Although the IT security industry, rightly, focuses on "zero day" exploits that aim to make use of vulnerabilities before vendors issue a patch, in too many cases hackers and cyber-criminals are able to gain entry to unpatched systems long after the patches have been released.
Companies can cause downtime and disruption through an uncoordinated approach to patching, especially where patches are applied without testing and the necessary compatibility checks.
To minimise the risk posed by patches, companies should look at testing patches or using a patch supplier that handles testing, and quarantining the use of unpatched computers until the patches are tested.
Automating patching: a business case
Although there is a cost associated with the deployment of any patch management solution, the benefits far outweigh the investment in terms of product and/or time to implement a tool. Automating patch management reduces security risks, reduces downtime through untested updates and conserves valuable IT resources. It also helps employees to remain productive: rather than installing patches during work hours, updates can be implemented outside of this core working time automatically.
Not only does this mean that users can have their apps and machines kept up to date, the IT team does not have to be on site during those installs either. By “waking up” machines during the evening and then applying the necessary patches, IT can keep machines up to date while ensuring that desktops are powered down when not in use.
The automation of patch management provides the following quantifiable business benefits that can be used to build a business case; higher speed and capacity when it comes to managing patches; removing the patch workload from production IT systems and granular control over the application of patches to end-user systems. In addition, good patch management systems give detailed reports and alerts. As a result, IT administrators have an instant view of the health of their systems.
As every company's IT installation differs, there cannot be a single approach to patching or a single patch management system that meets all their needs. Instead, a good patch management system will pay for itself if it can be customised to fit the organisation's needs, but also makes it easy for IT administrators to create templates for common and frequent processes, as well as providing a robust patch testing regime.
Industry analysts point out that centralised patch management can reduce the time it takes to deploy patches, or update security software by up to 80 per cent. This represents a significant time and cost saving for IT. The real benefit lies less in cost and time savings, or even in improved employee productivity.
That comes from the knowledge that by automating patching systems are as secure as they can be – and that the company's systems are not exposed to attacks that could, and should, have been avoided.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.