• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The patching process

April 15, 2014 by Secure360 and UMSA

network-vulnerabilitiesWith the recent Heartbleed bug, there has been a lot of talk about patching. It’s a great conversation to have. Patching adds updates and fixes bugs; they’re a great way to keep up to date and secure, but they don’t apply themselves. Your processes for managing patches is essential to keeping your organization secure, because as security professionals, you’re busy dealing with a constant barrage of daily emergencies.

New patches come out on a daily basis; it’s not something that we need to think about just once a month or week anymore. Patching takes time and energy; there are a lot of factors involved, so it’s important that you streamline your process with best practices.

Inventory your network

You should have an up to date inventory of everything on your network. If you don’t have one, create one and make sure you audit it often to ensure it’s current. Know your production systems, IP addresses, physical locations, custodians and functions.

Standardize

If you can, put all our production systems on the same operating system and application software. Limiting the number of versions you are running will minimize the amount of work needed for patching, and helps avoid less used versions falling through the cracks and leaving your network vulnerable. The more streamlined the patch process can be, the better.

Inventory security measures

Again, an up to date list of all the security controls you have in place means less chance of missing something. Make a list of all your firewalls, routers, IDSes, AV and anything else. Knowing what security measures are in place will help you recognize where you could be most vulnerable so you can prioritize patching.

Assess your vulnerabilities

Take time to match up vulnerabilities with the inventory lists you’ve made. Create a reliable system for gathering vulnerability reports and pay attention to the ones that affect your specific systems. When you know what the vulnerabilities are, classify them and prioritize. Which are the biggest risks and which are most likely to happen?

Patches themselves are a risk; they break things. Don’t forget to assess the risk of patching itself. Make sure the patches will work within your environment. Create test environments to test patches and ensure patching won’t do more harm than good.

Patch

Get patching! When applying the patches, finding the right time that will be least disruptive is key. There are tools available to help you determine when the best time to apply patches is for your organization.

The patching process is a cycle. The better your process the less ongoing effort you need to exert on patches and the safer more secure you will be. While applying patches liberally is not a bad idea, over applying will cost you time and productivity. Knowing where you’re most vulnerable and understanding how those vulnerabilities affect your systems will help you make the right patches at the right time.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 16 hours ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 2 days ago

  3. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.