The exposure time that many organizations experience when a security vulnerability is discovered can be an unnecessarily long and nerve wracking process. To begin, the fix for the majority of vulnerabilities needs to be provided by the vendor and until the vendor releases a patch that addresses the issue, you and your organization are exposed. Once you receive the patch, the exposure time continues to be extended until it’s actually installed on all your vulnerable systems. The time between the discovery and installation of the patch can be extremely long for a variety of reasons, including:
- Inflexible, outdated testing policies
- Time spent packaging up 3rd party patches
- Dependence on auto-updaters
- Lack of reliable reporting
- No independent scanning for unpatched systems
We need to break free from the old-school “test for 30-days” standard. In this real training for free session, we'll explore several ways to reduce these testing delays without sacrificing availability and stability. First, we need to determine the risk of implementing any given patch by taking the following into consideration:
- Which systems are affected and what is their risk level and value?
- Are the exploit details public?
- Is the vulnerability already being exploited in attacks? Are those attacks targeted or widespread?
- What are the pre-requisites for the attack?
- Does our environment have compensating controls?
If the answers to these questions indicate a high security risk, we need to determine how risky it is to stability. When necessary, the infosec team needs the option to follow an accelerated deployment process. In this webinar, I will show you ways to rollout the patch progressively so that any problems are quickly discovered without significant impact to productivity/availability and without wasting time with old-fashioned testing in the lab. Monitoring, reporting, communication and control are necessary to make this work but it’s essential in today’s threatscape.
But these are just the first steps. In this webinar we’ll also look at patch automation – especially for 3rd party patches, while leveraging the WSUS/SCCM foundation of many organizations’ patch strategy. And we’ll explore what are the real requirements for reporting and visibility, so that you can close the loop on your patch process with confidence that systems are truly secured.
SolarWinds is our sponsor for this webinar and their product manager Jamie Hynds will briefly demo Patch Manager, their awesome patch solution that integrates with WSUS/SCCM while giving you more control, better visibility and pre-packaged 3rd party patches. Download a fully functional 30-day trial of Patch Manager here and follow along during our webinar.
Please join us for this real training for free event.