Patch Intelligence – Reducing Time to Patch
Today in 2019, the average time from vulnerability disclosure to exploit is now 14 days and ever decreasing. Gartner predicts that by 2022, 90% of vulnerabilities exploited will be known to the Patch Admin at time of exploit. Therefore, the efficient and timely deployment of security patches to mitigate vulnerabilities in your environment and manage business continuity risk is more important than ever.
The Enemy that is Time
A common theme we hear from customers is that time is your enemy, as from the moment a vulnerability is disclosed the clock is ticking. As the bad guys get faster and smarter in exploiting known vulnerabilities, meeting that 14-day patching window and securing your environment is a constant challenge.
Identifying vulnerabilities in your environment and the patches needed to mitigate them is an endless, time-consuming activity. Deciding which patches to prioritize, test, and roll out are additional challenges that further prolong the patch management process.
So, what can Ivanti do to help you reduce the time to patch and secure your environment within that optimal 14-day window?
Our Patch Intelligence tool in Ivanti Cloud is an initiative we have been developing with capabilities to help you gain additional insight that would otherwise take time and effort to discover on your own, ultimately helping reduce the time to patch and optimize the rollout of important updates to your environment.
One of the many tasks associated with the patch management process is the need to undertake research for known issues about patches that require your attention. This research may need to be gathered from multiple sources such as vendor documentation, blog posts, or even our own Patch Tuesday webinar, but it’s yet another time-consuming activity.
So, wouldn’t it be great if the research needed around any known issues was all in one place? How advantageous would it be to see not just known issues that had been identified by a vendor or Ivanti, but also by other customers and the challenges they have faced in deploying a certain patch?
Known-issues functionality in Patch Intelligence has been developed to do just that and help you better prioritize and take steps to secure your environment. Issues reported with a patch or group of patches by the vendor or identified by Ivanti are added to the relevant bulletin, and as you can see from the screen shot below (Fig:1), are highlighted to the user. So, in one place you have bulletin information, associated CVEs, and patches needed to mitigate a vulnerability plus any known issues.
Digging further into a bulletin with a known issue provides more detailed information about symptoms, any remediation steps necessary, and the patches affected. The example below (Fig:2) relates to a Microsoft issue identified and communicated in the last Patch Tuesday webinar in August.
But what about problems experienced by other users rolling out specific patches? How useful would it be to gain even more insight into the issues experienced across hundreds if not thousands of other customers, all in one place?
This is where we see our Known Issues feature in Patch Intelligence coming into its own with anonymized peer data. The more our customers communicate challenges in rolling out patches to mitigate vulnerabilities in their environments, the greater the insight for everyone.
In the Known Issues section of a bulletin you can see not just the problem itself and any remediation steps, but also the number of endpoints affected and whether the patch had to be rolled back. This information can identify potentially problematic patches that will require more testing, helping you prioritize testing and rollout, optimize your patching cycle, and crucially, help you save time and strengthen your cyber security posture.
Continuous Vulnerability and Assessment and Remediation is one of the top five Center for Internet Security’s Critical Security Controls, a framework that provides best practices and guidance for securing your organization.
As we continue to evolve the capabilities of Patch Intelligence, our aim is to provide you with the insight and support you need to optimize your patch management process and secure your environment.