2 hours 35 minutes
All right. Welcome to our second module. We're unless in 2.1, we're gonna be talking about patch management software.
All right, So in this video, you're gonna learn what is Patch management? Why is important, especially to vulnerability management,
what the patch management life cycle is. I think it's really great to kind of discuss this and talk, especially at an executive level. To really understand what this means can really help evolve your practices.
And then what software methods we can use to help us with our patch management. Let's make it easier. So what can we do to do that?
Okay, so I like to talk about statistics. We talk about patch management and really understanding why it's so important, Um, and kind of the challenges that come with it, because it can be difficult depending on the size of your team.
So 16,500 vulnerabilities were reported in 2018. That's a lot, especially if you have a big organization,
use lots of different types of software. It's a lot of vulnerabilities that were reported in 2018
so that can definitely be more challenging for small to medium businesses again, it also depends on the size of your infrastructure. If you're using cloud, you're still gonna have things that you need to patch, depending on what kind of systems you're using again. But it's important to understand that there's vulnerabilities
whether you're on primary in the cloud.
So 57% of cyber attack victims believe that patches would have prevented those attacks.
I think that's a really important number because these were people who were actually victims of cyber attacks. And, you know, looking back, you know, hindsight 2020 knowing that you know what? Maybe if we had installed those patches, we could have prevented these attacks.
So Patch management is so important to helping to prevent data breaches.
30 for 34% of those same victims from the same study said they knew about those vulnerabilities on. And I have the report in my references in case you want to review it. Uh, that's really important to They knew about these vulnerabilities. They didn't remediate them,
and that's how they got attacked. So that's that's really important. And, ah, why Patch management is so important, really remediating those issues,
um and then kind of what's the time between the vulnerability, disclosure and exploitation. This is kind of an interesting question because it can be, as we saw recently home with some of the Citrus vulnerabilities. You know, that could be pretty quick between disclosure and exploitation. Um, that's a big issue. Eso And
as Attackers get more sophisticated and they're tracking down these vulnerabilities,
uh, you know, they may exploit them very quickly. So it's really important, especially for, you know, critical vulnerabilities. Impossible. You know, exploitation. That's out in the wild to really get those taking care off.
So here's another statistic or talking about patch management. This one's from the Parliament Institute. They do really great reporting, I think Yearly and eso they have some great statistics. If you're interested. Companies which can pass patch fast enough due to lack of staff. 74% of companies.
That's, uh, that's a really big challenge, because, uh, you know, some companies don't prioritize the I T staff or the security staff to be able to handle that. Um, again, as I mentioned one of the earlier lessons in Module one.
Sometimes there's only one person in the I t shop, and that's very difficult to patch everything that you need to dio because you might be running I t and Security. Maybe they don't even have security scanning. So it's really important. Teoh
toe, look at maybe budgeting, you know, an additional resource are additional. Resource is that might be able to help with I t and Security.
So here's the patch Management lifecycle.
I think it's important to understand this from the executive management standpoint just because
there are a lot of steps here where we're talking about, uh, having a really mature patch management program. So first we have to discover it so that from security scanning to, you know, knowing we've got, you know, Java, 10 whatever. And we need to upgrade
eso discovering what's actually out there and what needs to be patched.
And then again, that categorization and prioritization so categorizing is the software is this firm. Where is this? A feature pack? What is it to then help Prioritize which ones were gonna patch first
so that we're gonna create our policy? We're gonna look at updates on and then that all flows into monitoring. So when are the new patches release? That's really what want monitoring is's. It's like our we've got our policy. We're gonna prioritize these things. Ah, but wonder they released
in the previous module. I discussed having even documentation. When you have all of your products, all of your applications listed, that you can go in and say, you know what? I know this patch. Let's take flash, for example, before it was rolled into Windows 10
was on a quarterly basis. So I can say, OK, you know what, Next? Next quarter. I know I'm gonna need to install this. I can add something to my calendar that says, you know, watch out, Adobe flash vulnerabilities or patch is gonna be coming out. You'll be ready, um,
uh, testing testings huge. But for smaller businesses, it might be more difficult to test eso having a test environment maybe isn't feasible. But if we can at least have some test machines that we can we can work on having one Dev server something like that, that we can at least test those patches on
makes a huge huge improvement
and configuration management. I brought this in to the last module as well, but people who can really you know, we've got a document the process. We've got to make sure we know what we're installing. Why we're installing it and where we're in selling it. So what systems are actually getting patched
on? Then we're gonna roll it out. We're gonna roll on our patch. We're gonna cross our fingers and hope that it works out. Um, you know, one of the challenges I see around the rollout, especially if you have lots of assets or if you have laptops, people you know may not be hooking up the network all the time. And maybe you don't have automatic patching in salt.
