Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in operating systems, application software and firmware. Although patches can serve other functions such as adding new features to products, patches are used most often to mitigate software security vulnerabilities.
Although the practice might sound straightforward, patch management is not an easy process. In today's computing environment, it's an increasingly complicated, never-ending cycle, that can create big challenges for IT staff.
At the same time, patch management is also an essential, fundamental part of protecting company IT assets from attack. Gartner’s 2017 white paper Technology Insight for Patch Management Tools reports that a whopping 99% of exploits are based on well-known vulnerabilities, many of which have patches that fix them. So regardless of any other security measures may be in place, if an organization doesn’t develop a strategy to overcome their challenges with patching, they can’t effectively protect their network against security compromises—even ones that were preventable.
Common issues associated with patching
With all of this said, in most organizations, patching is still performed poorly for a variety of reasons:
Too many patches. The sheer number of software vulnerabilities and related patches is second to only the number of unique malware programs released each day. For example, an individual operating system or application may have hundreds of new vulnerabilities each year, each of which needs to be patched. Moreover, almost every program has a different frequency and patching method.
Patches can break things. IT staff often worry that applying any patch -- even a critical one -- can bring down their system. Patches can sometimes close ports, disable critical pieces of infrastructure, crash or otherwise cut off the availability of systems their organization needs to operate.
Patching can interrupt operations. Most patching processes involve either stopping and restarting the affected software—or a complete reboot—which can mean lost productivity. On top of that, many patches are huge, often into the gigabytes. Patching a large number of systems all at once can overwhelm a network.
Patching is time-consuming. Taking the time needed to evaluate, test, deploy and document all required patches takes time away from more value-add activities. It’s easy to push aside software updates and patches because of the number of projects that are always being managed with tight deadlines. The IT workload has to give somewhere—and the obscure job of software maintenance often gets neglected.
Timing is everything
Patches—especially critical security patches—should be implemented as soon as possible after they’re released. However, the issues cited above lead some organizations to apply patches too slowly; or, worse yet, to not apply them at all. Once the vulnerabilities have been disclosed, it’s only a matter of time – sometimes only a matter of hours– before attackers use that information to devise exploits. For whatever length of time goes by between a patch release and when you install it, your systems will be in a “zero-day” state.
Solving patching issues
Now that you understand the importance of patching, don’t let obstacles stand in the way of employing this critical security practice in your network. Getting beyond them is easier than you think. As part of our Managed IT Services Program, the burdensome job of managing patches is automated and verified. Our industry-leading patch management tools take ownership of the process, improving your security and ensure your IT systems remain compliant. By including services like pre-deployment testing, and blacklisting of problematic patches, our program is designed to take the biggest headaches associated with patching off your plate. Patch distribution can be customized and set at levels that provide the best strategy for your applications and infrastructure, regardless of where systems are located. Deployments are also built around your operations and scheduled so that fixes are applied at a time that won’t disrupt your employees and businesses operations. When it comes to getting patching right, time is not on your side; so, don’t delay.