Skip to main content

Strengthening IT's immune system

security
(Image credit: Shutterstock / Rabbit_Photo)

In the human body, vitamins, folic acid, iron, copper, selenium, and zinc support the immune system. Similarly, exercise and the requisite amount of sleep also help. We all know this, but don’t always stick to the guidelines of what is recommended.

It’s similar with IT: while IT departments know that their devices, servers, and infrastructure should all be kept secure, it’s sometimes difficult to keep on top of every element. Against a backdrop of an ever-evolving threat landscape, and newly discovered vulnerabilities, IT teams have their work cut out.

Cyber threats rose in 2020 as threat actors rapidly shifted toward Covid themed attacks, using malicious websites and malware targeted at remote workers. However, recent research found missing operating system or application patches to be the cause of nearly 60 percent of breaches in the past two years.

IT is very aware Microsoft, Adobe, and Oracle have been delivering software patches that contain bug fixes across their products on the second Tuesday of every month for years. However, for other vendors and products, updates are only available on the manufacturer’s website or must be searched for and installed manually within the program and are made on an ad hoc basis.

As a result, it is taxing for already thinly stretched IT staff to stay on top of multiple patches that are in different locations, from multiple vendors, and at multiple times. Additionally, when a patch is released, the vulnerability becomes public. This becomes the firing pistol in a game of cat and mouse between IT teams and bad actors.

A race between the attackers and defenders

Patches can be reverse engineered to determine how the vulnerability it solved can be exploited. The situation is even more urgent in cases where a patch closes a previously known or exploited vulnerability. The attackers know that their exploit will probably soon be ineffective and will be keen to use it as quickly as possible.

Attackers are often much faster than the defenders. It typically takes between 100 and 120 days for companies to administer a patch once it becomes available. This means that attackers have three to four months to exploit vulnerabilities. Not all of these vulnerabilities are classified as “critical” and allow attackers complete access to the attacked systems. Nevertheless, these figures highlight how many companies remain vulnerable to known and already closed security holes for far too long.

This situation has been exacerbated recently by the need for employees to work remotely. In a recent Ivanti survey, we found that 92 percent of CISOs across EMEA agree that they need to bolster their IT security measures in order to enable remote working. Home computers are not always adequately secured compared to corporate devices and remote workers could be expected to install patch updates themselves.

The right patch management strategy

Organizations should look to maximize visibility over all applications and devices in their ecosystems in their approach to patch management. Additionally, they need to understand the individual systems that are being used by employees so that updates and patches don’t fail due to issues such as lack of disk space or insufficient memory.

Being able to detect systems that are not restarted regularly and being able recognize redistributable versions of C++, Java, Adobe Reader, and similar software is a necessary capability that is often overlooked within this dynamic. These programs come with the installation of other software on the computer, but then run “under the radar” of the IT department. Usually, nobody knows what versions are actually required and what patch levels they are.

A solution that combines patch management, privilege management, and whitelisting in one solution allows devices to be patched via a free cloud component when they are outside the company network whilst the IT department remains in control of the process. Integrating patch management with a unified endpoint management platform will allow organizations to control what applications are downloaded to reduce occurrences of shadow IT and automatically install updates across their entire fleet of devices.

Additional capabilities that gather intelligence on patches and updates will relieve more of IT’s stress. Information on the reliability of new updates and on problem solving can be collected and aggregated from thousands of specialist forums, media reports, and crowdsourcing through automation. This enables administrators to decide quickly what patches they want to subject to a more detailed examination.

Automating routine tasks

Keeping software up to date with patch management significantly improves security. In addition, other routine tasks such as device and threat detection can also be automated.

Using software with built-in automation to discover what assets are being used to access business data will give businesses a real-time analysis of their software and hardware inventory. This ensures continuous visibility in real time through active and passive scanning, network scanning, and third-party connectors.

Automation can also be used to bolster compliance, user productivity, business continuity, and resource organization by frequently detecting and solving IT issues before users even notice them. The use of intelligent bots to process inquiries and complaints from employees can contribute towards faster diagnosis and resolution of problems.

The future of patch management

Using up to date software and knowing the status of devices is necessary for organizations to function smoothly. Basic prevention avoids many problems; regular checks identify issues before they cause serious damage.

Since IT staff must take care of hundreds or even thousands of devices, individual diagnosis and treatment isn’t possible without automation. The IT immune system is strengthened quickly, effectively, and safely with an automation solution that not only identifies problems and peculiarities, but also registers them and takes them into account for future changes—and repeats these tasks continuously and independently.

Companies should look deploy automation to maximize the self-healing and self-securing capabilities of their devices to proactively and automatically take on patching responsibilities and confront new threats where they can. Removing some of the onus from the IT department, allows them to focus on my pressing issues, promotes employee satisfaction and noticeably increases the levels of security.

Todd Schell, Senior Product Manager, Ivanti

Todd Schell is a Senior Product Manager at Ivanti.