The Power of Patching
This year’s cybersecurity theme is “See Yourself in Cyber” and focuses on the power of the individual to secure the organization’s network. Small oversights in hardware and software patching can cause big issues when it comes to cybersecurity.
One of the easiest things to do is to update software, but often people don’t. What’s behind the hesitation? Sometimes an update that addresses a bug can break something else in a product, and organizations are hesitant to introduce a change that hasn’t been thoroughly tested. How often does this happen? More than we’d like to imagine.
3 out of the top 15 vulnerabilities listed by CISA in 2020 appeared again in their 2021 list.
This means organizations are not patching their software, even a year after the update is made available. Whether this is because of aversion to change or lack of awareness – making this update in a timely manner can prevent an attack. This is a great opportunity to make sure you aren’t running any of CISA’s top 15 routinely exploited vulnerabilities from 2021.
Leaving known exploits unpatched gives threat actors a playbook for attacks. Hackers can use botnets with malicious scripts that crawl websites scraping data that reveals unpatched software versions to exploit.
Patch management is often reactive, a cat-and-mouse race between attackers and patch applications.
5 Ways to get Ahead with Patches
1 – Inventory Everything
From laptops, PCs, firewalls, routers, operation systems, and servers to software applications, everything needs to be identified and inventoried. It’s critical to have a complete list of every network component because if one server goes unpatched or an organization lost track of a device, it can serve as an entry point for attack. A self-discovery device management system (DMS) can help automate this inventory loss.
2- Create a Patch Management Strategy
This strategy should prioritize zero-day exploits, assesses risk, backup current assets, and test less critical updates before pushing them out. A patch management strategy should also focus on identifying all dependencies within your network. Understand when a server requires a reboot to apply a patch so you can plan maintenance windows accordingly and notify end-users when patches will affect their access. Document what tools will be used to identify outdated versions and push out the updates. A stakeholder should be assigned as responsible for each step of your patch management strategy.
PRO TIP: In general, a patch should be deployed no longer than 30 days after it is released.
3 – Be Vigilant
Subscribe to email updates from CISA so you know the moment a zero-day vulnerability hits. The same goes for any other software you use, review the forums for issues with the patches before you deploy. For example, follow Microsoft’s blog for their Update Tuesday release information to look for security patches.
4 – Invest in a Patch Management System
A patch management system can automate the process using built-in scripts to scan endpoints for missing patches and can automatically deploy critical updates. Some patch management systems outsource patch testing in test environments before the patch is applied and allow rollbacks in the case of a patch breaking something. Manually reviewing and testing patches is not a sustainable solution that can scale with the number of application updates occurring across organizations at any given time.
5- Incorporate Behavioral Analytics.
Even if you do all of the above, it can be difficult to patch a problem before it’s been discovered and announced, and resolved. You need a plan B. Invest in a tool that can detect unusual application behavior. You can get alerted of an exploit before you know of a patch vulnerability. With a large number of attacks following similar patterns, there are behaviors that an NDR can flag for you. For example, if there is behavior within a word suite application that is creating executable code we can investigate whether this behavior is atypical or can indicate that something is wrong.
About LiveAction
LiveAction can keep track of endpoints with a cloud-based device management console for easy inventory management. Our NDR product detects non-signature-based malware through AI-informed behavioral analytics. Get an edge on the attackers and get ahead of the patch race with ThreatEye’s attacker detection solution.
ThreatEye is a next-gen AI-powered NDR that detects and protects against sophisticated threats. Built by analysts for analysts, see how ThreatEye can enhance your threat response. Small changes to network patching can make major differences in outcomes. #Seeyourselfincyber, today.
