Tuesday, August 20, 2013

Cyber Security: Patch Management

Todd Wheeler, consultant for Invensys Critical Infrastructure & Security Practice, discusses the importance of patch management and what to look for in patch management solutions.

 

Patch Management

Patch management is a critical part of maintaining the security posture of your systems and network. The patches that operating system and application vendors release help mitigate the known vulnerabilities of a continuously evolving threat landscape that malicious malware exploits. Unfortunately, patching vulnerabilities is often treated in an inconsistent manner. In many networks, systems are patched once before they are brought online and are rarely updated, if at all, as new patches become available. In these environments, there is no clear patch management strategy. Systems are manually updated one at a time. Sometimes update schedules are missed or systems are ignored. As a result, systems will be at different patch levels with different threat vulnerabilities. It’s only a matter of time before one of these systems becomes compromised and shuts down a critical process, or worse, causes an entire facility to go offline. Most security breaches are the result of a vulnerability caused by a missing patch on any given system in the network. With this in mind, it is critical that a unified patch management strategy should be set in place.

Listed below are 4 key elements to look for when deciding on the application control of your patch management solution:

  • Single administrative point-of-contact for hosts: The only way to have an effective patch management program is by choosing an application that can automate as much of your required host scans and patching as possible. This application will reside on a single server that all hosts in your network will have access to and provide a single unifying interface for interactions within the network.

  • Customization: While no patch management application will cover 100% of your needs, it should provide some degree of customization to where you can make it perform the task you need it to do. You should be able to customize what type of scans you need to perform, whether it’s by OS type, systems in a particular location or function, select vulnerability scans, or only to deploy certain patches.
  • Robust reporting: An effective patch management application should provide robust reporting so you always know what your security posture is on any system or groups of systems on your network. Whether you are dealing with internal policies, or external requirements like PCI, HIPPA or NERC-CIP, a good patch management solution makes it easy to remain in compliance, making certain all systems are up-to-date.

  • Vulnerability scanning and remediation: The primary reason to have patch management is to keep up with security updates. Patch management applications should be able to scan for and report vulnerabilities. From a centralized interface, administrators should be able to remediate these vulnerabilities by quickly pushing the updates to a single system or a group of systems and receive real-time feedback whether the updates have been successfully deployed or if there were installation failures.

By having the right patch management solution in place, systems are kept up-to-date with relative ease. But as critical as patch management is to the function of any business, it should not be your only line of defense; it should be part of a layered vulnerability management framework. With this framework in place, your business is safe from most threats.
 


No comments:

Post a Comment