• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

The patching process

April 15, 2014 by Secure360 and UMSA

network-vulnerabilitiesWith the recent Heartbleed bug, there has been a lot of talk about patching. It’s a great conversation to have. Patching adds updates and fixes bugs; they’re a great way to keep up to date and secure, but they don’t apply themselves. Your processes for managing patches is essential to keeping your organization secure, because as security professionals, you’re busy dealing with a constant barrage of daily emergencies.

New patches come out on a daily basis; it’s not something that we need to think about just once a month or week anymore. Patching takes time and energy; there are a lot of factors involved, so it’s important that you streamline your process with best practices.

Inventory your network

You should have an up to date inventory of everything on your network. If you don’t have one, create one and make sure you audit it often to ensure it’s current. Know your production systems, IP addresses, physical locations, custodians and functions.

Standardize

If you can, put all our production systems on the same operating system and application software. Limiting the number of versions you are running will minimize the amount of work needed for patching, and helps avoid less used versions falling through the cracks and leaving your network vulnerable. The more streamlined the patch process can be, the better.

Inventory security measures

Again, an up to date list of all the security controls you have in place means less chance of missing something. Make a list of all your firewalls, routers, IDSes, AV and anything else. Knowing what security measures are in place will help you recognize where you could be most vulnerable so you can prioritize patching.

Assess your vulnerabilities

Take time to match up vulnerabilities with the inventory lists you’ve made. Create a reliable system for gathering vulnerability reports and pay attention to the ones that affect your specific systems. When you know what the vulnerabilities are, classify them and prioritize. Which are the biggest risks and which are most likely to happen?

Patches themselves are a risk; they break things. Don’t forget to assess the risk of patching itself. Make sure the patches will work within your environment. Create test environments to test patches and ensure patching won’t do more harm than good.

Patch

Get patching! When applying the patches, finding the right time that will be least disruptive is key. There are tools available to help you determine when the best time to apply patches is for your organization.

The patching process is a cycle. The better your process the less ongoing effort you need to exert on patches and the safer more secure you will be. While applying patches liberally is not a bad idea, over applying will cost you time and productivity. Knowing where you’re most vulnerable and understanding how those vulnerabilities affect your systems will help you make the right patches at the right time.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: As much as many of us enjoy it, there are risks to working from home, specifically as we rely more and more on the… https://t.co/S2nuIyWgjk
    about 1 day ago

  2. Secure360 Conference
    Secure360 Conference: The time to register is NOW, because today is the final day to score early bird rates. #Sec360 is the professional… https://t.co/rsIAkxmmCV
    about 2 days ago

  3. Secure360 Conference
    Secure360 Conference: We can never thank our wonderful #Sec360 sponsors enough! Silver Sponsors @AxoniusInc @BlackBerry @Fortinet and… https://t.co/pnYxfkR135
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.