As the complexity and source code for modern operating systems has grown dramatically, so has the number of vulnerabilities in the OS. When a vulnerability is discovered, OS vendors typically release a security update to repair the problem and prevent future security breaches. Its the Zero Day exploits that give most IT guys chills, but remarkably, most viruses take advantage of known vulnerabilities that have already been patched by the OS vendor, but whose associated security update has yet to be deployed. Best defense against viruses and hackers? An effective, secure and well thought-out patch management strategy.
As the complexity of modern operating systems has advanced, so has the technology hackers use to create viruses and worms. Exploitation tools are posted on the Internet that allow even novice programmers to create a computer virus with just a few clicks. All it takes is one person opening one email that contains a virus to potentially infect all unpatched computers on an entire network.
This underscores the importance of keeping your network devices up to date with the latest OS patches. Patch management is now at the forefront of organizations’ security focus. But patches, as a preventive measure, are only useful if you deploy them. The premise of a good patch management strategy is to be proactive in deploying available patches before you have a virus or experience a hacker attack. It’s far less expensive in terms of cost and user downtime to prevent these than to fix them afterwards.
So, why don’t organizations apply patches when OS and software vendors make them available? One reason is that it’s hard to keep up with new patch releases. With today’s shrinking IT budgets, overwhelmed IT staff just don’t have the resources or time to continually check OS vendor sites for new patches. Many corporations don’t want to deploy a patch until they’ve had a chance to test it themselves in their own environment. It’s important to make sure that a patch doesn’t affect any of your other mission critical applications. Keep in mind they have already been tested to some degree by the OS or patch management software vendors themselves. An unintended conflict with an application might make just that application unavailable, while a virus infection could make the entire network unusable.
The Patch Management Cycle
Effective patch management is a complicated process that involves several stages. The solution you choose must be able to help you with each of these.
- Inventory and assessment – Identify missing patches and the devices that need them. You also need to determine which computers already have them installed, as well as get a count of devices missing each patch.
- Patch testing – A lot of testing has already been done for you by the OS vendor, but they can’t account for every application since everyone’s computing environment is different. They may not always catch every conflict. So it still makes sense to do a test deployment on a subset of machines to discover any conflicts with applications deployed by your organization.
- Deployment – Distribute the patches to your live environment after confirming there are no conflicts with any of your existing applications.
- Verification – Verify that the patch installed correctly is present and is no longer needed by the target computers.
Proactive Patch Management
Having a proactive patch management strategy in place can provide immediate and tangible benefits for both your organization and its end users. Greatly reduced downtime, lower rates of virus infection and hacker attacks and fewer resources spent on fixing client devices are all benefits that you can enjoy.
Patch management can be a cumbersome and daunting task. With the right patch management strategy, it doesn’t have to be that way. Proactive patch management leads to considerably lower unexpected downtime, happier end users and significant cost savings.
Learn more about proactive and effective patch management strategies for your IT organization. Listen to our webinar, “Patch Management: 4 Best Practices and More for Today’s IT Leaders” here!