• Latest
  • Trending
How To Improve Patch Management

How To Improve Patch Management

December 7, 2021
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 10 June, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

How To Improve Patch Management

by ITECHNEWS
December 7, 2021
in Opinion
0 0
0
How To Improve Patch Management

For security teams, managing vulnerabilities is a necessary task. Everyone in IT knows how critical patches are to prevent breaches, and we have days every month devoted to the latest slew of updates from major vendors. We can set our calendars by them.

Yet patching well is still hard for many enterprise IT teams, and there are still problems to overcome in practice.

YOU MAY ALSO LIKE

Making Biometrics Work: 3 Ways To Jumpstart the Process

How to prevent cyberbullying: Keeping students safe

The first problem in patch management is not any individual patch but the volume of issues that now come through. Looking at CVE software vulnerability release data, there were 18,325 issues made public in 2020, while 2021 has already seen 14,525 in nine months. Each of these updates will vary in severity, distribution and within company IT asset inventory.

While some patches cover issues in very niche products, others will be widespread and have a global impact. However, you can’t be sure that everything is up to date and secure without a complete and accurate list of IT assets and inventory to show which patches are needed and which ones have to be deployed. Your patching strategy is only effective if you have complete visibility; otherwise, you can’t prioritize when it matters.

To solve this, look at how you record your asset inventory and ensure it covers every IT asset, from desktops and mobile phones to cloud implementations, containerized applications, and other devices connected to the Internet of Things or operational technology networks. Anything that can be connected to your network, or that is used by an employee for work, should be on that list. Once you have this, these assets and patches can then be prioritized accordingly.

The second issue to look at is the patching process itself. While your security team may do a great job of notifying the business when patches are needed, they will not carry out the patching themselves. This will be delegated to another team or individual, and it is up to them to promptly put the patch in place.

“Your patching strategy is only effective if you have complete visibility; otherwise, you can’t prioritize when it matters”

If you don’t have insight into their patching process, then make that a priority. This will help you see where efforts are placed and understand the KPIs or SLAs to which they work. If those SLAs are the issue — for example, they are measured on the uptime of assets, and patching puts a dent in that — then work with them to change the SLA.

The third problem that commonly affects organizations around patching is when the team responsible for managing those assets is outsourced. Outsourcers work to a specific contract, and they can be doing the job they were brought in to do, even though it leaves potential gaps in security. Those companies will have their own change management processes for patches to go through and their own metrics and SLAs in place. A contract with inadequate service definitions can increase risk, while poorly configured change management can lead to excess time spent on approvals rather than getting patches out and applied.

This is another case where getting security involved early in the procurement process can save time and reduce risk overall. By understanding how these outsourced teams will operate — and how their success will be measured — you can work with them more effectively. If possible, you can also ensure that their scope of work is correct and that their SLAs are designed to promote efficient patching.

Automating the patch process where possible is another good way to streamline things. Rather than relying on manual work, automation can split out patches based on their severity, priority, product and deployment time. For simple issues in non-critical applications or where patches are trusted, such as applications like iTunes or Google Chrome, these can be automatically applied. More critical patches that need testing can be carried out and then automatically implemented across systems. Similarly, issues that have exploits or ransomware attacks against them can be prioritized and automation used to ensure patches are in place as soon as possible.

Patching is essential, but yet more patches will be due each month, and extra releases will threaten security. Good processes and effective metrics can make patching more effective to reduce risk, improve security and make life easier for everyone. To improve this, look at creating a patching cycle that continuously updates your inventory, manages priorities and delivers updates, rather than dealing with each one at a time.

Paul Baird Chief technical security officer, Qualys

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version