Long ago, I adopted a mantra for IT security and management. I have repeated it countless times in my career, and it is still a powerful motivator. I’d like to share it with you, in the hope it serves the same purpose:
In IT, losing a work station qualifies as a bad day. But losing a server is a career-killer.
All it takes is one false step… as this recent blog for ControlNow highlights. Considering today’s threat landscape is loaded with landmines, navigation is nothing to take lightly. That’s why effective patch management is so important.
What can you do to master patch management? Try these five tips:
Patch less (or less frequently, at least)
Yes, you read correctly. Here’s how you do it: Evaluate whether the applications on business machines are still necessary. It may surprise you to know an audit of machines often reveals that certain third-party applications are no longer needed.
Removing these applications enables you to:
- Reduce the level of vulnerability on machines
- Spend less time patching because the machines require fewer updates
Across the company, you’ll likely see significant savings – not to mention fewer inconveniences for users.
Shut down the ‘shut down’ option
No, your eyes are not deceiving you. Adjust the settings so users don’t have the ability to power down their computers via the “start” button. This may seem harsh, though it really shouldn’t be considered as such.
Users can still shut off their machines by pressing, and holding, the power button. But if you only give them the option of logging out, their machines are more likely to remain on. Therefore, the likelihood increases that those machines will be running when you do after-hours patching.
(Piggybacking off that last point, the ideal time for patching is when the network is less congested. Patching after working hours is less likely to impact business operations.)
Pick one way to patch
If you purchased an automated tool for patching, disable the third-party application that does the same job. Rely on your tool that’s designed to give you visibility and control. Multiple patching solutions running simultaneously can cause problems.
Before you patch, restart all machines so they’re in the same state (read: no applications running in the background). Patching opening applications is fraught with risk.
Take patching a web browser, for example. It’s tough to update the latest version if a number of tabs are open.
And remember to reboot your machines after the patches go out. It’s also a good idea to schedule a vulnerability scan after patches are installed, so you have a verified record that the patches were successfully implemented.
Beware of bad patches
Stay informed. Monitor social networks and forums like Twitter and Spiceworks. If a bad patch is in circulation, reputable organizations like the SANS Institute will raise a red flag.
It’s always important to know what your IT peers are encountering. They can provide a wealth of knowledge.
They may even suggest this: Stagger your patching. Give yourself wiggle room – in case you need it.
Ian Trump is ControlNow Security Lead at LogicNow. The company’s hosted IT security and management platform is built specifically for today’s in-house system administrators.