Try our "Help Me AI"
Results 1 to 4 of 4

Thread: How often should Patch management be performed?

  1. #1
    Status
    Offline
    Bhavya's Avatar
    Administrator
    Join Date
    Apr 2018
    Location
    Vavuniya, Srilanka
    Posts
    7,687
    Blog Entries
    50
       Rep Power
    60

    How often should Patch management be performed?

    Hello Friends,

    Patch management is a strategy for managing patches or upgrades for software applications and technologies.
    A patch management plan can help a business to handle these changes.


    Can someone tell me how often patch management should be performed?
    You're not going to master the rest of your life in one day. Don't stress. Master the day. Make this a daily reminder.

  2. #2
    Status
    Offline
    MDilbara's Avatar
    Moderator
    Join Date
    Apr 2018
    Posts
    43
       Rep Power
    0
    Quote Originally Posted by Bhavya View Post
    Hello Friends,

    Can someone tell me how often patch management should be performed?
    Before anyone actually talk about patches, we should think why a patch needs to be installed. Actually the patching happens for mainly TWO reasons.


    1. To fix security vulnerabilities
    2. To add a feature of some functional addition for the application


    As per my experience, I would suggest installing all the security related patches as a priority. Because, if we keep a application unpatched for a security vulnerability, it may lead to exploitation of the particular vulnerability and could actually compromise the entire organization. If I were to be more precise, if the application is public facing or accessible from the Internet, then you should definitely be installing security patches as a priority, because, the application may be accessed by hackers easily through Internet.

    To answer your question, there is NO defined period for patch management in the wild. That depends for each application according to the need. here are few tips you can follow to have a better patch management process.

    For me to explain it easily, assume that your application is found with a security vulnerability.


    1. First of all confirm that the vulnerability is TRUE and not a false positive
    2. Then prioritize the need of patches according to your organizational needs and the impact the vulnerability could pose.
    3. Then check for any patches available by the vendor (or may be you can develop a patch, if its your own application).
    4. If the vendor has a patch available, you can go ahead on installing it. But the important part here is, make sure the patch is legitimately from the vendor and confirm the legitimate source of of the patch. because, these days, one of the methods target attacks is by fooling a user saying "you have a security patch to install", and forcing a malicious payload. So, make sure the patch is from the legitimate source.
    5. While you confirm the source, you have to perform an Impact Analysis on installing the patch, in parallel. This may include any potential adverse situations could occur by installing it (Ex: downtimes, systems crashes, malfunctions, etc). This is simply a form of Risk Assessment. If you find any risks which could occur, please have a roll back plan with you, so you can roll back if something goes wrong.
    6. The next ideal step is to install the patch in a testing environment and make sure the patch works properly. If the test is successful, then you're almost good to go with the live system.
    7. The next IMPORTANT thing, which most people miss out is logging. You should be log everything you didn't with this particular patching process and keep documentation regarding that. Documenting such a process may help you in many ways (ex: if you had to refer to any past patches, if the same problem occurs again, you might have to check back, for investigation purposes, etc.)


    While you do all of these tasks, please ensure accountability. Assign people for tasks and make sure they are responsible for what they have been assigned. It will make your process more effective. In addition to that, if possible, document this process somewhere as a PROCEDURE and make it formal, so that everyone can follow the same procedure for upcoming patch installations.

    This whole cycle simply referred to as Patch Management. And this is not only for security patches, you can have this for any patch.

    Hope this was informative. Please add your comments and questions below, i'll respond if I am capable of.

  3. #3
    Status
    Offline
    Bhavya's Avatar
    Administrator
    Join Date
    Apr 2018
    Location
    Vavuniya, Srilanka
    Posts
    7,687
    Blog Entries
    50
       Rep Power
    60
    Quote Originally Posted by MDilbara View Post
    Before anyone actually talk about patches, we should think why a patch needs to be installed. Actually the patching happens for mainly TWO reasons.


