View this technical presentation on the recommended steps to achieve a best practices approach to patch and vulnerability management. Take away the critical items and processes you need to address to help you reduce costs and risks in the long term.
2. Today’s Agenda
Introduction
Curing Your Patch Management Headache
with Lessons Learned from the Field
• Laying the Groundwork
• Before Patch Tuesday
• On Patch Tuesday
• After Patch Tuesday
Q&A
3. Today’s Panelists
Russ Ernst Jim Czyzewski
Group Product Manager Supervisor – Clinical Desktop Support
Lumension MidMichigan Medical Center
3
4. Why Is Patch Management Important
Sources of Endpoint Risk
5%
Zero-Days
30%
Missing Patches
65%
Misconfigurations
Today’s Endpoint Security Stack
AV
Device
Control
Application
Control
Patch & Configuration
Management
4
5. Benefits of a Solid Patching Process
Malware Costs Money Patching Reduces Target Size
5
6. Patch Management Best Practices
Laying the
Groundwork
Patch
After Patch Before Patch
Management
Tuesday Tuesday
Process
On Patch
Tuesday
6
15. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Prepare Resources
• Schedule Resources
» Allocate IT resources for Patch Tuesday while also integrating additional patch
release schedules from third-party applications, such as Adobe, Apple (ad
hoc), Java and so forth
» Review the patching needs of any internally-developed applications and/or
custom patches and consider deploying these patches as part of the monthly
patch cycle
• Reserve Down-Time for Servers
» Reserve time slots to be able to deploy patch updates to any mission-critical
servers within 72 hours of the Patch Tuesday release
15
16. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Watch for Pre-Announcements
16
17. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Confirm Reporting Up-to-Date
17
18. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Deploy Missing Updates and Pre-Requisites
18
20. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Study Information and Security Briefings
• Important information to consider when understanding the impact of Patch
Tuesday on your environment includes:
• Bulletin Severity
• Whether or not the vulnerability is known/publicly disclosed at the time of release
• Does the vendor know of any active exploits at the time of release
• Value of the asset being patched
20
21. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Prioritize Potential Patches
21
22. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Test and Install Patches
• Follow Internal Change Control Planning and Approval Process
• Staged Testing
• Deploy applicable bulletins to test groups
• Ensure successful deployment before rollout to additional groups in the environment
• Pay special attention to impact to custom-developed, internal applications
• Staged Deployments
22
24. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Deployment History
24
25. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Calculate Time to Deploy
25
26. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Monitor for Compliance
Mandatory Baseline
26
27. Laying the Groundwork | Week Before | Patch Tuesday | Week After
Continuous Improvement
• Checks and Balances
» Review the Effectiveness of Patch Tuesday Remediations
• Metrics Improvement
» Modify system settings, distribution parameters and so forth to further optimize
the system for next month’s updates
» WAN optimization, polling frequency and minimizing the patches being
detected can all help further optimize performance
» Look for computers that did not receive updates at all or those that took
unusually long to receive updates
27
29. More Information
• Free Vulnerability Scanner Tool • Get a Quote (and more)
» Discover all OS and application vulnerabilities http://www.lumension.com/
on your network vulnerability-management/
http://www.lumension.com/Resources/ patch-management-software/buy-now.aspx#6
Security-Tools/Vulnerability-Scanner.aspx
• Lumension® Patch and Remediation
» Online Demo Video:
http://www.lumension.com/
vulnerability-management/
patch-management-software/demo.aspx
» Free Trial (virtual or download):
http://www.lumension.com/
vulnerability-management/
patch-management-software/free-trial.aspx
29
30. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com