Time
2 hours 35 minutes
Difficulty
Advanced
CEU/CPE
3

Video Transcription

00:01
All right. So welcome to module three. This is less than 3.1. We're gonna talk about patching cycles, so we're gonna get a little more in depth with patching cycles.
00:11
So in this video, you're gonna learn, um, how patching cycles are associated with software. Uh, how to schedule that patch management to improve work flows. We touch a little bit on that on the next module, so we're gonna expand on that. How to remove end of life for redundancy, offer to increase efficiency.
00:29
That's my favorite topic when we come to vulnerability management. So
00:32
excited. Discuss that. Excited to discuss that one.
00:37
All right, So what we're talking about patching schedules.
00:40
Let's let's hammer this home because we need to understand how many applications to our users have.
00:47
You know, depending on the environment, you might have users or allow users to install software. Um, if they need Teoh or you have admits who may be installed, software lets you have 15 different admin is they all have different choir mints. They want install different software. All that software has to be patched. So we need to understand, you know, how many applications do we really have
01:06
eso again to control those installs. If not, how many do we have? We got to figure that out. Let's find out how much software we have.
01:14
How many varieties of hardware and firm? Where do we have, you know? Do we have six different instances of Dell servers, you know? Are we using the same model? Are we not? Are they using the same firm? Where do you Physical or virtual desktops? Do you both? Are you trying to migrate to virtual desktops?
01:30
Have you already migrated? Virtual desktops? Attorney Harbor left over. Those were all considerations. When we're talking about a patch schedule,
01:38
how many servers? What's your west level? Do you have server do so, Server 2008 do you? 2012 2016 2019. Are you in the middle of upgrades? Because if you're in the middle of upgrades and you have 2012 2016 2019 Windows server, you have to maintain all of those to make sure they're all patched appropriately.
01:55
Um, so that's that transitioning from Windows seven to Windows 10. Or do you have Windows 10
02:00
You know, 17 09 And you need to upgrade to 18 03 or whatever the version might be of Windows 10 s O. Making sure you understand what your OS levels are.
02:10
Uh, And then whenever the patch is released weekly monthly, quarterly
02:15
randomly. Is there no schedule their just released whenever, um, that we have to consider are zero days or consider, you know, Hey, patches might come up randomly and we got a patch him immediately.
02:28
So how can we improve those work flows? We have all that information that we need to use to create our patch management schedules. So how do we use that to improve our workflow?
02:37
So let's determine our level of effort. So we've got all this information. We know how many different OS levels we have. We know the number of applications. So determining that level of effort based on that is also gonna work with how many resources we have that's gonna help us determine the level of effort. Because if we only have,
02:54
let's say three people and we've got 10,000 systems,
02:58
it might be quite challenging eso Let's figure out what that level of effort is, and maybe we can lower that level of effort by combining a West levels or getting that upgrade done more quickly. So that way we have less overhead
03:12
so we can schedule updates in combination. You know, if we're upgrading images, especially server images or desktop images. If we have a virtual environment and we're using images that way, let's get as many patches done at once instead of saying, you know, today I'm gonna do Windows 10 tomorrow I'm gonna do java.
03:30
The next day, I'm gonna do Adobe, maybe schedule a day and say,
03:34
You know, I'm gonna upgrade, update all of my images with all this software. So that way I have a weak breathing room for the next patch that I can focus on other projects.
03:43
Um, and what requirements do you have? Your reporting requirements? Do you need to follow? Do you need to have some sort of spreadsheet where tracking vulnerabilities and what you're patching, um could use a different patching program? Is there something out there that maybe he's more effective for your environment maybe makes more sense
04:01
for the type of environment you have? So
04:03
researching different software, as we discussed in the last module could really help to improve that workflow?
04:10
Um
04:12
and again as we mentioned last module. If you are behind on patches, it's very possible it happens. You know, consider adding dedicated resource is for a short amount of time. So maybe push off, you know,
04:24
push off another project to sell for a project, maybe for a month, and just say, you know what? We I can't install this new software yet. We need to fix what we've got going on now so we can add those dedicated resource is knock out the vulnerabilities pretty quickly and then move on
04:39
reducing redundancy. Uh, this is so huge. I feel like this could make such a huge impact on an environment. Um so first, let's let's get our baseline. What do we have already installed?
04:50
Um, and that can also help. What are we not using anymore? I can reach out to system owners or application owners and say, Do you still need this? Are you still using this States? This seems like old software, and I see it installed. Can I just remove it? That can really help to reduce the amount of patching and vulnerabilities in your environment
05:09
again? How Maney Os versions do you manage? Do you have window. Steve Lennix, do you have Mac? Do you have engineers to support all of those systems? Do you have mobile devices to? Are you using laptops? You have tablets? What are you using? How are you patching them? Um so having that mobile device management as well really plays into reducing redundancy, too.
05:30
Can users share licensing?
05:31
If you have several organizations within your organization, can you share some licensee like, let's say, we need Adobe professional for all of our organization, our entire organization. But somebody's using this other program, and someone's using this other program. Well, let's let's just work together. Let's combine our budget for this.
05:49
We can each take a piece of the pie and share that licensing work on that new cost model that might actually save you money askew. Go on.
05:59
Uh, determining the needs of those departments. This is again where you could have a POC from each department come together and say, This is critical for me. This isn't, you know. Let's let's get rid of stuff we don't need
06:11
Ah, And then have your security teams make recommendations on software. You know, if you've got a great I t. team, our security team. They can try to help. To say, you know what? This might be the more secure solution instead of this third party to Well, maybe try this other one. Um, getting rid of end of life software. This can save you so many headaches. Um,
06:30
because end of myself was not getting patched anymore.
06:31
It needs to go. Uh, but it can be really tough to do that, especially if you have people that rely on it. So again, as we discussed in one of the first modules,
06:41
if we can't get rid of this end of life software, at least not today, what can we do to get rid of it? Or how can we secure the software that we have? So we can at least, you know, keep us secure for the time being.
06:55
So in today's video, we talked about how patching schedules might affect resource is timing for actually getting those patches installed. How to improve our workflow, streamline passion cycles. It can really reduce overhead if we're talking about streamlining, patching on how to reduce redundant applications in an organization,
07:14
um, this can also help reduce costs, you know, from an executive.
07:16
Ah, management perspective, reducing costs and applications that that could be You could help to put that budget elsewhere.
07:27
All right. And that's the end of the video. Thank you very much. I'll see in the next lesson.

Up Next

Executive Vulnerability Management

This course covers vulnerability management from an Executive Leadership level, and to help Executive Leadership understand the challenges of implementing a vulnerability management program, including implications if it is not set up properly.

Instructed By

Instructor Profile Image
Nikki Robinson
Cyber Engineer
Instructor