Patch Management Best Practices [5 Tips & Webinar]
Patch management is as important as it is challenging to keep running up-to-date at all times.
Here is your checklist of five patch management best practices that will keep your processes running efficiently without disruption, and secure.
5 Patch Management Best Practices
1- Get On the Right Frequency
The frequency for which you should be performing patches varies depending on the following:
- The criticality of the system
- The level of data being processed
- The impact of the patches
In general, though, here is the frequency you should pursue:
- Windows security patches should be installed immediately.
- Antivirus patches should be installed weekly.
- Database patches should be installed quarterly.
2- Inventory Your Network Regularly
If one computer in the environment misses a patch, the stability of them all is at risk. Develop a current inventory of production systems (including IP addresses, OS types, versions, and physical locations) to help manage your patching efforts and keep everything secure.
3- Automate Everything
Relying on identifying, evaluating, and deploying patches manually is a time suck. Transitioning to a cloud-based automated patch management solution that will schedule regular update scans and ensure patches are applied automatically will make you wonder how you ever got it done before. Additionally, automating patch management audit reports will make both you and your clients happy.
4- Perform Comprehensive Application and OS Coverage
Many vulnerabilities you’ll encounter come from third-party applications (Adobe, Mozilla, etc.) and alternative operating systems (Linux, Unix, etc.). Relying solely on auto patch updates is not a viable option. Make sure you have comprehensive coverage to account for any potential exploitations.
5- Mitigate the Exception
There is always an exception to the rule. If a patch breaks or for any number of other scenarios, you will likely find yourself needing to make an exception in the security environment. However, always include a mitigation to combat potential threats.
With these 5 patch management best practices, you’ll find it much easier to stay on top of updates, ultimately safeguarding your virtual data environments.
Can the Patch Management Process Run Smoothly?
Without question, patch management is essential to reducing your attack surface and keeping your endpoints and business running smoothly. However, it’s also a process that must be repeated weekly, monthly, quarterly—and whenever critical fixes have been identified for your environment.
But there’s good news. With the right tools and some advance planning, this process can run smoothly and leave your IT team with more time to support core business goals.
IT can be a real ditch
if there’s a patching glitch.
Down in the trenches
amid all the stenches?
Consider Ivanti’s pitch.
Patch Management Best Practices Webinar
Looking for a clear, well-structured overview of best practices and trends in patch management? Then this Ivanti security webinar is for you.
First presented at Interchange 2018 in Dallas the week of May 13th and subsequently online, it’s one of our most popular sessions and is ready when you are.
As part of your malware protection strategy , you may also want to look more closely at specific Ivanti patch solutions: Patch for SCCM; Patch for Windows; Patch for Linux, UNIX, Mac; and Patch for Endpoint Manager.
This webinar is presented by Ivanti security product management gurus, Chris Goettl (You Gotta Getta Goettl) and Todd Schell (One Schell of a Guy)—the same experts who host our popular monthly “Patch Tuesday” webinars.
As Chris explains, Ivanti’s security strategy is based on three principles:
Discover: Easily find and quantify the assets you need secured
Provide insight: Clearly identify risk
Take action: Use best-in-breed tools to act swiftly
Here’s an outline of what Chris and Todd cover:
Webinar Recap Patch Management FAQs:
One of best portions of the webinar is the Q & A session towards the end. One attendee commented via chat about
"Why Microsoft continues to refer to Patch Tuesday as such when Microsoft has two or three releases of updates each month."
Chris Goettl replied that Microsoft still considers Patch Tuesday as the security-focused event, but they may have additional security fixes that follow the next week and a half or two weeks. “Maybe a version of a patch had to be re-released or they didn't include a certain platform update on Patch Tuesday so it came a few days later. This happens a lot,” Chris said.
He continued, “And then there are the non-security updates that happen at the end of the month as well. It’s hard to keep in a consistent maintenance window when you’ve got all these additional updates constantly coming out. One of the things we often suggest is getting to a point where you classify your assets. If it’s a server, that’s gotta go into a more consistent maintenance window once a month—once a quarter if there are extenuating circumstances, but once a month is preferable.”
And referring to end-user machines, Chris said, “It’s much more critical to try to get those into a more frequent cadence—especially getting laptop users into a weekly or twice-a-week cadence. And maybe you set up a policy that only does things like Flash Player, Office, and browsers, you know, once a week, but everything else such as the OS updates will just be once a month. So, there are different ways you could strategize and do that based on your risk tolerance.”