Imagine a kingdom facing invasion from a hostile and determined foe. The citizens band together to build the highest and widest walls possible. They erect battlements, dig deep moats filled with water, forge mighty gates of the strongest metal, and spend countless thousands of hours making sure they are fully secure – only for all to be lost as someone forgot to lock the back gate being used to take out the garbage.
A similar situation is haunting modern enterprise “kingdoms.” Businesses are spending a fortune on cybersecurity – as much as 20% of the overall IT budget. They are deploying intrusion detection and remediation systems, endpoint management technology, Security Information and Event Management (SIEM), threat detection, ransomware prevention, next generation firewalls, Zero Trust Network Access (ZTNA), multifactor authentication (MFA), Secure Access Service Edge (SASE), and a host of other solutions to remain free of breaches. But the entire team is being let down by one little patch that was never deployed on a critical server. Result: the bad guys get in, hold the organization to ransom, extort millions, and live to wreak havoc another day.
This situation is far closer to reality than fairytale in many organizations. Orange Cyberdefense’s Security Navigator 2023 report revealed many startling findings. But by far the most shocking was the state of enterprise patching. Researchers found that businesses are taking an astonishing 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally still takes more than 6 months to deploy a patch.
Take the Log4j vulnerability. Originally discovered on 9 December 2021, that means that on average, most organizations hadn’t deployed the many patches released to counter Log4j until July of 2022. How could it be that this vulnerability was labeled by many as one of the most serious that had appeared in years, yet so many chose to ignore the warnings and left the patches gathering dust?
Why So Long to Patch?
What might be the reasons why it could possibly take so long for organizations to deploy urgent patches? Complacency and neglect are certainly factors to consider. Functions like patching and backup are often taken care of as routine and non-emergency duties. Perhaps initially, they are given importance.
New patch management software or services are obtained. Best practices are discussed and implemented. All is well for a while. But over time, these functions receive less and less attention. They are perhaps still done, but fewer eyes are on them, no one bothers to check whether patching was deployed correctly, whether new systems and devices were added to the patching schedule, how long patches took to deploy, or how many patches are currently backlogged.
Testing is another area where organizations can inadvertently cripple patching effectiveness. Once upon a time, they may have suffered some problems due to a glitchy patch that caused downtime. They institute a lengthy and laborious patch testing protocol which, in reality, means that every patch has to go through testing before being sent anywhere. As a result, some patches take an age to be deployed.
There is no time to lose in installing priority patches. Syxsense provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches rapidly across the wire once and then use peer-to-peer within the network for local distribution. This ensures there are no network bottlenecks blocking patch delivery. In the case of a patch or update that causes incompatibilities in other systems, patch roll back features allow you to return systems to the state that existed before the implementation of a new patch.
Lack of Automation in Patching
Lack of automation, too, can dead-end organizational patching. If it remains a manual process, it becomes all too easy for someone to forget to deploy patches or omit transmitting them to half the devices in the network. With hundreds or even thousands of endpoints to manage, lack of automation can delay the implementation of critical patches. Automation saves time as IT no longer has to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.
Additionally, there are factors such as incomplete inventorying of devices and poor reporting. It is one thing to say all systems are patched and fully updated. But it is another to be able to prove it. Comprehensive inventorying and reporting are vital.
Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides immediate turnaround for the testing and delivery of patches as well as peer-to-peer technology that delivers patches to all devices fast.
For more information, visit: www.Syxsense.com