Patch management causes headaches. Just ask any IT manager or sysadmin! How do you keep all your systems patched against the never ending onslaught of security vulnerabilities? If it seems like a constant battle, that’s probably because it is! But there’s hope. Having the right patch management strategy in place and defining policies and processes that everyone understands and abides by can help make things more manageable and reduce risk. In this article we briefly discuss 6 steps to consider for developing a good patch management strategy.
1. Know what you’ve got
This is number one on my list for a reason. If you don’t know what you’ve got, how do you know what you need to patch?
Scan your network and create an inventory of all your machines, software and devices. Periodically re-scan your environment to make sure the inventory is up to date.
Additionally, consider working towards a streamlined and standardized environment. The less you have, the less you have to worry about patching and the easier your life will be.
2. Assess the risk
Once you know what you’ve got, you need to assess the risk associated with each identified vulnerability that is applicable to the systems and software in your inventory. Think about the severity, the scope and the cost of mitigating or recovering from the threat.
3. Prioritize deployments
After assessing the risk, you’ll be in a position to determine the patch deployment lifecycle and prioritize which systems should be patched first. Systems that are mission critical and patches that fix major vulnerabilities should be top of the list.
4. Draw up a patching policy
A policy that documents who is responsible for the patch management process, what should be patched, when they should be patched, and how they should be patched plays an important role in your strategy.
The policy should cater for a formal change management process for the deployment of patches but be flexible enough to accommodate ad-hoc patching needs. This will allow for there to be a formalized consistent process that IT staff can follow and also cover your back if something goes wrong during the patch deployment process. Change management means there is an audit trail that you can go back to.
5. Test the patching policy
Perform a dry run of the entire policy to make sure everyone knows the what, who, when and how of your organization’s patch management strategy. Iron out any issues that you discover during the testing phase.
Before deploying into production, always test the patches in an environment that mirrors your production environment.
6. Execute the patching policy
Finally, execute the patch management policy and document the lessons learned so you know what you can do better next time. Remember to continuously review and maintain the policy.
7. Tools to use
Of course having the right strategy is just the first step and you need the right tools to execute your plans. This is where the newly launched GFI OneGuard can help. It’s one solution which not only covers your resource and patch management but it also has a business antivirus powered by Kaspersky Lab. With GFI OneGuard you can not only execute your patch management strategy and keep your business malware free but it also offers a suite of reporting capabilities, messaging your users to keep them informed of outages or other issues and possibility of remote shutdown/reboot of a machine. Try out GFI OneGuard for 30 days today, and see how it can help you take full control of your security needs.
Patching is only one piece of the security puzzle, but it contributes considerably to limiting network vulnerabilities and preventing attacks. Get it done right and you are on your way to reducing the chance of your organization falling victim to an attack and the potential financial and reputational loss associated with it.