It’s time for MSPs to rethink their software patch management strategies.
For a long time, “patching” has brought to mind operating system level patching. For many organizations, Patch Tuesday has made patching synonymous with Windows. As a result, the importance of patching at the operating system level is well understood and expected.
In general, service providers have a well thought out and executed plan for managing Microsoft patches. Among respondents to 2018 Kaseya MSP Benchmark Survey Report, 87 percent of MSPs offer OS patching and updates as a service to their customers. In addition, as OS-level vulnerabilities have risen, the OS vendors themselves have taken to automating OS-level patching.
But that doesn’t mean IT professionals can rest easy. While keeping up with OS updates remains critical, that alone is not enough. Cyber-criminals remain intent on causing trouble. Knowing that the OS vendors have gotten proactive in pushing out updates, they will shift their strategy and will progressively set their sights on third-party software.
Closing Application Vulnerabilities
The most widely used applications are the best targets. According the to the Common Vulnerabilities and Exposures index, Google Chrome, Mozilla Firefox and Adobe Acrobat Reader DC are ripe with loads of vulnerabilities. Other universally used software with numerous vulnerabilities include Apple iTunes, Oracle Java SE Development Kit (JDK), and Microsoft .NET Framework. Not all vulnerabilities are created equal and some carry higher risk for exploit and thus subsequent damage; yet many go unfixed.
The good news in all of this is that the majority of vulnerabilities can be thwarted simply by staying current with patching across Windows, Mac, and major third-party applications. But to do so effectively, IT pros must to shift their mindset on how they keep up with third-party patching.
Unfortunately, MSPs aren’t nearly as well-versed in keeping third-party apps up to date. The Benchmark Survey Results Report found that only 67 percent of respondents provide third-party software patching and updates to their customers. And many are doing so manually.
For IT admins used to managing Mac and third-party apps independently and manually this introduces a new minefield. Manual patching and updating has never been a best practice. At best it creates excess work that often just does not get done. More often than not, however, it increases vulnerability.
Holistic Patch Management
The answer lies in taking a holistic approach to patch management with an end goal of software and vulnerability management. A solution is needed that features unified management across all work streams, comprehensive visibility of multiple of interfaces, and scalable automation that provides administrators with critical control via profiles and policies.
It’s time to modernize your patching practices to auto-accept all patches across Windows, Mac, third-party applications while allowing for exceptions like those with known issues, patches likely to impact your environment, and those with conflicts on legacy applications.
Only then can you take the necessary and tactical steps like reviewing and testing exceptions in a lab, locking out end-user access, deploying patches using active change management, and ultimately actively managing endpoints.
Bonus: Learn more about how a modern, comprehensive software management strategy can reduce vulnerabilities and help you grow your business.
Miguel Lopez is senior VP and general manager of Kaseya. Read more Kaseya blogs here.
