What is patch management?

Why patching matters?

Author: F-Secure Business Security Insider
Date: 15.06.2015
Read Time: 2 Minutes

Every business has to do it, but no one really wants to. And I’m not on about paying the bills…

It’s all about Patch Management.

Here’s why it is important

Poor old Adobe were the center of some rather unflattering press last month due to their Adobe Flash Player. As Ifeanyi describes in his tech talk, for Adobe, it was a fortnight to forget. It started on the 22nd of Jan with a couple of CVE (Common Vulnerability Exposure) files released and then another on the 4th of Feb… and another bunch on the 5th leaving people asking the question – “How long until the next zero-day bug Adobe?”

We’re just using Adobe as an example here as it’s not just them but lots of commonly used business programs suffer the same. The level of CVE reports/ bug-vulnerabilities is actually growing and it’s not just Windows, Mac OS also has also experienced it’s own number of vulnerabilities over the years.

 

Total CVE Reposts.jpg

 

Are businesses doing enough to protect themselves?

 

Our own reports show that shockingly 87% of corporate computers are missing critical software updates.

missing critical software updates

 

Gartner reported that 90% of successful attacks occurred against previously known vulnerabilities where a patch or secure configuration standard was already available.

So we know patching is important. But what is the guidance on ‘doing it right’ and how can more businesses better protect themselves against the threat of unpatched software?

Best Practices:

Ifeanyi Nwabueze, F-Secure UK’s Technical Manager, highlights 4 great steps for a good patch management process and also a clear representation of the ‘Patch Decision Tree’ businesses should follow in his Tech Talk presentation.

F-Secure have a free feature within both their Business Suite Premium and Protection Service for Business (PSB) solutions called Software Updater which alleviates a lot of the time, resource and pressure on an organization.

F-Secure Software Updater automatically updates over 2500 different 3rd party commonly used programs. Using Software Updater can increase operational efficiency for a business, be cost-saving and also automate the timing and prioritization challenges that are faced.

Find out more about Software Updater here

You can also listen to a recording of Ifeanyi Nwabueze’s fab Tech Talk here

[Sources: https://web.nvd.nist.gov/view/vuln/statistics, F-Secure Study March 2013, Terrance Cosgrove, Gartner – Managing the Next Generation of Client Computing – 08.02.2011]


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s