Patching software and restarting your client device sure is a nuisance. You didn’t ask for it, it takes time, you ‘re busy with other tasks, applications need to be closed and so on. The same counts for server admins. And that’s why a lot of recommended patches remain ignored.
Server patching requires more than just applying a patch. First you need to know exactly what hardware and software assets remain in your IT-environment. Because of the simple fact that you can’t manage & protect things you don’t know exist in your environment.
Cybercriminals discover new weaknesses in hardware and software that were never meant to be, we call them vulnerabilities. Those vulnerabilities are then included in automated scans and intrusions within 48 hours after detection. Often by affiliated cybercrime gangs. Renown vendors like Microsoft, Cisco, SAP, VMware, Citrix must be attentive for such so-called zero-day vulnerabilities, and react against the clock to provide a fix to disable the vulnerability in their systems.
The other scenario is when the same renown vendors are fixing known weaknesses and release them regularly (i.e., Tuesday patches by Microsoft on a monthly basis). What happens then is that cybercriminals will reveal the patched weakness by using reverse engineering. Within 48 hours the hackers’ world will have identified the weaknesses and will include those in their automated attacks, and hack systems that aren’t patched yet.
Indeed, that’s how fast it goes in 2022. This means you need to have applied patches within 48 hours on all affected servers and/or systems.
Patches are software corrections changing the code of existing programs, operating systems and firmware to fix potential security vulnerabilities or other issues. Patches are designed and tested and can then either be applied by a human programmer or by an automatic tool. Several kinds of patches exist: hotfixes, security patches, service packs, etc.
Patches should be applied following a few best practices. When you start your patch management process, and you don’t do things correctly, it can disrupt your business applications, and cause harm in your organization.
Don’t underestimate the importance of patching your software, servers, and operating systems. It will save your organization from hackers entering an open backdoor in IT and getting access to your entire network and data.
Make sure all patches are up to date and give priority to internet-facing systems & systems containing sensitive data. By having an effective patch management, you will be able to save your company from being the next victim.
Vid pennan/ Erik van Woerkens, CAG Engvall Security
Bolag: CAG Engvall Security
Grundat: 2011, del av CAG sedan 2017
Branscher: Försvar, Myndigheter, Handel & Tjänster, Bank & Finans, Industri, Hälsa & Vård
Specialistområden: IT- och informationssäkerhet
Passion för utveckling: Att hela tiden ligga steget före och utveckla säkra och trygga lösningar för våra kunder.
Adress: Kungsgatan 37, 111 56 Stockholm
Annika Rogneby
Sälj- och Marknadschef
CAG Group