For many businesses, the discipline of patching only extends to Operating System level patching. Thanks to Microsoft’s “Patch Tuesday”, IT teams diligently push the latest critical Windows patches on a monthly basis and confidently say there’s a well thought out and executed plan for managing Microsoft patching.
Good for you! But... what about all those third-party applications running on your Windows machines?
Here’s a dirty little secret – quite a lot of organisations don’t bother patching these third-party applications at all, leaving you wide open to hackers. Software vulnerability research also shows that unpatched software remains one of the most common reasons your business is wide open for a cyber attack.
Is third-party patching too difficult?
Because there are hundreds of third-party (non-Microsoft) applications used across organisations, patching them appears more challenging. And this can be the case, as third-party patches have individual priority and release cycles.
This makes it arduous for IT Operations to keep an eye on all vendor's notifications about a new patch release - and then manually ensuring deployment to all the endpoints on the network. This is complicated, time consuming and error prone. And all too easily, they are disabled or ignored by users.
But it doesn’t have to be like this.
Let’s take a look at some of the strategies to put you back in control of your critical vulnerabilities to keep pace with the constant stream of security threats and number of patches out there:
1. Don't overlook 3rd party applications - better yet, prioritise them
This may come as a surprise - according to Flexera’s Vulnerability Review, 'Top Desktop Apps 2018', 33 % of the most popular non-Microsoft applications account for 65 % of the vulnerabilities. Tools like Adobe Flash Player, Google Chrome, Acrobat Reader, QuickTime, iTunes, Mozilla Firefox and Oracle Java JRE are your key culprits – and at least some (if not all) are installed on every single laptop and desktop in your company.
2. Develop an up-to-date inventory of 3rd party software
All installed software and version should be documented with business need. Without visibility of what applications are in use, you cannot patch for them. One of the reasons third party software is left unpatched is due to a lack of visibility around which applications are present within a larger network. This risk is made even greater when:
- Applications are installed without the authorisation and approval of the IT department
- Employees are frequently accessing corporate networks remotely
- A BYOD policy is in place, complicating the picture with users bringing different applications running on different operating systems that aren’t owned or controlled by IT
The discipline to account for the inventory across your network should take place periodically and applies not only your software applications but also across devices and operating systems. It only takes one computer in an environment to miss a patch, to threaten the security of an entire network.
3. Use a broad vulnerability discovery service
The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities to comprehensively scan your network and identify missing patches. A solution such as Flexera’s Software Vulnerability Manager has proprietary non-intrusive scanning technology to discover and track more than 20,000 applications across Windows, Mac and Linux platforms. By collecting intelligence across all systems that access your network, the system is able to validate, prioritise and determine the correct version of the patch or whether a patch was replaced or updated.
4. Create a regular patching schedule - and automate where possible
If patching is completed irregularly there is a stronger likelihood that patches will be inadvertently skipped. Manual 3rd party patching it is an extremely time-consuming task, which is often put off due to other priorities. Automation removes the risk of human error or oversight, enabling you to prioritise tasks based on vulnerability level - speeding up the remediation process and reducing overall risk.
5. Create Dashboards and Report Regularly
Readily available data on patch status is almost as important as patching itself. When malware such as WannaCry or Petya/NotPetya is released, an IT team must be able to immediately assess potential impact across their network. Customised dashboards allow you a clear understanding of the vulnerability status of your environment to focus on the data that matters - improving response time and reducing your attack surface. Regular reporting also ensures that you are able to keep your team and organisation well informed of the compliance status to policy and regulation.
So, what's the simple answer?
Ultimately, the answer lies in taking a holistic approach and deploying a management tool across all work streams to provide comprehensive visibility of multiple interfaces, and automation that provides IT professionals with critical control via profiles and policies.
Flexera's best-in-class solution, Software Vulnerability Manager (previously Corporate Software Inspector) provides a scalable solution for mid and large enterprises, using vulnerability intelligence from Secunia Research to prioritise the patch status of over 20,000+ applications - more than anyone else - and fully integrates with WSUS (Windows Server Update Services) and SCCM (Windows System Center Configuration Manager) to patch all your non-Microsoft applications and systems.
Take back control. Close the doors to cyber threats.
Want to learn more?
About Comtact Ltd.
Powered by a dedicated team of software vulnerability specialists, Comtact help give you tools, support and services to intelligently manage your critical software updates. With expert deployment, 24x7x365 support and fully managed 'Patch Management-as-a-Service' options, Comtact works with many of the UK's leading organisation to to simplify your software vulnerability management.