By David Araujo *
Does your company currently have an effective Patch Management policy?
THE information has become one of the most valuable assets for the vast majority of organizationsWhile intangible, they are often critical to the business or organization, so that information is now considered to be active - and since every asset has great value - it has become the target of many groups and areas, from competitors in market competitiveness to attacks. cybernetics for the purpose of stealing or hijacking information.
According Threatcloud, on 05/30/2019 31,269,136 cyber attacks of various types were detected around the world.
Digital information solutions are constantly evolving, organizations have new needs, manufacturers have new products, and market competitiveness encourages innovation. This scenario results in constant product and asset updates, mostly bringing vulnerability fixes or enhancements, adding great importance in keeping the environment up to date.
With the dynamism of information technologies, the Patch Management (Patch management) has become crucial to information security. In a nutshell, Patch is a term used for software upgrades provided mostly by the manufacturers themselves for various purposes, predominantly for bug fixes or vulnerabilities and enhancements. These updates are available very often, so that organizations with multiple assets using multiple products now have the need to manage these patches, making patch management increasingly important for information security.
Patches with updates may change the behavior of software, assets, or the way some operations are performed, resulting in incompatibility with some system element, or by limiting the manufacturer's support for the environment, making patch management a complex and with a high demand for responsibility to keep the system running.
THE patch management it may seem simple when it comes to a small group of assets with similar functions and products, but when it comes to a network with a variety of products, assets, software and configurations, manually managing patches becomes a time consuming, unviable and complex activity, so many manufacturers have developed specific solutions for managing patches or even refined their existing products by adding them to them.
There are several patch management solutions from different manufacturers on the market, this article will cover two solutions: IBM BigFix Patch and Microsoft SCCM:
- IBM BigFix Patch: The solution significantly improves patch management across networks by supporting up to 250,000 stations through just one centrally managed server, with a wide range of OSs and structures, from desktops and notebooks to ATMs and virtual servers.
The solution also supports compatibility with other tools, such as IBM Fixlet, allowing you to use messaging and link policy updates, monitoring, enforcing, and evaluating asset needs and compliance with each update.
The solution has dashboard and scans tools, detecting the systems used in the network, their products and versions, providing the administrator with fast and clean wide visibility, improving the management in an agile and efficient way.
- Microsoft SCCM: The solution provided by Microsoft also offers significant enhancement when managing patches by providing support for varied networks quantitatively and qualitatively.
The solution is distinguished by the abundant variety of applications and integrations offered, allowing to manage several sectors in a single platform, integrating with other applications and Microsoft OS.
The focus of the solution is on system monitoring, with patch management as one of its functions, integrating with Windows Update, for example.
Several vulnerabilities are found daily in various systems and products. The organization CVE Miltre, provides an informative database of vulnerabilities found and reported from different sources, from manufacturers to the web community itself. Very often these represent critical vulnerabilities, which if exploited, can have significant impacts on organizations.
Most of the vulnerabilities are found in outdated products, and their fixes are to update the product to the latest version.
Here are some examples of critical vulnerabilities that can be addressed through vendor-made updates:
- CVE & #8211; 2019-2725: A vulnerability found in Oracle WebLogic Server allows a successful attack to remotely execute commands on vulnerable servers via HTTP requests without requiring server permission, resulting in malicious files (such as ransomware) being downloaded. through IPs controlled by the attackers themselves, enabling the hijacking or compromise of information.
- CVE & #8211; 2019-9978: A vulnerability has been identified in the “Social Warfare” plug-in for WordPress where a successful attack allows arbitrary code to be executed through PHP pages, giving the attacker control of the vulnerable asset.
Fixes for both vulnerabilities were made available by the manufacturers themselves through patches, so that systems that are updated with the latest version of their products are not subject to these specific attacks.
Conclusion
O patch management has a crucial impact on information security, mitigating the vulnerabilities of a system and enabling more efficient use of the product with the latest applications.
However, this practice requires a great deal of responsibility from managers and administrators, as failure to evaluate versions and upgrades of products on a network can result in a vulnerable network whose threats have a major impact on the organization.
* Davi Araujo is an Analyst from Safeway Consulting
Regarding the [SAFEWAY]
SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
Let's make the world a safer place to live and do business!