The popular English saying, prevention is better than cure, holds true when dealing with an organization’s network security.
An important part of ‘prevention’ is achieved through proper patch management – emphasis here on ‘proper’. There are certain procedures you have to follow before deploying patches, and after the patches have been installed. Cutting corners can cause those same issues you are trying to avoid. Here are the three main steps to take for proper patch management:
- The importance of pre-deployment testing:
First of all you need to set up a proper test environment to mitigate the risk of system instability. Without a proper test environment, you’d be unable to ensure that the patches you are about to deploy do not conflict with your setup. In some cases, this might even prevent the system from starting up, something you would want to avoid at all costs. This test environment should closely mirror the actual environment where you will deploy the patches.
- A patch in time…
Delaying patch deployment means that unpatched vulnerabilities can exploited by hackers until they are fixed. That said, one should not rush the deployment process – proper testing before deployment is crucial. It is also important to note that patches should be prioritized in terms of severity and applicability to your environment. Critical patches should be deployed as soon as possible; with the others following in batches until all systems are fully patched.
- Double-checking goes a long way:
Failing to verify whether patch deployment has been successful can leave you just as vulnerable as if you did no patching at all. Patch deployment can fail for several reasons. If you do not re-scan the system after deployment to ensure that patches are no longer required, you are assuming that everything is fine. Only by double-checking that patches are no longer needed can you be sure the job is done – until the next round.
What’s your Plan B?
Failing to have a disaster recovery plan can prove to be a painful and costly oversight. No matter how many safety measures you take, you can never be sure that nothing will go wrong.
Even the most thoroughly tested patches can find an unexpected combination of software and hardware on the live network that causes the patch to fail, eventually taking the whole system down. It is essential that you are ready for such an eventuality. A disaster recovery plan will provide detailed instructions on what needs to be done in order to restore a system back to operational status as quickly as possible.
Proper patch management requires a bit of foresight and planning, but it’s definitely time invested sensibly. If all the right steps are followed, your patch management process will help you avoid many headaches and stress.
This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.
All product and company names herein may be trademarks of their respective owners.