Um, were or enabled. So these people,
uh, aren't getting patches on their laptops, They hook up to the network and their whole system is just missing a ton, ton and tons of patches. And that could take hours for them. Teoh remediate so that roll out. There's always challenges around that rollout.
And that's where that auditing comes in to say,
Did everything actually get patched? You know, my my tool is saying I'm at 90% or 95% but is that really where I'm actually at? Did all these patches installed properly? Did they fail? Did it say it installed, but it didn't actually reboot the machine. So the passions installed, but still vulnerable because the machine was not rebooted.
Eso that's where that auditing comes in.
And then your reporting and analysis you have important say hate were at 95%. Hey, where 98% for patching, Um and really that analysis of that understanding that hey, we still these laptops or resold these workstations? For whatever reason, the patched in install Let's figure out what happened with those
on and then reviewing optimize. We're gonna head back to discovery work After we install that patch. We got to go back and say, What can we do to optimize this project of this project?
You know, for patch management? Can I automate some things? Can I say you know what, This server group or this workstation group patch immediately,
no matter what the patches patch immediately, I don't care. Get it done. Um, that can really, really help to optimize improve the patch management lifecycle.
So software type. So we're gonna talk about different software that we can possibly use in our patch management, um
process. So configuration management software. You have something like you could use service now, things that you can have work flows where you can at integrate, you know, applications, products. So that way, when you have your you're really talking about integrating I teen security, you can say, Hey, I've got this ticket.
I t is where security is aware are configuration management Team is aware, so we can all go in and say yes, we approve this change. Go ahead. Tickets closed, implemented. Done. Security can run the scan and verify
patch mission software. There's a lot out there. Um, you know, S e c m. I think probably being the big one just to mention can be really great. Um, so, uh, we're talking about patch management software. It's really about getting a solution that's gonna work for you.
If you're, you know, an apple heavy, um, shop. You might just do automatic patching. Just just let it upgrade. Um, but depends on your business case of what you're doing. But there's a lot of great, um, software out there
a learning software. So I mentioned in the previous model module us cert,
you can sign up for alerts. They have great alerting toe, let you know when patches are released. Um, you know, there's also you can also just like, as I mentioned the documentation to go through and say, Hey, I know that I'm gonna have these patches released on these days. I know I have this offer in my environment, so I'm gonna be
I already have that heads up knowing that these patches we're gonna be released,
um, automation products, all of these different things. Working together can really help to mature your vulnerability management program, automating whatever you can. So when I mentioned toothy, you know, having certain service that you could just patch immediately, you know that they will always be patched. That can really help cut down on the time it takes you to,
you know, have to put, push out other patches or install
ah, manually or on a delayed whatever you know, it helps to have that automation so that you don't even have to think about it. You can have less. Resource is if you have a smaller environment
and then a managed service providers, you know they can They can definitely help you to, uh, achieve a more secure environment or at least help, you know, with I t upgrades to make sure that they're secure.
So in today's video, we talked about what Patch management is, why it's so important. Uh, and then we dive a little bit deeper into the patch management lifecycle on and why that's really important to executive management to understand
and then some difference offer that can aid in the patch management process. Eso some different things, different tools that you can add to your tool belt.
So here my references. Thank you, and I'll see in the next lesson.