No piece of software is perfect and no network can ever be 100% secure. However, network administrators can take proactive action to ensure they have addressed as many weaknesses as possible in the network. A primary task for IT teams is to maintain systems and software up-to-date and patch management is the process they need to follow.
Patch management involves obtaining, testing, and installing several patches to the computer system in order to keep it safe against malware attacks. The tasks carried out during patch management include: keeping up to date on which patches are available, determining what patches are right for your system, making sure that these patches are properly installed, testing your system after installation, and documenting all related procedures.
Patches are issued to address a number vulnerabilities including:
- Known vulnerabilities in Operating Systems,
- Bugs discovered in software programs.
Hundreds of vulnerabilities are identified on a monthly basis and it is a race against time for vendors to issue patches before a vulnerability can be exploited. However, it is not only up to vendors to issue patches. That is but the first step. The next important step is for those patches to be deployed on systems that are at risk.
Deploying patches manually is a nightmare and the larger the network the more time-consuming the process is. It is also impossible for an administrator to be aware of every existing vulnerability or patch being released. There are additional risks when the process is done manually:
- Patches cannot be managed centrally for the whole network,
- There is no reboot control,
- They cannot answer what patches are installed and where,
- If the end users themselves install the patches it will be difficult to prevent installation of patches that interfere with business environment,
- Administrators might not be notified on installation failures,
- Patches are downloaded multiple times, once per machine.
If administrators fail to apply the right patches, malware in its various forms can exploit security vulnerabilities in the operating systems or installed applications.
Technology, though, has come to the IT team’s aid and there are excellent products that allow for the assessment of vulnerabilities and subsequent deployment of patches. With little effort an administrator can scan the whole network and patch the network’s weaknesses automatically.
There is no ultimate security which can guarantee 100% security. To every action there is always an equal and opposite reaction, and while software companies are constantly updating their security solutions to fight the latest malware, complex malicious code is being written daily. For this reason applying a good patch management solution is essential if you are to identify, assess and patch holes in your organization’s IT network.
About the author: This guest post was provided by Enrica Garroni on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on implementing patch management.
All product and company names herein may be trademarks of their respective owners.