To non-techies, “Patching” just means mending holes in jeans. But like a “patch” of fabric used to cover up an imperfection in a pair of pants, a computer software patch can be applied to a program or operating system to repair an exposed flaw.
Here’s what patches can do:
- Address a specific bug or flaw
- Improve an OS or application’s general stability
- Fix a security vulnerability
Along with other updates like dot-releases to (or complete overhauls of) an operating system, patches are part of essential preventative maintenance necessary to keep machines up-to-date, stable, and safe from malware and other threats. As we’re sure you know, the security angle is especially important.
Case in point: The vast majority of cyberattacks take advantage of known software and hardware vulnerabilities (not to mention clueless users!). The 2015 edition of the Verizon Data Breach Investigations Report revealed 70% of successful cyberattacks exploited known vulnerabilities with available patches. This means that many victims could have prevented a data breach if they’d only updated their OSes and apps.
Think of a software patch as an armor that repels attacks and protects against various exploits. However, with the sheer number of vulnerabilities being exposed all the time (hundreds of millions of new pieces of malware released each year), many IT departments struggle to keep pace in the arms race between the hackers discovering security holes and the “good guys” releasing patches to cover them up.
Why patch your PCs and servers early and often
Unpatched software, especially if a widely used app like Adobe Flash or Internet Explorer, can be a magnet for malware and viruses. A classic example is the Conficker worm on Windows that was discovered in late 2008, which takes advantage of unpatched versions of Microsoft Windows.
The worm spread by copying itself to shared folders and external USB devices with the goal of creating a botnet of Windows machines. At its peak, Conficker was estimated to have infected more than 9 million PCs and even years after a patch was released, millions of computers were still infected.
Some might believe that antivirus software provides an impenetrable line of defense against malware infections, but it’s only one small piece of the puzzle that needs to include updating and patching.
In late 2014, Microsoft discovered that:
- Ten percent of consumer Windows 8 PCs were running outdated antivirus.
- The infection rates for these machines were nearly the same as ones running no AV.
- Expired trial versions of AV software seemed to be one of the biggest culprits.
“People are not always as careful about protecting their machines as they could be or they don’t run up-to-date antivirus,” said Michael O’Reirdan, chairman emeritus of the Messaging, Malware and Mobile Anti-Abuse Working Group, according to Marketplace. And as we all know, the more layers of security you have in place, the less likely you are to be compromised.
Additionally, many patch management issues stem from failure to identify what systems are out there, what patches were applied to each machine, and which devices are actually vulnerable.
Solving patch problems with network inventory tools
First step to securing your network? Understanding exactly what’s on it (this can be a challenge if you manage a lot of devices). Worry, not: it’s manageable. Start by taking inventory of all of your systems and applications, including what hotfixes and patches are installed. A solution such as Spiceworks Network Inventory can help you do the following to secure your network:
- Automatically scan and discover what’s on your network, from a Windows box to a switch or storage appliance.
- Inventory your software, including info on version numbers, patches / hotfixes, and unauthorized or unwanted software.
- Show which systems aren’t protected by antivirus software or if AV is out-of-date.
- Produce custom reports that help you understand where vulnerabilities are.
The leading cause of security incidents? Not patching systems or applying updates. Don’t delay! Network inventory tools give you the data you need to figure out where your vulnerabilities lie, and can provide the knowledge you need to get started on patching PCs and servers. The result: keep malware at bay… and sleep through the night.
Source: Spiceworks