By Robert Brown, Director of Services
A few years back, business came to a grinding halt for a European supermarket chain when it was infected with the Conficker virus. The virus caused the system to slowly use up all the system resources at more than 500 stores and 20,000 devices until they all stopped working, leaving all the company’s stores virtually in the dark. Worse, the virus was able to remain in memory and allude the incumbent antivirus solution, leaving lasting effects from this a very nasty virus for the company.
An effective patch management process, in addition to antivirus solutions, can proactively close the holes that are so often used by hackers to gain access to data. While an antivirus solution will always be needed, patching is equally as important, if not more so.
Antivirus solutions don’t actually stop viruses from infecting your system, they merely clean them after delivery. In the supermarket example, contractors were hired to manually connect to each device and clean the virus using tools provided by its existing antivirus company. After more than 10,000 hours of overtime and countless hours of change management, the system was presumed clean of the virus.
But, they didn’t install the latest patches, so after all this, the company still wasn’t safe. One week later, the virus, still lurking in exposed areas of the system, spread through the system again. The company had to repeat the remediation process. This time, each system was patched to ensure the virus was properly held at bay.
Avoiding doomsday scenario with proper patching
The first step in protecting a system is to set a strategy for regular and effective patching along with an antivirus protection plan. Guessing on timing or randomly downloading patches will result in bad, or ineffective, patching. Companies that do not have a fully supported patching policy often end up blaming the product for the problem. If they had deployed the patches with proper testing, they could have avoided this negative perception. Look for the right solutions partner or patch service to help you set up a regular patch policy and toolset that fits your company.
How to start patching effectively
There are a few steps to follow to get your company’s infrastructure to where it needs to be – safe from exposure and running as efficiently as it can:
1. Scan and identify missing updates, then rank them by risk. Be proactive. You want a safe environment and optimum performance with your machines; filling in the gaps of missing updates by maintaining patch policy will get you there. Start by scanning and identifying updates on endpoints. Your solutions partner can help you detect what is missing on what device, no matter where your endpoints are. Don’t leave out any devices under your Bring Your Own Device policy. Those users could unknowingly expose the company to exploitation and viruses. When they come back to the office, the infection spreads to the network and – boom – a cyber-attack happens.
To rank which patches you need to tackle first, use severity and exposure to prioritize the order of which patches to deploy first. You can look to the Common Vulnerability Scoring System (CVSS), a free and open industry standard for assessing the severity of computer system security vulnerabilities to help you determine which risks get patch priority. The Department of Homeland Security uses CVSS score when reviewing specific risk to business structure and networks.
2. Test before deploying companywide. Before you set off into deploying patches, you’ll need a testing strategy. Not all patches are the right version for your devices and software. Identify those that most appropriately match, then make a few test runs to be sure all will run smoothly. First, don’t start with your own device; you’ll need it to correct any issues. Second, check to see if the patch has an uninstaller – one of the most important things in any testing strategy. If the patch has no method to uninstall, you have to do extra tests. Next, communicate that you’re about to update and give your coworkers the instructions they need to follow to ensure the patch is successfully deployed. Just to make sure it did, watch the installation run on a colleague’s machine. Finally, always test with an open mind. Take note of what happened, what failed, what needs to be tweaked. If you see a failure after deploying the patch, you should go back, uninstall the patch and reinstall it. Investigate if the issue is in the hardware, device or the software.
3. Schedule patch deployments to suit your business. Don’t wait until you have the IT hours to implement a round of patches. Set a specific day each week, or month at the least, to deploy any necessary patches and stick to it. Make this time a priority in order to save your company time and expense in correcting the problem after a breach has occurred.
4. Report any repair activity and patch deployment success. Reports that show any breakdowns and what was done to repair them are especially helpful in determining how the next patch will go. Reporting on your success has many benefits, too. You can show company leaders where you were, how dangerous things were, and let them see the success and increased security as each patch clears. Without the reports, you have no tangible evidence and return on investment. You and your team are doing a great job – reports can show measurable success and efficiency helping you get the recognition your team deserves for saving the company from risk and from financial inefficiencies.
5. Design an efficient remediation plan. If something goes wrong, you’ll need a remediation plan based on your reports. The reports will also guide you in providing repair information to help you complete change management.
Antivirus solutions alone will not protect you from a security breach. Adding an effective patch management strategy is the key to keeping your data and your company safe from cyberattacks and running efficiently. Avoid a doomsday scenario with proper patching, so your company won’t be left with a crippled infrastructure exposed to unnecessary risk.
Learn more about patch management with Syxsense.
This article was originally posted on Homeland Security Today.