itb-nz logo
Story image

Patching: Reducing the gap between exposure and remediation

15 Nov 2019

Article by Ivanti APAC presales area vice president Andrew Souter

Patch management is crucial for any size business.

However, it is still one of the areas every organisation claims to have under control, yet the number of daily incidents we see about data breaches related to vulnerability exposure seems to increase each quarter.

Costs associated with cleaning up a data breach far outweigh the costs of good prevention software and procedures.

High-profile exposure

The WannaCry ransomware attack which stormed the world in mid-2017 was one of the most prominent, affecting more than 200,000 companies in over 150 countries.

There are reports that state WannaCry has cost organisations upwards of US$4billion.

That’s a huge amount of money for something that could have been prevented simply by following good patch management practices.

WannaCry used an exploit called EternalBlue, which exploited Microsoft’s implementation of the SMB protocol.

That means it affected almost every Windows operating system available.

Now here’s the issue—Microsoft had issued a software patch to resolve the vulnerability on March 14, 2017, two months prior to the outbreak.

Yes, it could have been prevented by applying a single patch.

So why wasn’t the patch deployed?

While 200,000 represents a large number of companies affected, the fact is that many did deploy the patch.

But what about those infected?

On average, it takes an organisation 90-120 days to deploy a patch to their devices, which is too big a gap between a patch being released and it being deployed.

There are usually a number of factors mentioned when organisations justify why patches aren’t deployed in a timely fashion.

One of the reasons might be the staff shortage to help test and deploy patches. 

The greatest challenge is dealing with the vast amount of vulnerabilities that are discovered and finding a way to zero in on the relevant ones for your organisation.  

According to the National Vulnerability Database (NVD), there were more than 16,000 CVEs (Common Vulnerabilities and Exposures) in 2018.

Sifting through to determine what needs to be deployed can become an overwhelming task for an organisation of any size.

Ways to reduce the patch gap

Most large organisations have a security team whose job is to protect the environment at all costs.

They scan the network for vulnerabilities and report these back to the operations team in the form of a list of CVEs.

The operations team, tasked with keeping the organisation running smoothly, must take that list and try to work out which patches resolve which CVE’s and then deploy those to the devices that need them.

There are patching solutions in the market that feature a unique ‘CVE to Patch’ capability that lets you import a CVE list from any third-party vulnerability scanning tool.

It then converts that automatically into a list of applicable patches ready to download and deploy.

This feature alone can save your operations teams hundreds of hours spent researching CVEs.

It helps you deploy patches to your devices faster and reduces that 120-day patch gap to a matter of hours.

Employ automation as much as possible

Another key way to help reduce the patch gap is to use Automation as much as possible.

Matching CVEs to patches is only one way automation helps.

By using runbook automation, you can automate almost every part of the patch process via the API—everything from scanning for new devices, scanning for applicable patches, deploying patches during the patch window, and reporting on the success or failure of the whole process.

For complex patch jobs, you can even automate the order in which you stop services, reboot servers, and start everything back up in a certain order.

Story image
Google Cloud picks up NVIDIA A100 Tensor Core GPUs in alpha
Google Cloud is the first company to offer the new NVIDIA GPU as part of the Accelerator-Optimised VM (A2) instance family.More
Download image
Fluid organisations require flexible security
Choice, appropriate risk analysis, and ease of use for everyone top benefits of strong authentication.More
Story image
Going back to work: Why we need to rethink enterprise ID cards
Australia and New Zealand are opening up again, and office workers are going back to their desks. Meanwhile, many companies still rely on outdated legacy card issuance systems, which offer little functionality or security assurances, and printing processes can be cumbersome.More
Story image
Unilever chooses Alibaba Cloud solutions to bring marketing game to new heights
“Alibaba Cloud’s solutions have the ability to unlock the customer insights needed, and are set to ensure Unilever continues to succeed and build brand loyalty with its customers amid a constantly evolving and complex marketplace.”More
Story image
The real reason to use risk-based authentication in the enterprise
By analysing what the user knows, has, and does, the risk engine can identify legitimate users while denying access to intruders.More
Story image
Closing the cloud skills gap: How certification can maximise cloud investments & keep staff happy
You probably wouldn’t buy an expensive computer program if you didn’t know how to use it. Yet so many organisations invest in costly cloud programs, without having the necessary skills and training on board to make the most of the program.More