Every IT manager knows that patching is a critical part of maintaining IT infrastructure yet it’s often left in the ‘too hard’ basket. While many organizations have gotten away with not patching in the past, this window of low risk is coming to an end. With the success of the WannaCry ransomware spreading through unpatched vulnerabilities and the falling rates of success using solely social engineering, an increasing number of malware authors are relying on unpatched vulnerabilities to gain a greater reach for their malware.
Patching windows using inbuilt management tools is no longer enough. Many exploits are now drive by through a vulnerable web browser or emailed to victims through malicious attachments and opened with a vulnerable version of Microsoft Office or Adobe Reader.
Today you need a patch management strategy, not just a set and forget ‘Patch Tuesday’. Part of your strategy should consider:
- What software is in use and can it be exploited from the Internet or by access to the Internet?
- How do we detect and prevent unsupported and unpatched personal software from being installed by users?
- How do we detect failed patches – both simple installation failures and patches that cause conflicts and outages?
- How do we pre-test patches and plan outages on high criticality servers and infrastructure working within difficult internal service level guarantees?
- How do we keep gold images and machine templates up to date, so that new machines don’t start life vulnerable?
- How do we keep a record of activity to prove compliance with various industry standards?
With the right tools, patching doesn’t have to be difficult and this is where SpearHead Networks can provide you with a range of patching services from single applications to entire 24 x 7 high available environments. If you want to ensure you’re not leaving yourself open to a self-propagating malware, contact SpearHead Networks to see how we can help you develop a patching strategy to keep your environment safe and secure.