Patch management is one of those security measures that doesn’t get as much attention as, say, antivirus software or firewalls. Yet, applying security patches can help stave off advanced cyber threats and prevent a costly security breach. If you needed any proof of how critical patch management is, the recent WannaCry and Petya ransomware infections provided plenty of it.
Security patches fix vulnerabilities in applications and systems that if left unaddressed leave a door open for hackers to get into the networks of your clients. This used to be a problem primarily with the most commonly used software, but cybercriminals now are even exploiting lesser-known applications and vulnerabilities.
Cybercriminals never relent, working constantly to find new vulnerabilities, often forcing software vendors to issue patches outside of their regular patch schedule. This of course makes it a challenge for solution providers and IT professionals to keep up with all the patches. But ignoring patches puts servers and endpoints at risk for infection from advanced threats and ransomware variants that could have been prevented.
The recent WannaCry and Petya ransomware infections underscored the crucial need to address vulnerabilities as soon as they are discovered.
Both used the EternalBlue exploit to carry out their nefarious mission. Originally developed by the NSA, EternalBlue in Microsoft Windows Server Message Block (SMB), the transport protocol Windows machines use for functions such as file sharing, printer sharing and remote services access.
All unpatched versions of Windows, except recent versions of Windows 10, are vulnerable to EternalBlue. Even though Microsoft issued a patch for EternaBlue in March, enough systems remained unpatched for both WannaCry and Petya to wreak havoc in more than 150 countries combined and strike scores of organizations.
Developing a Patch Management Policy: 5 Requirements
The point of patch management is to swiftly deliver critical security updates and eliminate vulnerabilities. As soon as notification of a new patch is received, solution providers and IT professionals should be ready to implement it. In order to act quickly and effectively, there needs to be a process in place to apply patches safely and effectively. A sound patch management policy must address the following five requirements:
- Who is responsible for applying patches
- How to implement each patch – manually or through automation
- How quickly to apply a patch
- How to verify the patch is working
- How to prioritize multiple patches
Prioritization comes down to urgency. Some patches are more urgent than others, depending on the nature of the threat they address and which systems are at risk. For instance, the EternalBlue patch should have been applied immediately. Yet, plenty put it off or outright ignored it.
Solution providers and businesses don’t want be in a position where a patch that could have prevented an attack was ignored or overlooked. To avoid that, adhere to a policy based on best practices and take advantage of a patch management tool. An effective option is the VIPRE approach, which integrates patch management into endpoint security and provides an efficient and affordable way to update and protect their systems.
For more on VIPRE’s approach to patch management, please watch this informative video to see just how VIPRE keeps you protected from all attack vectors.