    1. To fix security vulnerabilities
    2. To add a feature of some functional addition for the application


    As per my experience, I would suggest installing all the security related patches as a priority. Because, if we keep a application unpatched for a security vulnerability, it may lead to exploitation of the particular vulnerability and could actually compromise the entire organization. If I were to be more precise, if the application is public facing or accessible from the Internet, then you should definitely be installing security patches as a priority, because, the application may be accessed by hackers easily through Internet.

    To answer your question, there is NO defined period for patch management in the wild. That depends for each application according to the need. here are few tips you can follow to have a better patch management process.

    For me to explain it easily, assume that your application is found with a security vulnerability.


    1. First of all confirm that the vulnerability is TRUE and not a false positive
    2. Then prioritize the need of patches according to your organizational needs and the impact the vulnerability could pose.
    3. Then check for any patches available by the vendor (or may be you can develop a patch, if its your own application).
    4. If the vendor has a patch available, you can go ahead on installing it. But the important part here is, make sure the patch is legitimately from the vendor and confirm the legitimate source of of the patch. because, these days, one of the methods target attacks is by fooling a user saying "you have a security patch to install", and forcing a malicious payload. So, make sure the patch is from the legitimate source.
    5. While you confirm the source, you have to perform an Impact Analysis on installing the patch, in parallel. This may include any potential adverse situations could occur by installing it (Ex: downtimes, systems crashes, malfunctions, etc). This is simply a form of Risk Assessment. If you find any risks which could occur, please have a roll back plan with you, so you can roll back if something goes wrong.
    6. The next ideal step is to install the patch in a testing environment and make sure the patch works properly. If the test is successful, then you're almost good to go with the live system.
    7. The next IMPORTANT thing, which most people miss out is logging. You should be log everything you didn't with this particular patching process and keep documentation regarding that. Documenting such a process may help you in many ways (ex: if you had to refer to any past patches, if the same problem occurs again, you might have to check back, for investigation purposes, etc.)


    While you do all of these tasks, please ensure accountability. Assign people for tasks and make sure they are responsible for what they have been assigned. It will make your process more effective. In addition to that, if possible, document this process somewhere as a PROCEDURE and make it formal, so that everyone can follow the same procedure for upcoming patch installations.

    This whole cycle simply referred to as Patch Management. And this is not only for security patches, you can have this for any patch.

    Hope this was informative. Please add your comments and questions below, i'll respond if I am capable of.
    Thank you so much for this detail explaining reply, It's very much informative and helpful,Once again thank you so much.
    You're not going to master the rest of your life in one day. Don't stress. Master the day. Make this a daily reminder.

  4. #4
    Status
    Offline
    Moana's Avatar
    Reputed Member
    Join Date
    May 2018
    Location
    Vavuniya Srilanka
    Posts
    1,569
    Blog Entries
    5
       Rep Power
    18
    Quote Originally Posted by Bhavya View Post
    Hello Friends,

    Patch management is a strategy for managing patches or upgrades for software applications and technologies.
    A patch management plan can help a business to handle these changes.


    Can someone tell me how often patch management should be performed?
    Most organizations deploy more than one type, selecting those that best serve their needs based on the specific software and hardware systems they use, the speed at which they want to deploy patches, their business risks and other such factors.
    Your Last Mistake Is Your Best Teacher

Similar Threads

  1. Self management is must to every persons
    By Vaishnavi in forum General Discussion
    Replies: 1
    Last Post: 11-29-2019, 10:20 AM
  2. Replies: 1
    Last Post: 11-09-2019, 11:55 AM
  3. What are the best Data Management Platforms?
    By Bhavya in forum Big Data
    Replies: 0
    Last Post: 10-19-2018, 03:26 PM
  4. Disaster Management involved to Risk Management!
    By Wondergirl in forum General Discussion
    Replies: 0
    Last Post: 08-11-2018, 12:46 PM
  5. What is a configuration management in network?
    By Bhavya in forum Networking
    Replies: 1
    Last Post: 08-10-2018, 10:52 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Who We Are

The Hub Sri Lanka is an online community portal for all the Sri Lankan digital Citizen's to enthusiastically learn and connect with the society by enormously increasing their knowledge and careers through an extensive collaborative marketplace.

Join us
RSS RSS 2.0 XML MAP HTML