Transcript
8/23/2019 Top 10 Ways to Speed Up Patching
1/16
Top 10 Ways ToTop 10 Ways ToSpeed Up PatchingSpeed Up Patching
AmolAmol SarwateSarwate
rec or o u nera y a s, ua ys ncrec or o u nera y a s, ua ys nc..
Company ConfidentialCompany Confidential
1212thth Sep 2012Sep 2012
8/23/2019 Top 10 Ways to Speed Up Patching
2/16
Simple and easySimple and easy
Cost EffectiveCost Effective
ReliableReliable
PatchingPatching
22
8/23/2019 Top 10 Ways to Speed Up Patching
3/16
Australian Defense SignalAustralian Defense Signal DirectorateDirectorate
https://community.qualys.com/docs/DOChttps://community.qualys.com/docs/DOC--27352735
PatchingPatching prevents security incidentprevents security incident
33
8/23/2019 Top 10 Ways to Speed Up Patching
4/16
RSA ConferenceRSA Conference 20122012
https://community.qualys.com/docs/DOChttps://community.qualys.com/docs/DOC--35423542
PatchingPatching prevents security incidentprevents security incident
44
8/23/2019 Top 10 Ways to Speed Up Patching
5/16
Why are we so slow at Patching?Why are we so slow at Patching?
55
8/23/2019 Top 10 Ways to Speed Up Patching
6/16
Challenge 1Challenge 1
Unknown AssetsUnknown Assets
Speed up patchingSpeed up patching
66
ecommen at onecommen at on Asset management tools, inventory control systems or aAsset management tools, inventory control systems or a
similar processsimilar process..
Usually a combination of multiple approaches gives the bestUsually a combination of multiple approaches gives the best
resultsresults..
8/23/2019 Top 10 Ways to Speed Up Patching
7/16
ChallengeChallenge 22
DowntimeDowntime
RecommendationRecommendation
Speed up patchingSpeed up patching
77
g y ava a e pro uc s an opera ona r c sg y ava a e pro uc s an opera ona r c s
Solutions are different depending on the softwareSolutions are different depending on the software
Talking with your operation folks or system administrators canTalking with your operation folks or system administrators canyield in good ideas to beginyield in good ideas to begin
Test your solutionTest your solution Group downtimes togetherGroup downtimes together
8/23/2019 Top 10 Ways to Speed Up Patching
8/16
ChallengeChallenge 33
ITIT resourcesresources
RecommendationRecommendation
Speed up patchingSpeed up patching
88
a c managemen sys emsa c managemen sys ems -- exce en n one area, eexce en n one area, eWindows patches, but weak in other areas like databaseWindows patches, but weak in other areas like databasepatchespatches
Combination of manual and automated approaches works theCombination of manual and automated approaches works thebest to cover the entire asset basebest to cover the entire asset base
Properly managed networks and assets are easier to patchProperly managed networks and assets are easier to patch
8/23/2019 Top 10 Ways to Speed Up Patching
9/16
Challenge 4Challenge 4
Unreasonably long patch test cycleUnreasonably long patch test cycle
RecommendationRecommendation
Speed up patchingSpeed up patching
99
r or ze asse s an app ca e pa c esr or ze asse s an app ca e pa c es
Keep a test setup or small test lab readyKeep a test setup or small test lab ready
Consult with developers, testers, system administrators ofConsult with developers, testers, system administrators ofhome grownhome grown systemssystems
8/23/2019 Top 10 Ways to Speed Up Patching
10/16
ChallengeChallenge 55
Extreme Virtual PatchingExtreme Virtual Patching
RecommendationRecommendation
Speed up patchingSpeed up patching
1010
se v r ua pa c ng as a emporary arrangemen w e ese v r ua pa c ng as a emporary arrangemen w e epatch is being tested or software is being modified to workpatch is being tested or software is being modified to workwith the newly released patch.with the newly released patch.
Certain areas like web applications can benefit from virtualCertain areas like web applications can benefit from virtualpatchingpatching
8/23/2019 Top 10 Ways to Speed Up Patching
11/16
Challenge 6Challenge 6
Conflicting BinariesConflicting BinariesPatch from Vendor A may not install successfully due to differentPatch from Vendor A may not install successfully due to different
version of binaries installed by Vendor Bversion of binaries installed by Vendor B
Speed up patchingSpeed up patching
1111
RecommendationRecommendation
Dedicated servers for discrete business function to reduceDedicated servers for discrete business function to reduceconflict between multiple software programsconflict between multiple software programs
Do not overload the same server with products from multipleDo not overload the same server with products from multiplevendorsvendors
8/23/2019 Top 10 Ways to Speed Up Patching
12/16
ChallengeChallenge 77
Third PartyThird Party PatchesPatches
RecommendationRecommendation
Speed up patchingSpeed up patching
1212
rgency o e s ua on an cre y o e r par y pa crgency o e s ua on an cre y o e r par y pa ccreator play a vital rolecreator play a vital role
In most situations do not installing third party patch as theyIn most situations do not installing third party patch as theymay break something elsemay break something else
Worst caseWorst case Fake patch with embedded malwareFake patch with embedded malware Implement workaround provided by the vendorImplement workaround provided by the vendor
8/23/2019 Top 10 Ways to Speed Up Patching
13/16
Challenge 8Challenge 8
ExpiredExpired LicensesLicenses
RecommendationRecommendation
Speed up patchingSpeed up patching
1313
s a en y exp re censes mos y re ec apse n es a en y exp re censes mos y re ec apse n eadministration of the systemadministration of the system
In some countries pirated software is common, but creates aIn some countries pirated software is common, but creates abreeding heaven for viruses and wormsbreeding heaven for viruses and worms
Use asset management or vulnerability managementUse asset management or vulnerability managementsoftware to track licenses and vulnerabilitiessoftware to track licenses and vulnerabilities
8/23/2019 Top 10 Ways to Speed Up Patching
14/16
ChallengeChallenge 99
Patching a kiosks, ICS or SCADAPatching a kiosks, ICS or SCADA systemssystems
RecommendationRecommendation
Speed up patchingSpeed up patching
1414
eman exp a e reeman exp a e re--re ease o pa c es rom your ven orre ease o pa c es rom your ven or
Demand from your SCADA vendor guidance on the safety ofDemand from your SCADA vendor guidance on the safety ofinstalling standard patch on your critical infrastructure orinstalling standard patch on your critical infrastructure orfactory floors.factory floors.
8/23/2019 Top 10 Ways to Speed Up Patching
15/16
ChallengeChallenge 1010
Large number ofLarge number of patchespatches
RecommendationRecommendation
Speed up patchingSpeed up patching
1515
WeWe cannot control how many patches are released by vendors.cannot control how many patches are released by vendors.But with proper asset management, patch management andBut with proper asset management, patch management andvulnerability management tools and correctly maintainedvulnerability management tools and correctly maintainedinfrastructure we can prepare ourselves better for the dreadedinfrastructure we can prepare ourselves better for the dreadedpatch day.patch day.
8/23/2019 Top 10 Ways to Speed Up Patching
16/16
TwitterTwitter: @: @amolsarwateamolsarwatehttps://community.qualys.comhttps://community.qualys.com
asarwate@qualys.comasarwate@qualys.com
Thank YouThank You
1999 199920122012 QualysQualys, Inc. All rights reserved., Inc. All rights reserved.
top related