Patch management is a problem that every organization faces daily. And in 2022, there was no shortage of large well-known organizations that experienced security breaches. From Uber, Cash App, to Twitter - the common thread among all of these attacks was an unpatched vulnerability. Even if you have a patch management strategy in place, it’s easy to miss a step and potentially leave your environment vulnerable. As more and more companies look to introduce autonomous patching solutions, it further highlights the challenge of adequately patching.
The difference between a successful patching strategy versus an unsuccessful one usually comes down to creating the best workflow for your environment. The best way to imagine how your workflow should work is a train system that is able to move at a sufficient speed, stop at each required station, and be able to have maintenance performed on it. When you consider your workflow, the easiest way to think about it is to break it into two parts: preparation, and execution.
Preparation:
- Consider your current environment setup. How many endpoints do you have, how many locations do you have, what applications are you using, etc.? Going blind with patching has a lot of potential negative implications. Imagine having a suite of security tools and only patching the one that notified you of an update and not doing the same for the other products - that means you're only partially protected.
- After getting a comprehensive asset inventory, start to catalog and scan for your current vulnerabilities.
- Start to group endpoints into logical groupings: geography, business unit, risk profile, etc.
- Have patching criteria in place. Prioritize things like your operating system and system tools first, but also be aware of applications that are high risk. The last thing you want to happen is a repeat of Log4J.
Execution:
- Once you validate the patches required, then it's time to deploy the patch itself. Whether that is a slow-phased approach or enterprise-wide will depend on the application and its risk level. If it’s successful, then congratulations. If not, then you need to begin the troubleshooting process.
- Review the error you’re receiving and consult documentation to fix the error and deploy again. Especially when it comes to manual patching. Failed manual patches are a regular occurrence.
- Document and monitor the changes and ensure your logs are kept up to date that the applications have been successfully patched.
- Autonomous patching solutions will provide reporting capabilities that allow you to review your patching in real-time, what failed, remediations for successful deployments, as well as control to stop or pause a deployment and roll-back capabilities.
Post Deployment:
- Find opportunities to iterate on your patch deployment. What went right, what went wrong, and how can you make what went right repeatable and scalable. Were there endpoints that consistently failed to patch, users that postponed deployments and reboots? All essential points to consider to make your deployments go smoothly.
- Your patching workflow plays an important role in your endpoint patching process and needs to be handled with care from start to finish. Use the information outlined in this article to help build that roadmap and start successfully deploying your patches.
Struggling with third party windows patching? Check out Adaptiva's OneSite Patch and see how easy it is to create and execute patching strategies.