Why is proper patch management crucial for your network security?
Software security vulnerabilities are the most common way through which malware penetrates your network. While antivirus solutions are detecting and removing malware once it is detected on your system, security patches are aimed to close the doors that malware can use to reach to your system.
The large majority of security vulnerabilities can be fixed by applying the latest patches provided by software vendors. We would never have heard about a lot of popular malware if patches had been applied in time. For example, the Conficker worm was first discovered in November 2008 and during 2009 it continued to spread, infecting an estimated 9 to 15 million computers worldwide, even though Microsoft released a patch that fixed the vulnerability exploited by the worm in October 2008!
Therefore having a proper patch management system that ensures you have the latest security patches applied on your network in time and with minimal effort is extremely important. Making use of an analogy with the automotive industry, applying the latest patches is for network security what the replacement of used brake pads is for driving safety: a maintenance task that requires some time and some money, but not doing it will end in causing damage that will cost much more time and money.
Why use GFI LANguard?
Microsoft and other software vendors have auto-updating systems (like Windows updates) that are designed to help users apply the latest patches. This is a solution that works fine for home users or for a 3-5 computer network.
However in larger networks there are a couple of reasons that makes this impractical. Administrators do not have an overview of what patches were installed on which machines, they are not notified about update failures and they cannot control which patches will be applied and which will not. Sometimes patches can have bugs or enforced security can prevent some applications from working. It is important to install them in a test environment and make sure that business critical applications are working fine before deploying them in the production environment.
Windows Server Updates Services (WSUS) is a free product from Microsoft that helps administrators to manage Microsoft updates in their network. By using this tool administrators can manage what updates, when and on which machines these need to be deployed. They are able to view the patching status of each machine from the network. Additionally the patches are downloaded only once for the entire network and stored to a central repository.
The weak points of WSUS are that it only installs on Windows servers, it is quite difficult to install and configure and it only supports Microsoft updates.
GFI LANguard is a very straightforward product to install, configure and get running. It installs on both servers and workstations and it can be used to deploy Microsoft updates as well as custom software and scripts.
GFI LANguard 9.5 comes with a new important feature for patch management. It has inbuilt support to automatically detect, download and deploy patches for non-Microsoft applications. You can use a single central console to manage security patches for all Microsoft products and patches from other vendors like Adobe, Mozilla or Oracle (and the list of supported products is continuously being expanded).
Moreover GFI LANguard is unique on the market because it is more than just a patch management tool. It also provides full vulnerability assessment and network and software audit, acting as a virtual security consultant for your network.