1 hour 23 minutes
in the last video, we talked about classifying and ranking risk
In this video. We're going to talk about patches and the importance of testing.
Let's take a look at the learning objectives.
We're going to cover the importance of testing,
and also we're gonna cover patches.
Look at the pre assessment.
It has always say, for organization to get patches from third party Web sites. Is that true or falls?
This is actually false. It is always safe or organization to get patches
from the vendor.
Okay, so let's talk about patches.
Patches have systems that could still be vulnerable after his patch.
That's so for books
and also to have test patches as well.
After software vendors rewrite pieces of an application.
The resulting healed so for a compilation or patch
can still be vulnerable to other books.
So where vendors are often pressure to release a patch quickly
and dispatch potentially cause a conflict with other applications on your network.
As a result,
you need to pre test patches before applying them to life systems.
Some fall into patches, have inadvertently crashed business process,
So talk about testing
test patches before applying and production environment
test patches against organizations, unique environment
verified check sums
and get patched directly from the vendor.
So it's for the checks to check some of the basically two checks and balances
of these network infrastructure
just for clarity.
To ensure the testing takes please in your organization's unique environment,
most problems would patches or due to third party applications or modifications to default configuration settings.
Organizations need to verify
checks. Ums, which is a redundancy check to preserve integrity of data,
pretty good privacy signatures and digital signatures to confirm the authenticity off any patches being deployed,
you can further verified as by getting patches directly from the vendor.
that the patch correct the vulnerability without affecting applications and operations of the business process.
So as far as the test results,
does the patch actually work?
Is there a negative impact
to business systems?
So five and fixing security problems is the core of vulnerability management.
Traditional manual processes for fixing floats and suggesting patches and other remediation actions are for to slow, error prone and expensive.
Sometimes the high cost of patching couple with the high volume flows detected and vendor application encourages organizations to delay remediation
organizations made the lay up dates, even for critical patches until multiple patches service, Paige's or regular monthly, quarterly or annual update process
Unfortunately, the delay can be a fatal strategy because Attackers quickly detect potential threats
the window between flow and exploit It's constantly shrinking.
So here's a few guidelines for PATCH.
Get the immediate vulnerabilities as quickly as possible and minimize risk,
giving first priority to the most critical issues facing
your most critical systems
yet to automate the patch management and sulfur distribution solutions that can help speed this process and keep calls to a minimum,
you have to help.
You have to integrate patch management without a vulnerability mansion processes,
which has been a fish.
So look at the post assessed.
You do not need to test patches before implementing them in the production environment.
Is that a true or be false?
This is actually false.
You have to test
all patches before implementing them into the production department.
In this video, we talked about patches and importance of testing.
In the next video, we'll talk about applying patches
Fundamentals of Vulnerability Management
Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.