Skip to main content
Patch Management

5 Biggest Mistakes In Patch Management

By May 20, 2020June 22nd, 2022No Comments
|||||||

5 Biggest Mistakes In Patch Management

Patching is a major challenge for IT professionals everywhere. Find out how to avoid making the top mistakes that can significantly impact your environment.

[vc_empty_space]
[vc_single_image image=”38662″ img_size=”full”]

1. Putting Off Patching

There is no question: you need to patch.

Every software product has bugs and many have security vulnerabilities. Unfortunately, people around the world, including security services are trying to find and exploit these holes. The vast majority of security events are attack vulnerabilities that have already been addressed.

For example, in the case of WannaCry, Microsoft released an update that addressed the vulnerability two months prior to the worldwide attack. By putting off patching, you leave your environment completely vulnerable to exploits and ransomware.

There is no excuse for not having a strong patch management strategy. This doesn’t mean worrying about it for a week every time something like WannaCry hits the press. When the next doomsday strikes, you should be completely bulletproof.

2. Giving Admin Rights to Everyone

One approach for patching is giving all users local administrator rights to let them take care of patching. What are the issues with this approach? Will all users install those patches?

We’ve seen Windows Update reporting 100+ patches waiting to be installed. By giving users administrator rights, you are creating a huge future attack surface. Typically end users are not as vigilant about clicking to links in emails and opening attachments that might now infect their PC utilizing their administrator rights.

Once infected, the local network can be leveraged to distribute the infection. Even in locked down environments, if an application is having trouble running, granting administrator rights will solve the problem but also create a new security gap.

It is worth the time to work out the specific permissions needed by an application rather than granting blanket administrator rights. There are simply too many risks involved.

[vc_single_image image=”38151″ img_size=”full” add_caption=”yes” alignment=”center” onclick=”custom_link” css_animation=”fadeIn” link=”/start-a-free-trial-of-syxsense”]

3. Letting Vendors Auto-Update

Many operating systems and third-party applications have self-updating technology. This might seem like a great idea, however if devices are correctly locked down, the user may not have permissions to install the updates. By allowing the vendor to push out updates, there is a chance you will end-up breaking critical business applications.

One of the best examples of this is Java updates. Unfortunately, patches don’t go through the same level of software testing that a full software release typically might. This means patches can often have their own significant bugs. We have seen many examples of companies like Microsoft recalling patches because of major issues.

4. Relying on WSUS

Microsoft provides enterprises a popular tool to manage software updates: Windows Server Updates Services (WSUS). However, many organizations make the mistake of thinking they are protected because they use this program. WSUS does not provide sufficient reporting, so as an administrator there is no way to know if you are completely protected.

Questions you should be asking:

[ultimate_icon_list icon_size=”60″ icon_margin=”15″][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38271|url^https://www.syxsense.com/wp-content/uploads/2020/05/Browser.png|caption^null|alt^null|title^Browser|description^null”]Has the patch been successfully deployed?[/ultimate_icon_list_item][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38674|url^https://www.syxsense.com/wp-content/uploads/2020/05/Clipboard.png|caption^null|alt^null|title^Clipboard|description^null”]How can I find out my patch compliance level?[/ultimate_icon_list_item][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38675|url^https://www.syxsense.com/wp-content/uploads/2020/05/Search-1.png|caption^null|alt^null|title^Search|description^null”]Is there any way to show this to management?[/ultimate_icon_list_item][/ultimate_icon_list]

WSUS also focuses on distributing Microsoft’s own patches, but what about third-party software applications or non-Microsoft operating systems? It’s important to always reevaluate your approach.

5. Not Thinking Bigger

Even with a locked down security environment or running WSUS, you could still be at risk. What about your Linux and Mac devices? What about social engineering attacks that cause users to give up usernames and passwords? What about third-party applications, such as Adobe Flash and Java?

Patch management best practices are crucial. It’s important to select a solution that overcomes the key challenges in developing a patch management process.

How Patch Management with Syxsense Helps

[ultimate_icon_list icon_size=”60″ icon_margin=”15″][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38222|url^https://www.syxsense.com/wp-content/uploads/2020/05/laptop-icon.png|caption^null|alt^null|title^laptop-icon|description^null”]Identify all devices that can access your network[/ultimate_icon_list_item][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38229|url^https://www.syxsense.com/wp-content/uploads/2020/05/shield-icon.png|caption^null|alt^null|title^shield-icon|description^null”]Determine existing patch levels[/ultimate_icon_list_item][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38676|url^https://www.syxsense.com/wp-content/uploads/2020/05/search-icon.png|caption^null|alt^null|title^search icon|description^null”]Identify and prioritize new patches[/ultimate_icon_list_item][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38684|url^https://www.syxsense.com/wp-content/uploads/2020/05/Calendar-1.png|caption^null|alt^null|title^Calendar|description^null”]Reduce IT staff time spent on patching[/ultimate_icon_list_item][ultimate_icon_list_item icon_type=”custom” icon_img=”id^38685|url^https://www.syxsense.com/wp-content/uploads/2020/05/Computer.png|caption^null|alt^null|title^Computer|description^null”]Manage your environment, including third-party patches[/ultimate_icon_list_item][/ultimate_icon_list]
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense|||” css=”.vc_custom_1589300664684{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Leave a Reply