Patch Management and Deployment Software for SMBs

Patch management forms an important part of every IT administrator’s responsibility to maintain a secure network by ensuring that the latest security patches and OS service packs are installed network-wide. This task prevents the exploitation of any IT vulnerabilities that may exist within the organization’s network. The increase in worms, Trojans, viruses and hacker attacks that target known vulnerabilities on unpatched systems, has heightened the importance of effective patch management and patch deployment on all computers on the network as soon as these are made available.

Were a virus or hacker to gain access to the network, through even just one compromised system, this would wreak havoc and cause downtime whilst also being an expensive situation to fix. Besides preventing such an unwanted situation, patch management software also plays a part in adhering to recent compliance regulations such as the Sarbanes-Oxley Act and HIPAA, which serve to assure that enterprises maintain control of their information assets.

Effective patch management solutions involve the discovery of software vulnerabilities and the subsequent patch deployment to the multiple computers found on the network. Understanding the harmful effects that unpatched computers could have on the network, yet recognizing that ensuring network-wide coverage is a challenge, an easy-to-administer patch management solution has become a necessity for IT administrators.

Security patches are additional pieces of software developed to address security vulnerabilities and other problems in software packages; they address security flaws within a program or enable additional functionality. Vulnerabilities are flaws that can be exploited by an outside malicious entity to gain access or secure more privileges than are actually authorized on that particular computer. If compromised, an unpatched computer on a network can then be used as a portal to infect and take control of other computers. This underscores the importance of relying on effective patch management software to prevent risks that can threaten the security of the entire network.

Automatic patch deployment should not be a haphazard process but should follow a pre-set policy based on a patch deployment cycle.

• Detect - Use patch management software to scan for missing security patches. The detection should be automated and will trigger the patch management process.
• Acquire - If the vulnerability is not addressed by the security measures already in place, download the patch for testing.
• Test - Install the patch on a realistic operational environment to ensure that the security fixes are suitable and do not compromise your system.
• Deploy – Allow patch deployment to the other computers on the network. Review this deployment to ensure its success with minimum impact on system users.
• Maintain - Subscribe to notifications that alert you to vulnerabilities as they are reported. Once a new security patch is available, the process is started again.

Automatic patch deployment helps support a company's patch management best practices and means that patch deployment is no longer a daunting and time consuming job for IT administrators. An automated patch management system reduces the time and money that is usually spent dealing with vulnerabilities and protecting the system against attacks. The system tracks multiple machines that are unprotected and deploys the required security patches. Having a solution to manage patches ensures that enterprises are constantly secure against threats in operating system and application software. It is always better to prevent exploitations from happening, both in financial and security terms, than to have to solve the problem after the attack has occurred.

Most major attacks tend to occur in the immediate hours after the release of a security patch, as those are the moments when organizations will be detecting, acquiring, testing and deploying the patch, therefore the system will be in a particularly vulnerable state. The common method used by attackers, upon immediate release of a security patch, is for them to reverse engineer the patch in as little time as possible, identify the vulnerability and subsequently develop and release exploit code, thus hitting organizations at their weakest moments.

Patch management is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. It is a cyclical process that must be ongoing because new vulnerabilities and threats occur everyday therefore patches must continuously be deployed in order to keep the system up-to-date with all security features.

GFI LANguard offers SMB IT administrators an easy-to-administer automatic patch management solution which helps them secure their networks faster and more effectively thereby preventing downtime and business loss due to vulnerability exposure. It integrates seamlessly with WSUS server. Combining both WSUS and GFI LANguard allows IT administrators to download and automatically deploy patches and OS Service Packs from Microsoft in all 38 languages but additionally deploy patches to ISA Server installations, machines running Windows NT and deployment of third party software patches and software (which WSUS does not). It also provides customizable reports of scans performed across the whole network including applications and resources. GFI LANguard is a cost-effective and scalable patch management solution which is tailored and priced for the SMB market.