Patch Management’s Role in The Recent Ransom-ware Attacks.

Known to many, however neglected by many at the same time, Patch Management is often an overlooked critical strategy for many organisations small and large. As long as your IT resources is connected to the Internet (who doesn’t at this time and age?), the cause of concern should not be “IF” you will suffer an Information security incident, the main cause of fear should be “WHEN” will you suffer an Info Security Breach that may very likely cause some form of outage and disruption which may be linked directly or indirectly to your revenue generation and business operations.

Cyber attackers are constantly evolving their methods in carrying out their malicious activities. Some methods such malicious attackers are:

i)             Spamming and deploying/broadcasting of Malware infected email attachments which recipients unwittingly opens it and infected the computer with a “worm” that will automatically propagate itself over the network system by system.

ii)            Malicious/Compromised websites that will deliver harmful scripts to the browsers infecting the end user computer.

iii)           External hackers that try to enter your network from the site without you knowing.

Many of the above attacks can easily be carried out by exploiting the unpatched vulnerabilities in operating systems, web browsers and applications to cause damage.

An unpatched web server can easily be probed by an attacker with a high likelihood of not being detected. With the flaw exposed, the attacker could then carry out several canned attacks by exploiting the flaw. There are even tools and plug-ins created out there that can further facilitate people with no programming experience to carry out such attacks. Knowing that such attacks are targeting on systems that are unpatched, it is clear that Patch management is the most effective and efficient way against such malicious attacks.

The Vendors and publishers of Operating Systems and software applications regularly release patches for their products to mediate any loopholes and exploits that were found. These patches are available free to registered users as updates. These patches, however, are not always applied automatically as auto-update is not always a standard feature that is embedded in the applications.

The use of a patch management platform will effectively allow admins to deploy and apply patches to the environment with ease and control with the option to test the stability of the patches in an UAT environment before pushing it out the wide scale. The patch management platform will also ensure that all systems are up-to-date on the patches, addressing the lack of automated patching problem from some software vendors. This would then ensure that the security issues due to outdated patches are plugged.

Patch management platforms enable admins to maintain and control their organisations’ systems patching activities by allowing security patches to be applied in a test environment prior to applying it in the production environment. Reports can also be generated to ensure compliance and effectiveness of the patch deployment exercise carried out to all the servers and workstations. These reports can also be tailored for reporting to management, auditors and even as documentary supplement for compliance certifications. This would help IT managers and admins to report to their management and auditors on their systems status in real time.

With the recent global situation that shook the world’s IT landscape on the “Wannacry” and “Petya” ransomware attack, the importance of a patch management platform is further reiterated as emergency patches were needed to be pushed out in the shortest possible timeframe. Best practice may dictate that testing needs to be done prior to deployment of new patches, however with imminent threats with the frequency of zero day exploits discovered makes it necessary that some patches to be pushed out immediately as time is of the essence in the light of such attacks. In an environment where there is no patch management platform in place, such chaos is made worse with the admins and managers having to run around manually deploying the patch and worse, in the case of a huge organisation, many admins even resort to leaving the users to deploy their own patches on their desktops and laptops. With a patch management platform in place, the admin would be able to remotely deploy and apply the patches from the comfort of his desk (or even his home if the alert is received on a weekend or during the holidays), with the option of monitoring and reporting the effectiveness of the emergency patch deployment exercise made known via the report generated at the end. This gives the organisation a peace of mind knowing that their servers and systems had been effectively updated with much less chaotic running around.