Software patching is a relatively simple task, and is an increasingly critical key to defend against security breaches by hackers armed with vulnerability scanners. Unfortunately, it is also a procedure that is typically given far too little attention, in part due to the time overhead that properly installing them takes.
On this front, Amol Sarwate, director of vulnerability research at Qualys, has sought to address this issue on a blog titled, "Ten Ways to Speed Up Your Patching." Sarwate essentially describes 10 of the most common hurdles to security patches, followed by pertinent tips on how IT administrators can overcome them. I've gone through the various tips, and highlight three tips that I think will do the most to help speed up the security patching for your SMB.
Conduct proper asset management
Given that unknown or "lost" assets will never be patched, it follows that proper asset management is a first step towards efficient - and speedy - patch management. It makes perfect sense even for smaller businesses, since businesses do grow over time, while older equipment will eventually be upgraded or replaced. This could range from an asset management tool to automatically enumerate devices on the network, to an inventory control system or the use of other procedures to track assets. "No tool is perfect, so try out different ones and select what suit your needs," writes Sarwate.
Check for expired licenses
As more software products switch over to automatic patching, it is easy for administrators to be lulled into a false sense of security. Automatic upgrades are no good, however, if the supposed license of the software product in question is expired, either by mistakenly or deliberately allowing it to lapse. As such, SMBs would do well to conduct periodic checks for expired licenses. Likewise, users of unlicensed or pirated software may also find the ability to download automatic updates stymied.
Implement solutions to minimize downtime
Many software patches require a system reboot that while acceptable for workstations, may not be tolerable for server applications. One way to mitigate this problem is to make use of third-party solutions for high-availability computing that can be used here to eliminate or reduce downtime caused by system restarts. Virtualization is one solution that comes to mind, which when implemented properly will allow patches to be tested and installed without worrying about downtime.
How do you perform security patching in your small and mid-sized business? Feel free to chip in with your anecdotes and tips.