Patch Management can be implemented through multiple methods. It can be done quite easily through an automated process or through a manual process. There are advantages and disadvantages for each method of patch management implementation processes.
Patch management is a process that involves acquiring, testing, and installing of patches to computer systems. Enterprise computer systems are made up of servers, workstations, laptops, smartphones and other devices connected to the enterprise network. It must be mentioned that the ways of implementing patch management have evolved over the years.
Servers have to protected. Servers run on different types of hardware and operating systems. Each of these requires different patch updates. The operating system providers release patch updates periodically. These patches are designed to fix bugs and vulnerabilities. When an exploit has been detected and reported, operating system providers immediately work on finding out ways to plug the vulnerability. These are released as special hot-fixes, and they alert users of that operating system of the vulnerability and the available patch fix. The IT administrator must apply the patches to safeguard the enterprise IT server systems.
Typically, vendors release patches on a specific day of a week. Microsoft is famous for its "Patch Tuesday" — it routinely releases security updates on the second Tuesday of each month. As it is a regular event IT administrators await the release of patches on this date and take appropriate action.
Now, it is not just — check for download, download the file and run it. It is not such an easy process. Apart from the operating system on the servers, there will be numerous other applications. And there will customized applications too. When the OS gets updated with the latest patches, it may lead to compatibility issues with other applications.
The IT administrator must apply the patches in a test environment (development server/ sandbox server/ test server) and then check if it has any negative effect on the working of the other applications. This is a critical and very important step. After studying the working functionality of the applications, the IT administrator then applies it to the production environment. The failure to undertake this step has led to the collapse of many enterprise networks. Hardware, applications, data, and reputation get affected. It can also lead to "bricking" of the enterprise IT systems.
Patch Management is an ongoing process. Bugs will surface and vulnerabilities will keep on being identified. There will be no end. Hence, a patch management process must be implemented.
As stated earlier, in an enterprise, there will be numerous servers, workstations, devices, multiple operating systems and applications being used. Manual management of patches would be very difficult. The only solution is to get and implement an automated patch management system from a reputed vendor.
Numerous vendors provide patch management products. As an IT administrator, you will have to identify an effective and appropriate solution that best meets your requirements.
You can get, implement and manage a Patch Management solution by yourself. That is one type. Some vendors usually offer patch management as part of a managed service solutions such as Remote Monitoring and Management and Service Desk. This is the second type. These vendors — Managed Service Providers — are better equipped to execute patch implementation and management. Engaging the services of an MSP is recommended, as it would allow in-house IT personnel to better focus on more critical enterprise-oriented activities.
Get the Comodo Patch Management for FREE here.