Patch Management Lessons For The Next Big Enterprise Security Breach

How Do You Keep Your Organization From Becoming The Next Target?

When it comes to high profile security incidents, we've had quite an eventful ride over the last few years. Security breaches at leading organizations have damaged corporate credibility, delivered huge financial losses, and resulted in massive litigation. Here's a quick behind-the-scenes analysis of three recent security breaches:

WannaCry_ransomware_attack
Name of Attack: 
WannaCry
Date of Discovery: 
March 2017
Start Date of Attack: 
May 2017

Description: 
This attack encrypted files on Microsoft Windows systems. Attackers would then demand bitcoins as ransom.
   

Patch Release Date: 
Microsoft released the initial patch for WannaCry on March 14, 2017, for supported operating systems (Windows 7/2012 and above). The company issued an emergency patch a day after the attack grabbed headlines.

Impact: 
WannaCry infected more than 200,000 computers across 150 countries. The biggest impact was on large enterprises and government agencies.
   


Equifax-Data_Breach
Name of Attack: 
Equifax
Date of Discovery: 
December 2016
Start Date of Attack: 
March 2017

Description: 
The attackers were able to steal confidential information of US citizens, including social security numbers, credit card details, names, and addresses from the Equifax database.   

Patch Release Date: 
The patch was first published on March 10, 2017.

Impact: 
The Equifax breach compromised confidential information of 150 million US citizens.


heartbleed_vulnerability
Name of Attack: 
Heartbleed
Date of Discovery: 
April 2012
Start Date of Attack: 
April 2014

Description: 
Heartbleed is a big security flaw in the OpenSSL library, that's used by a majority of sites on the Internet.

Patch Release Date: 
The patch was first published on April 7, 2014. 

Impact: 
Hundreds of websites were vulnerable to the Heartbleed bug. In 2017 (three years after the disclosure), nearly 200,000 websites are still at risk for Heartbleed.

So, what conclusions can we draw from the three incidents? There are a few common patterns across these security breaches:

  1. The Consequences Aren't Pretty: You'll face financial, reputational, and productivity losses in the wake of a security breach. Did you know that the CEO, CIO, and CSO all had to resign from Equifax after a public outcry?
  2. It's Not Rocket Science: While security breaches can have sophisticated social engineering aspects, the underlying technical exploits are not exactly earth-shattering. Most incidents involve the discovery of a security flaw and the vendor releasing a patch quickly, but IT teams failing to apply the patches in time. 
  3. IT Teams: It's Time To Accept Responsibility: While vendors are often blamed for security breaches, the onus for most incidents lies with enterprise IT teams. Technology vendors have quickly patched security flaws but enterprises have taken way too long to roll out patches.

Enterprise Patch Compliance: A Recurring Nightmare?

If you don’t want to make headline news, you’ll need to ensure that your operating systems and applications are up-to-date with the latest patches. Research shows that 80% of breaches occur due to "patches pending for more than 10 days and even up to a year." While the solution seems simple (buy a patching tool), it is no easy task installing the latest patches for an urgent security vulnerability. Here’s why simply investing in a patch management tool will not address growing security threats:

  1. Asset Discovery: Organizations often do not know what IT assets they have, or the location of their assets. Asset Discovery has gotten much more complex with the adoption of cloud-native (multi-cloud, containers, microservices, and serverless) architectures for digital services.
  2. Tools Disconnect: Let’s assume your organization has solved the asset discovery problem. Unfortunately, that’s just one piece of the puzzle. Most patching tools are disconnected from the asset discovery database. Integrations increase complexity and need careful analysis to understand which patches to apply urgently.
  3. Operational Visibility: Patching tools don’t play well with existing workflows, approvals, and processes. These tools are often managed by specialized teams, whose actions are not well understood by broader IT operations and security organizations.
  4. Complex Deployments: Patching tools are often complex to install, maintain, and integrate into your existing IT operations. You'll need to invest in skilled resources for enterprise-scale patch management. 
  5. Yet Another Agent, Yet Another Tool: Patching tools require their own agents for patch scans and rollouts. You'll need to install and maintain specialized agents, which adds to the operational overhead.

The hand holding for patching tools can cause you to lose sight of patch compliance status. You'll need scalable patch management processes to keep pace with hybrid workloads that cut across on-prem, cloud, or both.

Gain Control Of Your Patch Management Landscape With OpsRamp

While OpsRamp is not a standalone security solution, we address common patching challenges so that your infrastructure is safe and protected at all times. Here’s how we offer a more scalable approach to patch and vulnerability management:

  1. Unified Asset Discovery: OpsRamp’s Unified Service Discovery delivers a complete picture of your Windows and Linux servers across datacenters, private clouds, and public clouds. You’ll see the what, where, and how of your infrastructure like never before.
  2. On-Demand Patch Scans: As soon as you onboard a server, our policies scans servers for missing patch updates. Drive real-time visibility for patch compliance levels and mitigate risk with the right processes.
    On-Demand_Patch_Scans
                                            Figure 1- Understand the state of enterprise patch compliance with OpsRamp

  3. Single Agent Footprint: OpsRamp employs a single agent for common operational processes such as discovery, monitoring, patching, and automation across your hybrid workloads. You’ll not need specialized agents for a single operational task anymore.
  4. Integrated Workflows: As a comprehensive IT operations management platform, OpsRamp serves as a collaboration venue for different teams. We connect asset discovery data to patching workflows so that you don't have to worry about missing patches for critical IT systems.
  5. Effortless Deployment: Since OpsRamp discovers your IT assets and scans for patches immediately, you can apply missing patch updates without manual intervention. Reduce manual oversight and simplify patch compliance processes with OpsRamp's auto-remediation policies.
    Effortless_Deployment
                                           Figure 2 - Deploy missing patches without heavy lifting or manual processes

Next Steps:

Embrace digital transformation


Recommended posts