sb-au logo
Story image

Patching: Reducing the gap between exposure and remediation

15 Nov 2019

Article by Ivanti APAC presales area vice president Andrew Souter

Patch management is crucial for any size business.

However, it is still one of the areas every organisation claims to have under control, yet the number of daily incidents we see about data breaches related to vulnerability exposure seems to increase each quarter.

Costs associated with cleaning up a data breach far outweigh the costs of good prevention software and procedures.

High-profile exposure

The WannaCry ransomware attack which stormed the world in mid-2017 was one of the most prominent, affecting more than 200,000 companies in over 150 countries.

There are reports that state WannaCry has cost organisations upwards of US$4billion.

That’s a huge amount of money for something that could have been prevented simply by following good patch management practices.

WannaCry used an exploit called EternalBlue, which exploited Microsoft’s implementation of the SMB protocol.

That means it affected almost every Windows operating system available.

Now here’s the issue—Microsoft had issued a software patch to resolve the vulnerability on March 14, 2017, two months prior to the outbreak.

Yes, it could have been prevented by applying a single patch.

So why wasn’t the patch deployed?

While 200,000 represents a large number of companies affected, the fact is that many did deploy the patch.

But what about those infected?

On average, it takes an organisation 90-120 days to deploy a patch to their devices, which is too big a gap between a patch being released and it being deployed.

There are usually a number of factors mentioned when organisations justify why patches aren’t deployed in a timely fashion.

One of the reasons might be the staff shortage to help test and deploy patches. 

The greatest challenge is dealing with the vast amount of vulnerabilities that are discovered and finding a way to zero in on the relevant ones for your organisation.  

According to the National Vulnerability Database (NVD), there were more than 16,000 CVEs (Common Vulnerabilities and Exposures) in 2018.

Sifting through to determine what needs to be deployed can become an overwhelming task for an organisation of any size.

Ways to reduce the patch gap

Most large organisations have a security team whose job is to protect the environment at all costs.

They scan the network for vulnerabilities and report these back to the operations team in the form of a list of CVEs.

The operations team, tasked with keeping the organisation running smoothly, must take that list and try to work out which patches resolve which CVE’s and then deploy those to the devices that need them.

There are patching solutions in the market that feature a unique ‘CVE to Patch’ capability that lets you import a CVE list from any third-party vulnerability scanning tool.

It then converts that automatically into a list of applicable patches ready to download and deploy.

This feature alone can save your operations teams hundreds of hours spent researching CVEs.

It helps you deploy patches to your devices faster and reduces that 120-day patch gap to a matter of hours.

Employ automation as much as possible

Another key way to help reduce the patch gap is to use Automation as much as possible.

Matching CVEs to patches is only one way automation helps.

By using runbook automation, you can automate almost every part of the patch process via the API—everything from scanning for new devices, scanning for applicable patches, deploying patches during the patch window, and reporting on the success or failure of the whole process.

For complex patch jobs, you can even automate the order in which you stop services, reboot servers, and start everything back up in a certain order.

Story image
2021 global salary guide: Cybersecurity, data analytics professionals in high demand
"Technology has been one of the most successful sectors throughout 2020 and that looks set to continue for the foreseeable future.”More
Story image
Palo Alto Networks turns attention to supporting remote workforces
"We’re working with more organisations to pivot their security architecture and move towards a cloud-delivered security model that can safely connect any user, to any application, from anywhere.”More
Story image
Kaspersky ranked number one in channel partner satisfaction
“Being recognised for the second consecutive year as the number one cybersecurity vendor for channel satisfaction, reflects the investment we have made in the Kaspersky United partner program over the past two years."More
Story image
Cyber-risk to critical infrastructure reaches all-time high — report
New research from Nozomi Networks Labs found that attackers are doubling down on high-value targets and weaponising the software supply chain.More
Story image
Three security essentials for financial services
Financial services organisations must provide the best possible customer experience in terms of mobile and online application availability, performance and security, writes Gigamon country manager for A/NZ George Tsoukas.More
Story image
How to stay ahead of the next cyber breach
With so many people working from home, the corresponding surge in app usage, unmanaged devices, web traffic and accessing internal resources is making security a much trickier prospect.More