Patch management is the process of identifying, acquiring, installing, and verifying patches for products and systems used by an organization. They are imperative to correct problems related to security and functionality in software and firmware. They also introduce capabilities that are often mandatory into the organization’s IT environment.

The importance of patch management was highlighted in Congress when the CEO of Equifax testified that the company’s failure to patch was one of the causes of the now infamous data breach. The CERT® Coordination Center (CERT®/CC) claims that 95 percent of all network intrusions are avoidable by using proper patch management to keep systems up-to-date.

It’s become very clear in recent years why patching needs to be a priority for organizations but there are many challenges that make it difficult to do this. Most organizations today use many different systems and applications that all have varied release schedules, prioritization of patches often takes a backburner to other business priorities, and technical mechanisms for applying patches often conflict.

According to the SANS Institute, meeting the patch management challenge requires the creation of a patch management methodology and the automation of that methodology. This methodology should consist of the following components:

  • Visibility / detailed inventory – comprehensive catalog of all hardware, operating systems, and applications that exist in the network
  • Vulnerability process – identification of all vulnerabilities that exist in the hardware, operating systems, and applications
  • Risk assessment/management – establishment of a set of risk management metrics and prioritize urgency of patches
  • Patch process/procedure – detailed processes and procedures for testing and deploying patches and verification of deployment

The automation component is also an important piece of this as it provides a policy-based approach for IT administrators to manage their data centers with greater speed, quality, and consistency. Tools such as TrueSight Automation for Servers can be a game changer as they provide the functionality of patch management along with server lifecycle management. Organizations are then able to limit the number of services touching their systems and reduce the configurations needed to integrate systems. By employing the right tools, organizations can have a single place to manage efforts and reduce the overall complexity of managing these processes and system lifecycle tasks.

The world of patch management can be overwhelming especially as it becomes more and more obvious how vital it is to the security and health of an organization. Organizations need to have visibility into their hardware, operating systems, and applications so they can identify the vulnerabilities that exist and put risk management and patching procedures in place. Automation can take these tasks and make them digestible and manageable to reduce the overwhelm and make a complex endeavor much less challenging.

Sources:

https://www.sans.org/reading-room/whitepapers/sysadmin/paper/1468

https://www.bmc.com/content/dam/bmc/collateral/bmc/15409-BMC-Jackson-wp-final.pdf

https://www.bmc.com/content/dam/bmc/collateral/bmc/15409-BMC-Vanderburg-wp-final.pdf

About the author:

Vinnie Lima

Vinnie Lima is the Managing Director for VVL Systems & Consulting, a small business focusing on IT Optimization for Cloud, Infrastructure, and End Users. Based out of Baltimore, Maryland, Vinnie Lima has over 21 years in IT Automation, Orchestration, and Cloud. Mr. Lima’s career has been focusing on helping customers drive value from their IT investments through the use of leading edge technologies and approaches, driving innovation in a wide spectrum of industries such as DoD, Federal, Health Care, and Financial.

facebook twitter linkedin instagram

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our Newsletter
Stay informed with the latest technology news, industry events, and training offered by VVL Systems for free! Fill out this form and receive our newsletter delivered straight to your inbox.

See how VVL has helped clients leverage the latest technologies and agile capabilities.

Latest VVL and Industry News

What is a Zero Trust Maturity Model?

In this article, we'll review the recent materials, standards, and guidance principles related to Zero Trust Framework with the hope…

COVID-19 Support

VVL Systems is increasing our proactive action to assist the fight against COVID-19, together with Federal, State, and Local governments…

Upcoming VVL and Industry Events