Picture a scenario of a network on 1000 hosts. On performing a network audit, it is found that 10 machines (servers and workstations) are un-patched. Although this might not seem like a large percentage (1%), one must keep in mind that it only takes one unprotected machine to infect and/or completely bring down an entire network.
Here are some of the potential repercussions of simply having 1 un-patched machine on the network:
- Downtime and loss of productivity due to reinstallation
- Questionable data integrity due to a successful exploit
- Negative public relations due to systems unavailable for your customers
- Legal problems should your patch management process go under a judicial microscope
Here are the simple three steps to successfully manage the patch deployment process using GFI LANguard:
- Scanning for vulnerabilities and building an application inventoryThe first step would be to establish an inventory of your organization’s network and the software deployed on it. Without a proper inventory, patching becomes a very daunting task. In addition to this, machines should also be prioritized by creating a risk profile based on their necessity to the organization. GFI LANguard ships with an applications inventory which provides a list of all applications detected during past scans.For the inventory discussed above to be populated automatically, an initial scan of all machines must be done. You can choose to run a scheduled custom scan to simply detect for missing patches and service packs. This would scan the machines to list the software installed on each one. The scan results would then save the applications detected in the scans in the applications inventory.With each new scan, any new applications which may have been installed would also be detected by the scan and added to the applications inventory. GFI LANguard would then automatically download any patches and service packs for the applications that need patching.
- Analyzing the resultsThe most important task following a network security scan is identifying which areas and systems require your immediate attention. This is achieved by analyzing and correctly interpreting the information collected and generated during a network security scan. Upon completing a scan, GFI LANguard immediately displays a scan summary that graphically displays the vulnerability level of the scanned computer or a combined interpretation of the scan results obtained following a network scan.The scan results also show a vulnerability level. A vulnerability level is a rating given by GFI LANguard to each computer after it has been scanned. This rating indicates the vulnerability level of a computer/network, depending on the number and type of vulnerabilities and/or missing patches found. Once a scan has been performed, and its results analyzed, the final step would be to remediate the vulnerabilities.
- Remediating the vulnerabilitiesOnce you have performed a scan and analyzed the results, you can now configure GFI LANguard to automatically fix some of the issues identified during your network audit. This is achieved through the built-in tools that ship with the product. Available remediation actions include:
- Auto-patch management – This remediation feature automatically downloads missing updates and deploys them network-wide.
- Applications auto-uninstall – This remediation action enables the auto-uninstall of applications that support silent uninstall. This remediation action auto-uninstalls the applications of your choice from the application inventory outlined above. The process involves a test phase (called validation) during which an application is uninstalled automatically to identify if silent uninstall is supported by target application. If it is, all the other instances on the network will be automatically uninstalled during scheduled scans.
Sometimes drastic action may be necessary to protect your organization’s network. You can always disable the machine’s account and immediately start the patch management process on this infected/un-patched machine.
If this doesn’t work, then disable the switch port that the workstation connects to or move the machine to a quarantined network. This will allow you to remediate the vulnerabilities on this machine in a confined environment, without increasing the risk of the entire network getting infected.