What Is Patch Management?
By Tobias Geisler Mesevage
A patch is a change to a computer program that is designed to update, fix, or improve it. Patches are aimed to:
- Fix security vulnerabilities
- Implement bug fixes
- Improve the performance of applications and programs
- Improve the usability of applications or programs
Without patches, a network’s software and operating systems become vulnerable and are at risk of security breaches. To ensure patches are deployed as needed, many companies turn to patch management tools or MSPs for help. Therefore, the practice of managing a network of computers by regularly implementing patches, to ensure computers within a network are up to date.
Patch management is a process that can be bundled into the MSP’s service package.
Why is patch management critical?
In one short story, we can summarize the importance of patch management.
Do you recall the 2017 Equifax data breach? More than 143 million U.S. consumers were affected by the breach, and personally, identifiable information was stolen in troves. This included:
- Credit card numbers
- Driver’s license number
- Social Security numbers
- Date of birth
- Phone numbers
- Email addresses
As a result of the breach, Equifax paid roughly $1 billion in legal fees, criminal charges were levied, and the reputation of the organization has been tarnished.
As it turns out, the attack was a result of an unpatched web application that acted as a backdoor for hackers.
A patch for the hole was available for a full two months before the breach occurred, but due to cybersecurity mismanagement, Equifax failed to detect, identify, or update the software.
Lessons learned from the incident
As soon as a security update is released, especially for widely-used computer programs, cybercriminals are ready to move in and take advantage of vulnerabilities. Therefore, the most important reason to implement or pitch a patch management process to your clients is to protect them from the latest cyber threats that can terrorize critical business data.
What is a patch management process?
MSPs have a unique opportunity to bundle patch assessment and management services into their comprehensive security strategy.
A patch management process may look something like the following:
- Set your parameters: Define a baseline of compliance for a network, gaps in the existing strategy, and blueprint a path to a cure.
- Identify risks and define a contingency plan: If a patch is unable to be deployed or causes a software regression, how will you respond?
- Test your patches: Do so in a controlled environment, and confirm your targets have backups, especially for vital devices like servers.
- Get your team onboard: Loop in key stakeholders to primary and contingency plans so they can help respond in the event of deployment failure.
- Deploy and assess: Once a patch is deployed, evaluate the environment and confirm compliance. If you find non-compliant anomalies learn from the issues, and build a corrective plan
Finally, report the results and continue to fine-tune your patch management process for stronger, continued success. Above all, remember that patch management is an on-going process, not a single project. This is why one aspect of Datto's RMM solution is automating patch updating.