• Latest
  • Trending
How To Improve Patch Management

How To Improve Patch Management

December 7, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Tuesday, 7 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

How To Improve Patch Management

by ITECHNEWS
December 7, 2021
in Opinion
0 0
0
How To Improve Patch Management

For security teams, managing vulnerabilities is a necessary task. Everyone in IT knows how critical patches are to prevent breaches, and we have days every month devoted to the latest slew of updates from major vendors. We can set our calendars by them.

Yet patching well is still hard for many enterprise IT teams, and there are still problems to overcome in practice.

YOU MAY ALSO LIKE

Making Biometrics Work: 3 Ways To Jumpstart the Process

How to prevent cyberbullying: Keeping students safe

The first problem in patch management is not any individual patch but the volume of issues that now come through. Looking at CVE software vulnerability release data, there were 18,325 issues made public in 2020, while 2021 has already seen 14,525 in nine months. Each of these updates will vary in severity, distribution and within company IT asset inventory.

While some patches cover issues in very niche products, others will be widespread and have a global impact. However, you can’t be sure that everything is up to date and secure without a complete and accurate list of IT assets and inventory to show which patches are needed and which ones have to be deployed. Your patching strategy is only effective if you have complete visibility; otherwise, you can’t prioritize when it matters.

To solve this, look at how you record your asset inventory and ensure it covers every IT asset, from desktops and mobile phones to cloud implementations, containerized applications, and other devices connected to the Internet of Things or operational technology networks. Anything that can be connected to your network, or that is used by an employee for work, should be on that list. Once you have this, these assets and patches can then be prioritized accordingly.

The second issue to look at is the patching process itself. While your security team may do a great job of notifying the business when patches are needed, they will not carry out the patching themselves. This will be delegated to another team or individual, and it is up to them to promptly put the patch in place.

“Your patching strategy is only effective if you have complete visibility; otherwise, you can’t prioritize when it matters”

If you don’t have insight into their patching process, then make that a priority. This will help you see where efforts are placed and understand the KPIs or SLAs to which they work. If those SLAs are the issue — for example, they are measured on the uptime of assets, and patching puts a dent in that — then work with them to change the SLA.

The third problem that commonly affects organizations around patching is when the team responsible for managing those assets is outsourced. Outsourcers work to a specific contract, and they can be doing the job they were brought in to do, even though it leaves potential gaps in security. Those companies will have their own change management processes for patches to go through and their own metrics and SLAs in place. A contract with inadequate service definitions can increase risk, while poorly configured change management can lead to excess time spent on approvals rather than getting patches out and applied.

This is another case where getting security involved early in the procurement process can save time and reduce risk overall. By understanding how these outsourced teams will operate — and how their success will be measured — you can work with them more effectively. If possible, you can also ensure that their scope of work is correct and that their SLAs are designed to promote efficient patching.

Automating the patch process where possible is another good way to streamline things. Rather than relying on manual work, automation can split out patches based on their severity, priority, product and deployment time. For simple issues in non-critical applications or where patches are trusted, such as applications like iTunes or Google Chrome, these can be automatically applied. More critical patches that need testing can be carried out and then automatically implemented across systems. Similarly, issues that have exploits or ransomware attacks against them can be prioritized and automation used to ensure patches are in place as soon as possible.

Patching is essential, but yet more patches will be due each month, and extra releases will threaten security. Good processes and effective metrics can make patching more effective to reduce risk, improve security and make life easier for everyone. To improve this, look at creating a patching cycle that continuously updates your inventory, manages priorities and delivers updates, rather than dealing with each one at a time.

Paul Baird Chief technical security officer, Qualys

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version