Along with phishing, unpatched vulnerabilities are the most common way cybercriminals gain access to internal systems to deploy malware and steal data. Over 25,000 software vulnerabilities were discovered in 2022. This trend continues in 2023 with Microsoft patching 130 vulnerabilities to its products in July alone. Apple, once considered the gold standard for secure operating systems also released, retracted, and re-released major device OS patches in July. Common Vulnerabilities and Exposures (CVE) notifications are released nearly daily from a myriad of sources for operating systems, software, device firmware, industrial controls, and other associated technology, requiring you to keep on top of both CVE notices and near real-time patching to keep your environment both secure and reliable.
Due to this trend, Patch Management is as mission-critical as endpoint protection, anti-phishing, and security monitoring for today’s businesses and is typically a key requirement for compliance and cyber insurance. The Patch Management lifecycle process involves consistently monitoring for CVEs and managing the patch updates or required configuration changes to your system "tech stack." This tech stack can include operating systems, servers, network devices, and even the applications running in your cloud environment. Industrial controls in particular have become targets for cybercriminals due to their business importance and complexity to manage, patch, and monitor. Having a traditional monthly patch management process in place isn't enough. An effective program must be comprehensive and include vulnerability scanning, reporting, real-time alerting for critical vulnerabilities, patch deployment management, and patch deployment verification. This complete lifecycle is vital to ensure the security of an organization's technology stack and should be repeatable month after month.
The Need for a Complete Patch Management Lifecycle: Proxylogin Example
In early 2023, the discovery of a critical vulnerability in Microsoft Exchange Server sent shockwaves through the cybersecurity community. Known as "ProxyLogon," this vulnerability allowed attackers to access email accounts, install malware, and potentially gain long-term access to a victim's Microsoft environment. The vulnerability was promptly patched by Microsoft, but organizations needed to rapidly deploy these patches via patch deployment software or manually to their systems to close the vulnerability.
Unfortunately, many companies were slow to react or did not know about this CVE until it was too late. The time between the release of the patch and its deployment, known as the "window of vulnerability" is often the most perilous time for organizations. Cybercriminals pay close attention to vulnerability announcements and often act to exploit known CVEs before organizations are aware of the vulnerability. Despite Microsoft's prompt release of a patch, thousands of organizations worldwide were breached before they had a chance to apply the patch. The Microsoft Exchange Server incident highlights why a comprehensive and fast patch management program is crucial. Here is a summary of a best practice Patch Management Program
- Vulnerability Scanning: Regular scanning of systems for known vulnerabilities could have identified the unpatched Exchange Servers vs learning of the situation via news or word of mouth.
- Real-time Alerting for Critical Vulnerabilities: Alerts for critical vulnerabilities ensure swift action. In the Exchange Server case, real-time alerts about the ProxyLogon vulnerability could have spurred immediate action.
- Patch Deployment Management: This involves the process of acquiring, testing, and installing patches on existing systems. It requires a balance of speed and caution; rushing patches can disrupt operations, but delaying can leave systems exposed. Expert resources are required to effectively guide this process for complex servers, networks, and applications.
- Patch Deployment Verification: Once patches are deployed, it's essential to verify the success of the deployment. This requires effective patching tools with built-in verification as well as continued vulnerability scanning to “trust but verify” patch completion.
- Reporting: Regular reporting on the status of vulnerabilities and patches keeps all stakeholders informed about the risks and allows for Continous Service Improvement to shorten the "window of vulnerability" whenever possible. Good reporting also provides compliance and cyber insurance audits with evidence of a patch management lifecycle.
The Impact of Delayed Patch Deployment: WannaCry Example
The ProxyLogon incident in 2023 is one of many situations that illustrate the importance of efficient patch management. In 2017, the infamous (and still active!) WannaCry ransomware outbreak exploited a vulnerability in the Windows SMB protocol. Microsoft quickly created and released a patch for Windows operating systems but many organizations did not apply the patch due to lack of awareness or waiting for the standard “monthly Patch Tuesday” cycle to deploy a critical security fix. The delay in patch application by many organizations led to one of the most devastating cyber-attacks in history, affecting hundreds of thousands of computers in over 150 countries with billions of dollars of net cost to businesses around the world.
A robust patch management lifecycle is one of the most effective defenses we have against ongoing cybersecurity threats. By focusing on reducing the 'window of vulnerability,' organizations can significantly improve their resilience against cyber-attacks
Summary
Partners like Ballast Services provide companies with a complete patch management lifecycle solution that drives effective scanning, alerting, reporting, patch deployment, and verification 24/7/365 and provides companies with expert resources to navigate the complexities of modern servers, applications, and networks. Our Vulnerability Management, Secure Cloud and Hybrid Server Management, and Workstation Security Management work seamlessly together to provide you with complete monitoring, management, patching, and end-point security for your entire organization. The Ballast Professional Services team specializes in quickly building and deploying Patch Management lifecycle services and provides expert change engineering services to help you navigate complex patch management changes to any part of your environment.
Modernize, Optimize, Stabilize, and Secure your organization today. Contact us at (888) 450-4322, visit our website at https://ballastservices.com, or click on Get In Touch to speak with us today.
