Never miss security updates again: Master patches in 10 steps
by Tina Siering
In many cases, vulnerabilities in applications are responsible for cybercriminals gaining access to corporate or organizational networks. This is usually remedied by patches that close security gaps and thus play a key role in protecting your data from successful hacker attacks. However, many companies neglect patch management, often due to a lack of time or resources, opening the door for cybercriminals to access sensitive company and customer data. A serious mistake that can be avoided with optimized vulnerability and patch management.
Poor patch management: these are the reasons
In a study by the U.S. Ponemon Institute, 57% of the cyberattack victims surveyed said that the successful attack could have been prevented by an existing patch. What is particularly astonishing is that 34% of the attacked companies apparently knew about the security vulnerability but had not fixed it. Why?
One reason why companies do not take timely action against known vulnerabilities could be the ever-increasing number of security holes. As Info Security Magazine reports, over 18,000 CVEs were registered in the Common Vulnerabilities and Exposures CVE referencing system in 2020. This means that, on average, 50 new vulnerabilities will become known every day. It is therefore becoming increasingly difficult for IT managers to keep track of the CVE jungle. And given the rapid pace of development of new technologies, it is to be expected that the number of potential vulnerabilities will continue to increase in the future.
In addition, patching is often time-consuming. But it's not just small and medium-sized companies that struggle to implement efficient patch management - even large corporations don't always manage to patch security vulnerabilities promptly and, above all, in good time after they become known. Recently, Microsoft users were again threatened by two critical security vulnerabilities: the zero-day vulnerability "Follina" in the Microsoft Support Diagnostic Tool and a vulnerability in Windows Active Directory.
The patch release - the starting signal in the race against the hackers
The more days that pass before a patch is released, the higher the risk of a successful hacker attack. Cybercriminals are just waiting for a vulnerability in a system to become public so they can exploit it for their criminal activities. Then, if you don't act fast enough and patch the vulnerability, the hackers will win the race against time.
Be aware that cybercriminals are taking less and less time to execute an attack on a new vulnerability. Sometimes only a few days pass between the disclosure of the vulnerability and the attack. In quite a few cases, word of the vulnerability is already spreading in criminal circles - even before it is made public.
Scanning tools such as nmap or Shodan can help hackers find attack vectors and, in the worst case, define potential attack targets. , hackers are that crucial step ahead of you at this point and use this time for effective malicious code development. Exploits are sometimes sold or rented on the darknet for large sums of money, making them accessible to ransomware groups.
10 basic steps for effective patch management
In order to roll out patches within the shortest possible timeframe, you need good patch management. The faster you can apply a patch, the more resources you have to identify, classify and ultimately eliminate further security problems. If you are dealing with a large corporate network, it makes sense to entrust an entire team with patch management. In any case, however, it is necessary to define a precise plan of how a patch should proceed step by step.
In the following, we will show you how to lay the foundation for effective patch management in 10 steps:
First, get an overview of all devices, applications and operating systems within your network. You should also include software licenses and versions in the inventory. This will prevent older, unused systems and assets from being overlooked and not maintained.
Categorize your devices and systems according to the security risks they pose, including user roles. Evaluate each vulnerability and determine the urgency of each patch.
Determine how, when, and how often to patch. Ideally, define an individual patching schedule for each system and record the frequency, priority, and scope of the different patches. Alternatively, you can define groups of systems and develop valid schedules for them. You should also schedule maintenance windows outside of working hours to avoid operational downtime.
4. Information gathering
Find out about the current vulnerabilities of your applications and keep up to date regularly via reliable news feeds. Furthermore, pay attention to the patch cycles of the manufacturers
5. Test the patches
Before the actual rollout, you should test whether a patch has no negative impact on your systems. Check compatibility on a separate test environment and look for malfunctions.
Document all changes made by a patch. This ensures that you can react quickly if the patch causes system problems despite extensive testing.
Apply the patch, following the guidelines you defined in step 3.
Check whether a patch rollout worked smoothly or may have failed. For example, check incoming helpdesk messages in this context.
Produce reports to demonstrate patch compliance of your systems and devices to customers and partners.
10. Evaluation and optimization
Evaluate each patch process and take steps to optimize patch management. Continually review your schedule and adjust it as needed to reflect current developments. You should separate technically obsolete devices.
Proper patch and vulnerability management is extremely important for your IT security and should not be treated carelessly. However, the abundance of security vulnerabilities and the high time required for a patch (in combination with a lack of resources) make it increasingly difficult for companies and organizations to close the security gaps in their systems promptly and thus on time. To ensure that you have your security updates under control, you should work out a patch management system that will enable you to reliably meet these challenges.
This may initially require a trained view from the outside in order to reliably assess the status quo of IT security vulnerabilities throughout the company. Allgeier secion offers this in the form of a full scope security audit, in which IT experts review the current status of your cyber security and draw your attention to technical, organizational and process-related weaknesses. In the process, you also receive concrete recommendations for action on how you can improve your patch management or plan it from scratch. A prioritized catalog of measures provides quick orientation and helps you to address the security-relevant topics in the order of their urgency.