• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The patching process

April 15, 2014 by Secure360 and UMSA

network-vulnerabilitiesWith the recent Heartbleed bug, there has been a lot of talk about patching. It’s a great conversation to have. Patching adds updates and fixes bugs; they’re a great way to keep up to date and secure, but they don’t apply themselves. Your processes for managing patches is essential to keeping your organization secure, because as security professionals, you’re busy dealing with a constant barrage of daily emergencies.

New patches come out on a daily basis; it’s not something that we need to think about just once a month or week anymore. Patching takes time and energy; there are a lot of factors involved, so it’s important that you streamline your process with best practices.

Inventory your network

You should have an up to date inventory of everything on your network. If you don’t have one, create one and make sure you audit it often to ensure it’s current. Know your production systems, IP addresses, physical locations, custodians and functions.

Standardize

If you can, put all our production systems on the same operating system and application software. Limiting the number of versions you are running will minimize the amount of work needed for patching, and helps avoid less used versions falling through the cracks and leaving your network vulnerable. The more streamlined the patch process can be, the better.

Inventory security measures

Again, an up to date list of all the security controls you have in place means less chance of missing something. Make a list of all your firewalls, routers, IDSes, AV and anything else. Knowing what security measures are in place will help you recognize where you could be most vulnerable so you can prioritize patching.

Assess your vulnerabilities

Take time to match up vulnerabilities with the inventory lists you’ve made. Create a reliable system for gathering vulnerability reports and pay attention to the ones that affect your specific systems. When you know what the vulnerabilities are, classify them and prioritize. Which are the biggest risks and which are most likely to happen?

Patches themselves are a risk; they break things. Don’t forget to assess the risk of patching itself. Make sure the patches will work within your environment. Create test environments to test patches and ensure patching won’t do more harm than good.

Patch

Get patching! When applying the patches, finding the right time that will be least disruptive is key. There are tools available to help you determine when the best time to apply patches is for your organization.

The patching process is a cycle. The better your process the less ongoing effort you need to exert on patches and the safer more secure you will be. While applying patches liberally is not a bad idea, over applying will cost you time and productivity. Knowing where you’re most vulnerable and understanding how those vulnerabilities affect your systems will help you make the right patches at the right time.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: New post alert! Learn more about our awesome 2022 @UMSAOrg #scholarship winners https://t.co/C8VnqX3wWW
    about 5 hours ago

  2. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.