Cyber Security Patching
26 Sep 2017
The outbreak of WannaCry ransomware this year hit hundreds of thousands of computers and caught the world’s attention. The most shocking thing about WannaCry is how easily its rapid infection could have been prevented.
The worm that spread WannaCry, or WannaCrypt, exploited a Windows vulnerability known as ‘Eternal Blue.’ An easy vulnerability to target considering many businesses failed to utilise the patch that was released two months prior to the WannaCry outbreak.
Patch Management regimes most certainly would have been put under scrutiny for those organisations directly affected by the outbreak. Let’s take a look.
What is a patch?
The most simple explanation; software patching means applying available updates for operating systems and applications such as browsers, plugins, desktop apps, etc. These updates include both security and feature patches, and are meant to fix or improve the software you use. These patches often target security issues and for this reason need to be applied as soon as they become available.
Why a patching regime is so important
Your information technology infrastructure may well be your business’ biggest investment; built to enhance your business’ performance, save you money and increase profitability.
However, more threats to your infrastructure are released every day. The risk of malicious virus and worm attacks has been increasing and as a result, forcing businesses to reinvestigate their security needs.
As a direct response to the growing threat landscape, securing vulnerabilities on the Microsoft platform has become a high priority. In fact, Microsoft readily produces security patches for their system vulnerabilities and makes them available to users.
Research shows that the most efficient way to be protected against attacks is to ensure that every machine in your IT environment has the latest patches installed. It only takes one vulnerable machine to infect an entire network.
This may sound like a lot of work. In fact, it is. Hundreds of patches are released each month. How do you know which patches to install, and which to ignore? And what's the proper order and process for installing them?
Today's cybercrime environments demand that the solution to managing patches be an automated yet stringently controlled process that involves not only your IT security provider but each of your employees as well.
Managing the patching process
Patch or update management can be a serious drain on an organization’s resources which is why many companies choose to bring in IT security services to which portions of the process can be outsourced. This third party help is necessary to design a patching system that works for your current IT infrastructure but is of no use if you fail to educate your employees about security issues. Quality security awareness training as part of your patching regime is key.
Other considerations that your IT security provider will also assess are:
The practical challenge of patch management is not usually in the distribution of the patches themselves. In fact, moving patches across a modern network is a relatively simple process. Once all the target computers have an appropriate agent installed, the difficulty is mostly managed.
The difficulty now lies not in how to apply the patches, but which patches should be applied and when. Your IT provider will establish a patching regime with your patching admins to understand how and when patches need to be applied.
The trick here is ensuring that the patches that are going to be applied will work safely in your system. The only thing worse than leaving a vulnerability open is applying a patch that breaks other software in the process. Your IT security provider will test patches in their test environment before applying them to production systems (when possible). Ideally they will also have a rollback plan in case a patch accidentally interrupts business-as-usual operations.
While your IT security provider will oversee much of the process, know that it is your role to make security as easy as possible for the firm that is trying to protect your company. Follow every step they outline and ensure your employees do the same.
Proactive maintenance of the regime is vital
Your IT security provider will regularly analyze the process to ensure that all endpoints remain in compliance, will identify improvements and customize your patch management process accordingly. But, it is vital that your organization takes responsibility for this process by ensuring the work is carried out when it should be and has been signed off each time.
Vulnerability and patch management isn't easy. In fact, in today's computing environment, it's a never-ending cycle. With the help of your IT security provider and a quality patch management process you work to minimize the impact of a worm and ransomware in the future.
Media release - KAON SECURITY
Contact - Mark Micklefield – 09-570-2233 or 027-491-5401