice for patching your software: “Perform operating system and application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.” The catch is finding the right solution customized for your specific needs.
If you rely on automatic updates, centrally managed alternatives can offer more consistent results for continuous patch installation 
and protection, as well useful tools when it is necessary to roll back any bad patches that your staff encounters. This approach may be within reach for your own staff to implement. However, utilizing the resources of a Managed Service Provider experienced in patch management can provide the right support to effectively manage patches and avoid disruptions.
Ask us specifically about our practical security assessment and report card. We can evaluate your current approach to patching, as well as discuss dozens of other factors that affect the security of the technology you use.
The CCI approach is to present you with an affordable way to obtain a clear understanding of the security risks that exist today, and to focus your resources where they will make the most positive impact for tomorrow. For further information about patches and the best way to manage them, contact us today.
