We’ve looked at the importance of “Patch Updates” recently and focused on Microsoft’s Patch Tuesday, when Microsoftprovides users with often very essential updates to its Windows operating systems. When serious flaws or security loopholes open up, they need to be patched with remedial software code and the update process for most users is quite automated and comparatively simple.
But it is important to note here that patching goes beyond Microsoft and beyond operating systems.
For companies who employ a formal IT manager role, the process of engineering patch detection into regular systems management is crucial. Patch detection should also be linked, from a process perspective, to patch distribution. Itsounds obvious, but there is little worth in identifying security vulnerabilities if they are not subsequently mitigated against.
For businesses looking to deploy what might be classified as an “end-to-end solution” that will comprehensively look after vulnerability and patch management, there are certain provisos and caveats to be aware of.
For small to medium sized businesses without a full time IT manager, there are lessons in security best practice here that are still universally relevant.
Going deeper into the disconnect
A mistake (or perhaps we should call it an oversight) that appears to be commonplace among many companies, both large and small, is that patching is carried out at the operating system level, while applications themselves are left unpatched and unloved.
This kind of scenario can potentially develop if a company invests in a packaged patching solution and thinks that all patches on all applications on all machines will be automatically updated in the future. The reality is that some departments (or individual workers) will sometimes hold back on applying patch updates due to perceived compatibility problems with software updates.
So what kind of applications are we talking about here?
OK so while users and IT managers will still need to apply patches and software updates to software such as core word processing or email client applications, social media software or lighter weight music or photo sharing apps, our area of focus here is a little deeper.
Java for example enjoys many updates, as does Acrobat Reader, Flash, all of the most popular Internet browsers on the market and even tools like the Apache web server. We’re not singling these software products out for any reason, we are merely saying that very often the updates that exist for these items represent as much of a hacker opportunity (if left unchecked) as entry points into a user’s entire operating system.
Patching then is important, more important and more complex than many firms or individuals may have considered. Make it part of your system health check.