Show
Patch management is the process of distributing and applying updates to software. These patches are often necessary to correct errors (also referred to as “vulnerabilities” or “bugs”) in the software. Common areas that will need patches include operating systems, applications, and embedded systems (like network equipment). When a vulnerability is found after the release of a piece of software, a patch can be used to fix it. Doing so helps ensure that assets in your environment are not susceptible to exploitation.
This video covers the basics of patching, including what it is and why it is important. You’ll also learn about the common sources of patches—OS vendors, application vendors, and network equipment vendors—and how patch management tools such as BigFix and Microsoft SCCM can help you remediate vulnerabilities. For more details on patch management, its benefits and best practices, continue reading below. Why do we need patch management?Patch management is important for the following key reasons:
How your organization benefits from an efficient patch management programYour company can benefit from patch management in a variety of ways:
The patch management processIt would be a poor strategy to just install new patches the second they become available for all assets in your organization's inventory without considering the impact. Instead, a more strategic approach should be taken. Patch management should be implemented with a detailed, organizational process that is both cost-effective and security-focused. Key steps to the patch management process include:
Patch management best practicesSome best practices to keep in mind when implementing patch management include:
Embedding patch management into your vulnerability management effortsPatch management is a vital part of every vulnerability management program. However, having a consistent approach to patch management doesn’t always mean slapping a fix on everything in sight. When a vulnerability is identified, you essentially have three options:
It’s up to organizations to decide which option is best for them in specific situations, though patching is the ideal treatment to ultimately strive for. The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference. Though both strategies aim to mitigate risk, patch management (the process of managing software updates) is limited in scope. To gain a deeper understanding of your environment and make informed, impactful decisions, you need to move to a more holistic approach through vulnerability management. Vulnerability management is a continuous process of identifying, prioritizing, remediating, and reporting on security vulnerabilities in systems and the software that runs on them. Patch management is a critical component of vulnerability management, but it’s just one piece of the puzzle. To successfully embed patch management into your vulnerability management program, the following steps should be implemented:
|