[BreachExchange] Why Software Patching is Essential in Today's World

Inga Goddijn inga at riskbasedsecurity.com
Mon Mar 21 18:07:10 EDT 2016


http://www.hstoday.us/columns/best-practices/blog/why-software-patching-is-essential-in-today-s-world/4372316b36c76e7989cb1eaadeb7f5e9.html

A few years back, business came to a grinding halt for a European
supermarket chain when it was infected with the Conficker virus. The virus
caused the system to slowly use up all the system resources at more than
500 stores and 20,000 devices until they all stopped working, leaving all
the company’s stores virtually in the dark. Worse, the virus was able to
remain in memory and allude the incumbent antivirus solution, leaving
lasting effects from this a very nasty virus for the company.

An effective patch management process, in addition to antivirus solutions,
can proactively close the holes that are so often used by hackers to gain
access to data. While an antivirus solution will always be needed, patching
is equally as important, if not more so.

Antivirus solutions don’t actually stop viruses from infecting your system,
they merely clean them after delivery. In the supermarket example,
contractors were hired to manually connect to each device and clean the
virus using tools provided by its existing antivirus company. After more
than 10,000 hours of overtime and countless hours of change management, the
system was presumed clean of the virus.

But, they didn’t install the latest patches, so after all this, the company
still wasn’t safe. One week later, the virus, still lurking in exposed
areas of the system, spread through the system again. The company had to
repeat the remediation process. This time, each system was patched to
ensure the virus was properly held at bay.

*Avoiding doomsday scenario with proper patching *

The first step in protecting a system is to set a strategy for regular and
effective patching along with an antivirus protection plan. Guessing on
timing or randomly downloading patches will result in bad, or ineffective,
patching. Companies that do not have a fully supported patching policy
often end up blaming the product for the problem. If they had deployed the
patches with proper testing, they could have avoided this negative
perception. Look for the right solutions partner or patch service to help
you set up a regular patch policy and toolset that fits your company.

*How to start patching effectively*

There are a few steps to follow to get your company’s infrastructure to
where it needs to be – safe from exposure and running as efficiently as it
can:

*1. Scan and identify missing updates, then rank them by risk*. Be
proactive. You want a safe environment and optimum performance with your
machines; filling in the gaps of missing updates by maintaining patch
policy will get you there. Start by scanning and identifying updates on
endpoints. Your solutions partner can help you detect what is missing on
what device, no matter where your endpoints are. Don’t leave out any
devices under your Bring Your Own Device policy. Those users could
unknowingly expose the company to exploitation and viruses. When they come
back to the office, the infection spreads to the network and – boom – a
cyber-attack happens.

To rank which patches you need to tackle first, use severity and exposure
to prioritize the order of which patches to deploy first. You can look to
the Common Vulnerability Scoring System (CVSS), a free and open industry
standard for assessing the severity of computer system security
vulnerabilities to help you determine which risks get patch priority. The
Department of Homeland Security uses CVSS score when reviewing specific
risk to business structure and networks.

*2. Test before deploying companywide.* Before you set off into deploying
patches, you’ll need a testing strategy. Not all patches are the right
version for your devices and software. Identify those that most
appropriately match, then make a few test runs to be sure all will run
smoothly. First, don’t start with your own device; you’ll need it to
correct any issues. Second, check to see if the patch has an uninstaller –
one of the most important things in any testing strategy. If the patch has
no method to uninstall, you have to do extra tests. Next, communicate that
you’re about to update and give your coworkers the instructions they need
to follow to ensure the patch is successfully deployed. Just to make sure
it did, watch the installation run on a colleague’s machine. Finally,
always test with an open mind. Take note of what happened, what failed,
what needs to be tweaked. If you see a failure after deploying the patch,
you should go back, uninstall the patch and reinstall it. Investigate if
the issue is in the hardware, device or the software.

*3. Schedule patch deployments to suit your business.* Don’t wait until you
have the IT hours to implement a round of patches. Set a specific day each
week, or month at the least, to deploy any necessary patches and stick to
it. Make this time a priority in order to save your company time and
expense in correcting the problem after a breach has occurred.

*4. Report any repair activity and patch deployment success*. Reports that
show any breakdowns and what was done to repair them are especially helpful
in determining how the next patch will go. Reporting on your success has
many benefits, too. You can show company leaders where you were, how
dangerous things were, and let them see the success and increased security
as each patch clears. Without the reports, you have no tangible evidence
and return on investment. You and your team are doing a great job – reports
can show measurable success and efficiency helping you get the recognition
your team deserves for saving the company from risk and from financial
inefficiencies.

*5. Design an efficient remediation plan.* If something goes wrong, you’ll
need a remediation plan based on your reports. The reports will also guide
you in providing repair information to help you complete change management.

Antivirus solutions alone will not protect you from a security breach.
Adding an effective patch management strategy is the key to keeping your
data and your company safe from cyberattacks and running efficiently. Avoid
a doomsday scenario with proper patching, so your company won’t be left
with a crippled infrastructure exposed to unnecessary risk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160321/ecf73bb6/attachment.html>


More information about the BreachExchange mailing list