With software development cycles accelerating and an onslaught of software patches released weekly, it’s a challenge to find the time and resources you need to keep your network up to date. As most IT managers and admins know, there comes a time in most scaling environments to move from manual workflow to automated processes. Software patches are definitely in that category and can bring a great deal of benefit to the organizations who implement them.
Risks of Not Having an Automated Solution
Before going into the benefits, we’re going to take a look at some the risks of NOT going the automated route. Certainly, the most obvious risk of a manual process is the possibility of human error, forgetting to install patches or doing so incorrectly. While most IT admins run enough manual processes to manage software patches effectively, there’s always a risk, and the risk is big. Out of date software is one of the most frequently targeted security holes in a network. According to InfoWorld, 50% of all attacks come by way of out-of-date Java software alone. A close second after Java are adobe products, especially Acrobat Reader. Failing to quickly and consistently patch products leaves networks wide open to advanced malware attacks that can compromise data and negatively impact an organization and its reputation. What’s more, if your organization is bound to any regulatory requirements around compliance a security breach could very easily become a costly legal issue.
If your organization is relatively small and on a tight budget, then it may be cost-prohibitive to go with an automated solution. That said, if you manage 20 or more servers, your IT department will end up spending a whole lot of time just managing patches. This simply isn’t sustainable. Nor is it scalable or safe. It can also hamper network performance as unpatched servers may need to be pulled out of service until their security-critical updates arrive.
Lets Talk Benefits
Aside from the immediate corollaries to the risks presented above – a more secure network – are the cost and time savings of going with an automated solution. Once you’ve liberated yourself and other IT staff from the salt mines of manual software patching, the real fun begins as you plan what to do with all of that spare time. Maybe it’s an exciting new enterprise software implementation project you’ve been putting off, or a company-wide hardware upgrade. Once you’ve set up your new automated system and ensured that it’s working as it should, you quickly find yourself on the other side of the IT value chain, where the time you save can immediately be reinvested in high value, high return technology changes in your organization.
Because patches not only include fixes to security vulnerabilities, they also include new features and enhancements, an organization that effects these updates gains immediate access to these enhancements. In customer service oriented companies (shouldn’t we all be service-oriented), this can have a considerable positive impact on customer satisfaction and communicate a culture of being up on the latest technology.
How it works
If you are new to the world of Software Patch Automation solutions, it’s good to get a basic lay of the land. As we aren’t product reviewers, we won’t be naming any names or making any brand specific recommendations. We will however try and help steer you toward the category best suited for you.
Most automation tools to update patches are either classified as ‘agent-based’ or ‘agentless’ systems. An agent-based system means the patch server relies on the agent installed on the target computers to update the software. It uses a ‘pull’ technology which is best suited to manage most threat management tasks.
A standalone patch monitor software solution requires an admin to install the agent on every computer. The software will generally include agents that run on Windows, Android and iOS. Ideally, the monitoring and management software includes the patch management software within the package purchased or licensed. The installed agent can cache patches on the target computer, send alerts and retry a patch installation in case an attempt fails.
Agentless systems use a centralized design and ‘push’ technology. These are best for performing patch management on networked machines.
TIP: When a patch is available, the recommendation from the vendor is to push it to all computers as soon as possible.The vendor will have tested the patches in their dev or test environment prior to the push. While they cannot validate against every piece of software, they take into consideration most common environments. As such, and to ensure a trouble-free patch, it’s a good idea to test the patch in your own test environment to confirm the fix and check to see if it breaks other features or anything else in the network.
Selecting the Right Solution
A number of items need to be considered when selecting the right solution. These items include:
- # of platforms supported
- # of systems to be patched
- Existing expertise of personnel
- Existing Management Tools
- Budget
- Features/Benefits and ROI
- Cost to configure and maintain the solution
Each organization has unique needs that will vary and ultimately influence the selection, design and implementation of the solution. Performing a detailed assessment of your organization’s needs will play an integral part in establishing the correct requirements.
To Automate or Not to Automate, that is the Question
In large organizations, a strategy to secure and protect the network is imperative to maintaining the integrity of the organization. A poorly patched network increases the risk of falling victim to malicious attacks and may put the organization at risk of compliance breaches and even legal action.
There’s no question but that as organizations grow, automating the patch process quickly becomes a necessity. The selection of the solution will be dependent on the unique and specific needs of the organization.
Leave a Comment