Transforming the Patching Process
The Future of Automated Patching
Organizations are also using automated patching to scan for missing patches, discover and patch virtual servers and systems that are not continuously connected to the enterprise network (e.g., laptops), ensure patching is consistently applied across the enterprise, verify patching for auditors, and maintain compliance with the Payment Card Industry Data Security Standard (PCI-DSS) and other regulations that require patch management.
The following practices help government organizations get the most value from automated patching solutions:
- Gain C-level sponsorship to help ensure funding and send the message that patching is an important part of security.
- Choose an automated solution that provides a comprehensive, transparent view of the asset inventory and what needs to be patched, scans everything connected to the organization’s network, tests and validates patches before they are added to the solution catalog, provides information about the severity of detected vulnerabilities and the criticality of patching, and simplifies reporting to verify patch compliance easily.
- Commit to a regular patching schedule that minimizes impact on productivity and availability (especially for special-purpose machines such as financial servers or web servers). It’s also important to establish a clear channel of communication regarding the schedule.
- Use a multi-tiered process for deploying patches. Start by updating a subset of machines that are representative of the environment and then correct any problems that arise before deploying patches more widely.
- Enable transparency and reporting so IT staff can see which resources are most vulnerable or commonly updated, understand risks, verify patch compliance, and share patch status with colleagues, upper management, and regulatory bodies.
- Develop a defense-in-depth strategy so other security controls can be used when patches don’t exist, may break something in the environment, or will take time to develop.
Automated patching not only simplifies and expedites the process, but also ensures patching is applied enterprise-wide. In addition, it allows staff to spend more time on tasks that support the organization’s overall mission. As part of a defense-in-depth strategy, patching is a fast way to reduce an organization’s attack surface and improve its security posture.