As we reported here in the regular Advance Notification summary, Microsoft is releasing a huge slate of security updates this month – sixteen security bulletins that will address numerous vulnerabilities – but of course that’s only the tip of the patching iceberg. We run an abundance of different software products on our networks, from many different vendors, and all of them require constant vigilance just to keep the security holes plugged, not even taking into account the many non-security updates that can have a big impact on performance and reliability.
Just as an example, in October alone GFI LanGuard, a comprehensive centralized patch management solution that supports all major platforms and the most popular software applications used by businesses, added 407 updates across 35 products. Deploying these many updates company-wide is almost impossible for already overworked IT admins to effectively handle manually. Depending on individual users to take on the responsibility for keeping their machines updated can result in a nightmare, with inconsistent update levels across the organization.
Windows Auto Update might seem like the answer, but it doesn’t address all those third party applications that can introduce big vulnerabilities. Secunia’s analysis of the top security vulnerabilities last year found that over 75 percent were found in non-Microsoft programs. In fact, the number for 2013 were pretty impressive: 2289 vulnerable products containing a total of more than 13,000 vulnerabilities.
With the largest number of Microsoft security updates since 2011 staring us in the face, along with all the various and sundry third party patches, this just might be the incentive that many companies need to reevaluate their patching strategies. If you haven’t moved to an automated solution for managing the patching process, it’s time to consider how much time, money and administrative overhead could be saved by doing so – not to mention the alleviation of stress that could result in better productivity on the parts of both IT personnel and end users.
NIST (National Institute for Standards in Technology) defines patch management as “the process for identifying, acquiring, installing and verifying patches for products and systems.” In its Guide to Enterprise Patch Management Technologies,the agency notes that “organizations that can minimize the time they spend dealing with patching can use those resources for addressing other security concerns.”
Patching can consume a great deal of an IT admin’s time, but it can also cut into the work time of employees across the entire organization. When a major exploit occurs, rolling out patches to hundreds or thousands of machines with limited IT personnel can require virtually shutting down the network until the patching process is complete. And of course, doing it manually can take many hours. This down time costs the organization money in lost productivity and can even cause damage to the company’s reputation if customers, vendors, partners and others are unable to access your web sites or get email through to your employees.
An automated patch management solution can make a significant impact on the company’s bottom line. Fewer IT personnel may be required to deploy patches, and more timely application of security updates can prevent costly security breaches. The Ponemon Institute’s 2013 Cost of Data Breach Study: Global Analysisfound that the average cost of a security breach in the U.S. was $188 per record, or a total of $5.4 million. Unpatched systems provide a key vector by which malware authors and attackers can launch their attacks.
Automation also reduces the chance for human error in the patching process, resulting in better security overall – while still allowing you to maintain control over when, where and how the updates are deployed. This is particularly important for companies that operate in regulated industries such as health care, financial services, publicly traded corporations, retail/payment card industry, etc.
Just automating the patching process, however, isn’t enough. It’s important to carefully evaluate the patch management systems that are available and ensure that their features and functionality meet your organization’s needs.
GFI LanGuard goes beyond automated patching, offering a solution that is built on a solid comprehensive security foundation. It has been designed to meet regulatory compliance requirements, so you don’t have to spend frustrating hours ferreting out all the details. It incorporates full vulnerability and port scanning, so that you know where the weaknesses in your network lie. It helps you to manage the updating process for Windows, OS X and Linux machines, so that you don’t need to deploy separate solutions if you have a hybrid network environment. It even helps you to deal with the many challenges that are posed by our brave new BYOD world.
If you’re still slogging along in manual mode, it pays to check out the advantages of automation. Even if you have an automated process, this is a good time to reassess whether it’s doing the job to the extent that you need as your computing needs become more complex. A good patch management system can make those monster patch releases, like Microsoft’s November Patch Tuesday, a little less scary.