The Importance of Patch Management
The threat of malicious virus and worm attacks on Microsoft based systems has been increasing which is forcing businesses to reevaluate their organizations security needs to better protect their systems. Microsoft produces security patches for their system vulnerabilities and makes them available to users. Research has shown that the most efficient way to protect against attacks is to ensure that every machine in a system has the latest patches installed. It is noted from past experience that If one computer in a system is not patched, it can threaten the stability of the entire system. To facilitate this process, it is recommended that organizations have a patch management system as a crucial component of system hardening. A patch management solution typically contains the following processes:
- Audit software in production environments as a way to evaluate potential security threats, vulnerabilities, and policy non-compliance’s.
- Patch identification and download. Determine reliable sources that release stable patches in a timely fashion.
- Patch testing. Patches should be tested and validated, for example, test patches in a test environment before applying them in production environments.
- Patch approval. It is necessary to maintain strict control over changes in a an environment. Every patch management system should have a formal approval process.
- Patch deployment. Patch deployment should be planned, prioritized, and scheduled. An automated system helps facilitate this process.
- Patch verification. Systems should be carefully monitored after patch application to ensure that patches are working as intended, and ensure they have no negative impact on the system.
- Compliance management. After a patch is applied system baseline information should be updated.
Since Microsoft based systems are a favorite target for attackers, the implementation of a formal patch management system, preferably automated, is highly recommended within any business production environment (IBM Knowledge Center, n.d.).
References
IBM Knowledge Center. (n.d.). Why patch management is important. Retrieved November 24, 2016, from
http://www.ibm.com/support/knowledgecenter/SSTFWG_4.3.1/com.ibm.tivoli.itcm.doc/CMPMmst20.htm.
