The profile of patch management has risen considerably in the last year due to the number of major breaches that have taken place where basic patches had been overlooked. News stories repeatedly note that the organizations impacted by breaches had often failed to install high-priority security patches from the likes of Microsoft Exchange, Fortinet, and other well-known names. In many cases, the patches had been available for months or, in a few cases, years. Yet, IT departments had failed to deploy them.
Such stories have made it clear that patch management is a vital aspect of enterprise security and note to be neglected. Here are five top trends in patch management in 2022.
See our picks for the Top Patch Management Tools
Good patch management processes require automation of not just the patching process itself but also approvals, reboots, and reporting.
For example, Ashley Leonard, CEO at Syxsense, said that in the event a production server needs to be patched, there are so many actions involved that automation can save organizations a large amount of time.
“You might want to get permission from the server owner,” he said. “If a reboot is required, this might need to be scheduled, and when the process is complete, you should be able to prove compliance.”
To the extent that regression testing of a patch gets in the way, that too should be automated to the extent possible.
And more vendors may go the way of Microsoft, which has begun automatically disabling some features until patches can be applied.
2. Wider Patching Range
The move to remote work and home networks accelerated the trend of patch management becoming far more distributed. Older patch management systems were built around the concept of a firewall protecting an internal IT infrastructure. With the COVID-19 pandemic, the work changed overnight; home working has accelerated the move away from on-premises patching tools to cloud patch management.
The number of devices and workloads has changed, too. Beyond patching PCs, desktops, and servers, virtual devices and cloud devices have now been added to what needs patching. This is also giving rise to a patch-everything approach.
“Organizations have traditionally focused on patching operating systems like Microsoft Windows while ignoring the real threat and patch requirements from third-party applications, OS drivers, IoT devices, and network infrastructure,” said Leonard. “We are seeing customers wanting to understand their entire attack surface and patch everything.”
3. Unified Security and Endpoint Management (USEM)
There is a move to consolidate security and endpoint management technologies. After all, a lack of good patch management practices has allowed ransomware to enter and propagate within a target environment. A single combined USEM solution provides the ability to scan for not just patch vulnerabilities but configuration vulnerabilities as well and leverage combined management technologies to perform configuration changes to remediate any detected vulnerabilities.
“We are seeing the unification of operations and security data to improve visibility and risk-based prioritization,” said Jon Thomas, senior director of product management at BMC.
Many endpoint detection and response (EDR) solutions also integrate patch management.
4. DevOps Integration
Another trend noted by Thomas is the integration of patching into DevOps pipelines to ensure strong governance while enabling agility.
“Patch management models that assume long-lived systems will often fail in modern environments with frequently updated or ephemeral resources,” said Thomas. “Fortunately, with the DevOps focus on automated continuous delivery pipelines, many organizations have found the opportunity to inject patch management directly into the pipeline, thereby creating even higher levels of governance than traditional systems.”
5. Ransomware Protection Drives Policy-driven Patching
In recent years, the prevalence and visibility of cyber attacks and ransomware have reached C-suite and board-level awareness. This has prompted a focus on increasing the frequency and coverage of vulnerability and compliance scanning. With the increased rate of security data, manual reconciliation of disparate security and operational data sources has become impossible. The only way to keep up and ensure that the most critical vulnerabilities are remediated on the most critical devices is to combine operations data about system criticality and configuration with security data about vulnerabilities and risks.
Along with the improved visibility, many organizations have identified bottlenecks in their end-to-end patch management processes and gaps in the operationalization of actions identified by security teams, which is leaving some systems vulnerable. One of the most common bottlenecks can come from system owners who are unwilling to approve patches to their systems. For ad-hoc patching processes, these systems can fall behind and leave the systems susceptible to attack.
“To improve maturity, many organizations are adopting policy-driven patch management practices,” said Thomas. “These end-to-end policy-driven models drive consistent adherence to SLAs. For example, a system owner may be able to choose which day patches are installed, but they must choose a day within an SLA window.”