This vendor-written tech primer has been edited to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
We’re in an era in which pre-packaged exploit services make it possible for the average Joe, with no technological experience or prowess, to launch intricate attacks on our environments. So, what can be done? Patching operating systems and applications is a surefire way to block some attacks. But you need to do more than blast out auto updates.
Here are seven patch management best practices that take your organization’s cybersecurity to the next level:
#1 Use a proper discovery service
You can’t secure what you don’t know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network.
Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it’s important to inventory your network on a regular basis. If one computer in the environment misses a patch, it can threaten the stability of them all, even curbing normal functionality.
#2 Use heterogeneous OS platform support
As you look to create an inventory and use proper discovery tools, you should ensure this includes a wide list of vendors and OS systems. Windows is no longer the sole preferred operating system, and, as a result, you can no longer get away with just supporting Windows. Apple’s Mac is prevalent for end users in many businesses today across the globe, and MacOS may be more susceptible to pernicious cyber activities like malware than many suspect.
A 2015 JAMF survey of IT pros found that 96% of enterprise IT professionals support Macs. Other operating systems are also making their way into the limelight. Linux and Unix often make up 5% to 35% of the data center footprint in large enterprises, depending on the region of the world, and Ubuntu is an up and coming Linux distribution being used as an end user system. You should support all of these types of operating systems within your patch management strategy.
#3 Perform application patching
Though many companies have implemented OS platform support and discovery services, the limitation for many lies in only accounting for the OS and applications from a specific OS vendor and ignoring third-party software. Take Windows, for example; as much as 80% of software vulnerabilities can come from non-Microsoft applications running on Windows, which means you not only need comprehensive OS coverage, but also comprehensive application coverage.
Sign up for CIO Asia eNewsletters.