In any IT organization, patch management can be an exhausting endeavor, but for large enterprises, it can seem like a never-ending nightmare. With vast numbers of disparate systems, actually determining which systems need patches, locating the patches, installing them and then verifying that they installed properly can take days. And since patches are released at different times, it’s easy to see how some can slip through the cracks, which could lead to a data breach or compromise of that system.
Having a system in place by which IT staff can easily track patches and manage installation and verify updates is integral to keeping business systems safe and up to date. The National Institute of Standards Technology (NIST) created the publication “Guide to Enterprise Patch Management Technologies,” which is available in our IT Downloads. In this informative document, you will learn details on the importance of keeping systems up-to-date with the latest patches. After all, ensuring that business systems are running at peak performance is just one reason to install patches; providing the latest protections from security threats makes it more of a necessity.
According to the NIST publication, IT should deploy the patch management tools in phases:
This approach allows process and user communication issues to be addressed with a small group before deploying the patch application universally. Most organizations deploy patch management tools first to standardized desktop systems and single-platform server farms of similarly configured servers. Once this has been accomplished, organizations should address the more difficult issue of integrating multiplatform environments, nonstandard desktop systems, legacy computers, and computers with unusual configurations.
This easy-to-read document identifies challenges inherent to enterprise patch management, including:
- Software that auto-updates
- Users manually directing updates to software
- Health check technologies that initiate patches
- Centralized OS management tools that instigate patching
Any of these listed items may seem like a time-saving capability, but when the technologies overlap and attempt to patch the same software, it can create huge problems. IT may have wanted to delay a patch because of testing or interference with other technologies, or security management staff may assume that users are manually directing patches on desktops, but that may not be happening.
To learn the proper way to use patch management technologies to keep your systems up to date, read the entire download. It identifies the various technologies (agent based, agentless scanning and passive network monitoring) and gives important benefits and characteristics of each type. You will also learn to use metrics to ensure your systems are functioning optimally and that your patch management systems are effectively updating enterprise systems.