Why patch management is your most important IT-security activity in 2022

Konsultbloggen, 2022-04-21

Patching software and restarting your client device sure is a nuisance. You didn’t ask for it, it takes time, you ‘re busy with other tasks, applications need to be closed and so on. The same counts for server admins. And that’s why a lot of recommended patches remain ignored.

Server patching requires more than just applying a patch. First you need to know exactly what hardware and software assets remain in your IT-environment. Because of the simple fact that you can’t manage & protect things you don’t know exist in your environment.

What is patching and why is it necessary?

Cybercriminals discover new weaknesses in hardware and software that were never meant to be, we call them vulnerabilities. Those vulnerabilities are then included in automated scans and intrusions within 48 hours after detection. Often by affiliated cybercrime gangs. Renown vendors like Microsoft, Cisco, SAP, VMware, Citrix must be attentive for such so-called zero-day vulnerabilities, and react against the clock to provide a fix to disable the vulnerability in their systems.

The other scenario is when the same renown vendors are fixing known weaknesses and release them regularly (i.e., Tuesday patches by Microsoft on a monthly basis). What happens then is that cybercriminals will reveal the patched weakness by using reverse engineering. Within 48 hours the hackers’ world will have identified the weaknesses and will include those in their automated attacks, and hack systems that aren’t patched yet.

Indeed, that’s how fast it goes in 2022. This means you need to have applied patches within 48 hours on all affected servers and/or systems.

Let’s start with a definition

Patches are software corrections changing the code of existing programs, operating systems and firmware to fix potential security vulnerabilities or other issues. Patches are designed and tested and can then either be applied by a human programmer or by an automatic tool. Several kinds of patches exist: hotfixes, security patches, service packs, etc.

“Don’t underestimate the importance of patching your software and make sure all patches are up to date”
Erik van Woerkens, Cybersecurity specialist/strategist CAG Engvall Security
Erik van Woerkens, Cybersecurity specialist/strategist CAG Engvall Security

Requirements for an effective patching strategy

Patches should be applied following a few best practices. When you start your patch management process, and you don’t do things correctly, it can disrupt your business applications, and cause harm in your organization.

  • Asset & configuration management – Network, device, and software inventory: make a thorough and accurate inventory of your entire infrastructure. This will include every device on the network, which other devices it will connect to, the operating systems and applications in use, and what versions you have of each hard- or software component. This is a prerequisite for being able to recognize systems that are eligible for the new patch. The inventory should mention if systems are internet-facing and know which systems contain sensitive information. The inventory should be kept up to date by running periodical scans. Scanning is most effective when discovery tools are used; many exist, both free or at a cost.
  • Patch policy – Many just rely on a message from the vendor or IT-partner to get notified about a new patch. But shouldn’t you keep an eye on new patches being released, and if they correlate to one or more of your systems? Therefore, you need a patch policy: it describes how your organization can identify new patches for corresponding assets in your inventory. Again, this isn’t possible without first having an accurate and up-to-date hard- and software asset inventory on hand.
  • Patch process – this is where the need for applying new patches is being confirmed, the patch is being tested in a staging environment, approval is done, and the actual activation of the patch is being planned. The patch process will need integration with change management (CAB – change advisory board in operations- or CCB -change control board in projects-) for approval and planning. Measuring and reporting the effectiveness of patch reporting is recommended.

Patch management best practices

Don’t underestimate the importance of patching your software, servers, and operating systems. It will save your organization from hackers entering an open backdoor in IT and getting access to your entire network and data.

Make sure all patches are up to date and give priority to internet-facing systems & systems containing sensitive data. By having an effective patch management, you will be able to save your company from being the next victim.

Vid pennan/ Erik van Woerkens, CAG Engvall Security

Bolag: CAG Engvall Security

Grundat: 2011, del av CAG sedan 2017

Branscher: Försvar, Myndigheter, Handel & Tjänster, Bank & Finans, Industri, Hälsa & Vård

Specialistområden: IT- och informationssäkerhet

Passion för utveckling: Att hela tiden ligga steget före och utveckla säkra och trygga lösningar för våra kunder.

Adress: Kungsgatan 37, 111 56 Stockholm

Kontakta oss om du vill veta mer

Annika Rogneby

Sälj- och Marknadschef

CAG Group

Fredrik Börjesson

VD

CAG Security

+46 (0)76 181 12 04

Jonas Axelson

Konsultchef Karlstad

CAG Security

+46 (0)70 609 25 54