What is Patch Management?
TechTarget defines Patch Management as “an area of systems management that involves acquiring, testing, and installing multiple patches to an administered computer system.”
In other words a patch is a fix for a problem, bug, or vulnerability discovered in a piece of software and released by vendors like Microsoft and Apple. These patches fix issues as they arise between larger software updates. Patch management involves a lot of different pieces and different decisions to be made. A well run patch management system includes:
- Staying up to date on current patches available for all the systems and software you use
- Evaluating and making informed decisions on what patches to apply and when
- Ensuring patches are properly tested and applied
- Monitoring systems and software after patch application to make sure they are running as they should.
Why is Patch Management Important?
Simple - for the security of your business, network, and data. There are times when patches are released just to fix a functionality issues, but more often than not they are released to fix security issues.
As soon as a piece of software is released hackers begin their attempts to find their way into that software through holes and vulnerabilities, and there are times in which they are successful - thus the need for patches. Patches protect your network and data from ever-evolving cyber threats and can only do their job if you have a system in place to discover, analyze and apply them.
What is Vulnerability Management?
The technical definition of vulnerability management (via Techopedia) states it’s “a security practice specifically designed to proactively mitigate or prevent the exploitation of IT vulnerabilities.” Vulnerabilities are weaknesses in IT systems that can be exploited to cause harm and/or steal information. They range from software bugs, configuration problems (e.g., someone left the default admin username/admin password set on an website), physical security issues (e.g., the server room doesn’t have a door lock), and many other things. All of these are important, but the most time is spent on the first two. Software bugs are addressed through patch management, and configuration problems are largely addressed by computer management, policies, and auditing.
An adequate vulnerability management process includes:
Checking for vulnerabilities by scanning the network, firewall logging, penetration testing and the use of vulnerability scanners.
Identifying vulnerabilities after you’ve performed the above checks. The results from the scans and logs will allow your IT team to determine if an attack has occurred or if any security vulnerabilities have been taken advantage of.
Lessening the effect of the vulnerability if one is found. All of these steps occur before a patch is released or even developed so it might be necessary to take actions like finding work arounds, or taking the software offline, if possible, until a fix is developed and released.
Patching. This is where everything comes full circle and you utilize your patch management process to apply the fix to your software.
Vulnerability management is an ongoing process to ensure that your systems are safe from cyber threats and to help mitigate the damage if there is a vulnerability.
Patch and Vulnerability Management: Working Together
Hopefully through our definitions and explanations of each process you can understand why it’s not possible to have just one or the other when it comes to processes for patch and vulnerability management. Sometimes we believe that if we are being proactive we don’t need to be reactive, but when it comes to the security of your network and keeping your data safe, that’s just not true anymore.
The proactive step (vulnerability management) can’t be completed without the reactive step (patch management) and vice versa. In order to be aware of the need for a patch, you have to be aware of the vulnerability itself.
Patch and Vulnerability Management at IT Freedom
Our patch management process is constantly in motion. We are always on the lookout for new patches, and our CTO, Brian Camp, analyzes them carefully to determine what action to take. We generally perform patch maintenance the weekend after the third Tuesday of each month. We do this after business hours to provide the least amount of disruptions to clients and employees, and since we are patching systems for our clients we make sure to keep them updated on our status page.
After a device has been patched we continue to monitor it to ensure everything is working properly and if it isn’t we have detailed internal procedures to resolve any issues.
Our vulnerability management process has a lot of various pieces:
- Our patch management process
- Security policy enforcement via written procedures
- Security policy enforcement via technical controls
- Routine audits
- Use of best practices
All of these work together to ensure that all of our policies are being followed, and that we can detect and fix any vulnerabilities that come up.
Now I know this seems like a lot of information, especially if you’ve never heard of or put much thought into patch and vulnerability management. But for the security of your business they are both extremely important. If you have any questions about these processes, how to implement them in your business, or about your business’s security in general, please reach out! We love to help other Austin-based businesses!