Using Patch Management as Your First Line of Defense

Cybersecurity continues to be a top concern, not only among managed service providers, or MSPs, but also for the small business clients they serve. In light of recent cyber attacks and the advancements of current ransomware strains, your responsibility, as an MSP, to maintain secure environments has increased dramatically over the past decade.

Author: Datto’s Michael Bienvenue
Author: Datto's Michael Bienvenue

Did you know that offering patch management as part of your MSP bundle can provide you and your clients with the first line of defense against ransomware attacks? According to Gartner, the goal of proper patch management services is, “to mitigate the risks of security breaches or performance issues by standardizing the patch management processes across the entire organization.” Building a service around patch management offers an opportunity for  MSPs to expand their offerings, but it requires a combination of program process documentation and technology toolsets to deliver effectively. MSPs should position it to their clients as an on-going and comprehensive discipline, not a short-term project.

Here are six simple steps MSPs can take to ensure patches are correctly set up for clients.

  1. Define a baseline of compliance across the managed environment and determine the minimum versions of required business applications that need to be in place.
  2. Identify any gaps and a path to remediation. Confirm that targets have verified backups, especially if they are devices vital to operations such as servers, and ensure you spend time with your client clarifying the risks associated with other business applications. You should also map out the contingency plan in the case where patch deployment fails or causes a disruption.
  3. Test your client’s patches in a sandboxed environment or against a small population of risk-tolerant devices.
  4. Following the successful deployment of the patches in question, re-evaluate the environment and confirm compliance.
  5. Identify non-compliant anomalies and build a follow-up plan to remediate.
  6. Report the results to any stakeholders.

All stakeholders should understand the frequency of updates, the targeted devices subject to receiving updates, and how to define and measure compliance. Leveraging the power of a fully automated, policy-based platform, like Datto RMM, will position MSPs to systematically deploy patches for typical business applications as soon as they become available helping to close the window of exposure for known and zero-day vulnerabilities. Datto RMM also generates easy-to-understand reports, bringing clear visibility to the sites and devices with the highest risk.

High-profile attacks, like WannaCry, raise awareness among businesses and MSPs are often the ones looked to for providing the strategic guidance and tactical measures to secure the IT environments for their clients. MSPs need to approach their client security engagements thoughtfully and being able to have a conversation, backed by data, further establishes the MSP as a strategic partner who is proactively looking to prevent downtime and maintain the clients’ best interests.

Learn how a Remote Monitoring and Management system can help ensure data security for your clients in our eBook, RMM Made MSPeasy.

Michael Bienvenue is product marketing manager at Datto Inc. Read more Datto blogs here.