Patch Management Software Best Practices
We talk a lot about patching, software deployment, and having a unified patch management strategy. It is a headache that has existed for years. As important as it is, it is wallpaper to everyone outside of the IT department…they know it’s there, but it’s in the background and they don’t give it a second thought, it somehow just keeps the network secure. On the other hand, IT knows how cumbersome and time intensive it is to keep the network and its ever growing off premise reach secure. You get it, and so do we, it’s why we started Automox. You might say it’s our raison d’être.
This is a challenge every IT department has to address, and given the “automagic” perception the rest of the company has about how software patching updates are distributed and applied, here are the best practices for using patch management software to help ease your burden.
Automate — On-premise installed software used to be the only option for patching and updating software and operating systems. If you go back just 15 years, you probably remember being sent CD’s to update software. As with all technology, patch management software has moved to the cloud. It is easier than ever to manage cloud servers and distributed workforces than ever before, no need to chase down employees with a jump drive to get an updated loaded onto their device.
Audit and Baseline — You can’t manage what you don’t know. The first step is to assess the current state of your network. Once you’ve deployed the automated patching agent across your network, you’ll be able to see every endpoint, the current version of every piece of software each device is running, and which applications are out of date and vulnerable.
Your audit has given you a snapshot of the current state and enables to apply bady needed patch updates NTT Group’s 2015 Global Threat Intelligence Report found that 76% of vulnerabilities are more than 2 years old, and the Verizon Data Breach Report found that some of the most exploited vulnerabilities are nearly a decade old.
Inventory and Monitor — Now that you’ve resolved old issues, you have a baseline for what you want your system to look like. Unfortunately, existing software is always changing, so staying on top of patches is critical. For example, Microsoft Patch Tuesday. And new cloud based applications are coming online faster than at any point in history. Per Forbes, worldwide spending on public cloud services will grow at a 19.4% compound annual growth rate (CAGR) from nearly $70B in 2015 to more than $141B in 2019.
What this means to you is that every employee, regardless of department (accounting, marketing, sales, etc…) wants to be as productive as possible. They are downloading and trying new applications constantly, and you’ll need to keep all of them patched and updated. Monitoring these devices, and knowing what’s on them is just the first step to keeping them secure.
Create Groups and Policies — The second step to keeping the network secure is to make your job manageable. You can’t oversee every endpoint on its own, even with cloud automation. The best practice is to create groups that require the same system setup. Once you have created groups, you can then build policies that apply to those specific groups. From something as basic as which printer drivers they can access to locking down software downloads. The best way to ensure network security is group the endpoints into manageable sizes.
Stage Critical Patches — Rolling out basic software patches typically does not present any risks to the network. However, operating system updates and security vulnerability patches can have some risk associated with them. In most cases, once a patch has been applied, you can’t roll back to a previous state. Because of this we recommend a canary environment where you can test the patches to ensure they apply properly and don’t create any unintended consequences.
Communicate — While patching rarely catches the attention of the executive team, being featured on CNN for the latest data breach does keep them up at night. It’s your tail on the line if a vulnerability is exposed. It this situation it is better to over communicate than to under communicate. With an automated solution you can use your dashboards to provide monthly snapshot reports that highlight patching activity.
If you’d like more advice on patching best practices, send us a note and we’ll work with you to create a solution that work for your situation. And if you simply want to learn more about us and how we help customers save time and money, visit us online.
As originally published on Automox.com