Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

4 Reasons for Implementing Patch Management Software

on March 21, 2011

Patching is a very common term in IT system administration. So what are patches for and how important are they for IT security?

Generally patches are software updates which fix certain bugs in the software. Nowadays theses patches also contain hot fixes which safely close security vulnerabilities in software.

It is highly recommended to install available patches when they’re released; however, it is always wise to study the technical release note. A technical release note provides some important information about the software patch itself such as the requirements, conditions and full description of the patch.

“Never touch a running system” is a common slogan known by system administrators, and it’s because of this slogan that some system administrators prefer not to install a patch immediately into their productive environment as soon as it has been officially released.

In many cases the system administrator will be happy to install a certain patch, if he/she comes to the conclusion that they have no other option available to fix a noticeable malfunction in the software which is causing trouble in his productive environment.

But many system administrators are not aware that patches also fix severe security bugs in the software which may not be directly visible to them and a delay in patching the software means keeping their corporate network unsecure. Security holes in software are a real danger in corporate environments as it opens doors for hackers and spammers. It does not take long for a hacker or spammer to identify and take advantage of such vulnerabilities, often with a system administrator not even realizing this.

Therefore I strongly believe that keeping software up-to-date contributes greatly to keeping your corporate network safer and there are many reasons why professional patch management software can be of great assistance to a systems administrator.

  1. It keeps you automatically informed about new patch releases. Each release note for a different product can be viewed conveniently from one centralised user interface. It saves me a lot of time and I do not need to worry anymore about missed patches thereby keeping my network safer.
  2. Patches can be downloaded easily, fully automated and completely without requiring my presence. Furthermore, I can control the patch deployment workflow for my whole corporate network from my desktop.
  3. The planning and deployment of software installations is much faster requiring just a few clicks.
  4. Monthly reports are common in the industry but creating a professional report consumes a lot of time and requires some effort to collect the necessary data. Monthly inventory reports can be scheduled with professional patch management software. Furthermore, reports are customizable and the parameters can easily be changed.
submit to reddit
 
Comments
Tana George March 21, 20119:10 pm

For a large network patch management software is a must because it saves so much time and effort. There is hardly an admin, who doesn’t know that patches are vital to security but also there is hardly an admin who has never experienced how a patch can go wrong and damage a working system. Probably the reluctance to install patches the minute they become available is due to such harsh experiences in the past. Otherwise, nobody denies that hackers take advantage of unpatched systems and we shouldn’t leave our systems vulnerable.

Rory Breen March 23, 201111:27 am

I agree with Tana, however in my previous role I managed Microsoft Patch deployment product and we followed this process:-

- Workstation patches were installed immediately into the test group
- 1 week later the same patches were then applied to the rest of the company
- Patches were installed immediately.

- Server patches were initially approved into the test group only
- 1 week later the same patches were then approved to all servers.
- Patches were manually installed at the next scheduled server outage

Service Packs were applied after detailed testing.

Douglas the Bounty Hunter March 25, 201110:38 am

Aside from maximizing security and fixing bugs, patches are also applied for proprietary issues.

One great example is the patch done by Sony to the PS3 system. In 2009, the PS3 was jailbroken. As a result, owners can now play, share, download, and copy games for free (without paying or buying the $60 physical blueray disk or downloading it from the PlayStation Network). Players can now exchange and copy games with each other without restrictions, just like friends sharing movies or mp3s.

To combat this, Sony recently implemented a patch that will make the PS3 unit resist any jailbreak.

Tana George April 1, 201112:37 pm

@Rory Your procedures prove that if there is a will, there is a way. :)