Most successful security breaches involve unpatched systems.
(March 6, 2023) Patch management has been getting progressively more complex over the last several years, but remote and hybrid work models have ramped up the challenge considerably. With work-from-home policies becoming permanent, IT teams are tasked with securing huge numbers of endpoints not under their physical control.
“Patching is an essential security practice, but most organizations struggle with the process even under the best of circumstances,” said Mark McClelland, co-founder and vice president of Mainstream Technologies. “The extreme proliferation of critical patches being issued by vendors is making it nearly impossible to apply them all in a timely fashion with traditional manual processes.”
Research shows that enterprise organizations often get dozens of critical updates and security patches every day, which can overwhelm time-strapped IT teams. According to a Ponemon Institute survey, organizations say it takes an average of 12 days to coordinate the application of a single patch across all devices. Nearly two-thirds of those surveyed said the process has become too difficult.
As a result, a lot of patches are simply ignored. It’s easy to guess how that turns out. The Department of Homeland Security estimates that 85 percent of successful network exploits involve unpatched machines. In many cases, patches that would have prevented the exploits had been available but unapplied for a year or more.
More Automation and Visibility Needed
In the Ponemon survey, 48 percent of respondents said their organizations had suffered at least one data breach in the preceding 24 months, and 60 percent said those breaches could have been caused by a failure to apply an available patch. However, 62 percent said they were unaware of the vulnerability before the security breach.
Part of the problem is outdated patching methods. Many organizations still track patch status manually, fixing holes on the fly. Only 44 percent of respondents to the Ponemon survey said that they use automated tools to facilitate patching.
“With organizations suddenly becoming highly dependent on work-from-home employees using remote endpoint devices, patching becomes more complicated. In many cases, IT teams have very little visibility into what applications and devices remote workers are using to connect to the corporate network. That has created a much larger attack surface,” McClelland said.
A managed services provider (MSP) with expertise in automated patching solutions can reduce an organization’s exposure. These solutions can automatically discover what remote devices and apps exist on the network and can track their patch status.
Don’t Forget to Test
Automated patch management solutions also ensure that patches are applied in a timely manner. However, the MSP should also work with an organization’s in-house IT staff to develop a customized patch-management plan that includes a testing protocol.
Patches rolled out too quickly can produce unintended consequences, which is why IT professionals generally prefer a more conservative approach. Thorough testing before rollout helps ensure the patch doesn’t have bugs or conflict with legacy software. Approved patches can then be rolled out to users in a controlled manner that preserves network bandwidth and minimizes productivity drains.
Top MSPs will also help prioritize patch deployment. Rather than rushing to install every patch that comes along, a provider can help IT staff evaluate them according to their impact on the organization. For instance, a patch that addresses vulnerabilities in an e-commerce application might take priority over one that updates a printer driver.
“Patch management is a critical security exercise. However, extreme patch proliferation and poor visibility into growing numbers of remote endpoints are making the process increasingly difficult to manage with traditional manual approaches,” said McClelland. “With automated tools and well-defined methodologies, a qualified MSP can help streamline the patch management process and reduce risk.”
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile