Reduce the Gap Between Exposure and Remediation
I have presented topics on, written previous blogs, and spoken at countless events on Patch Management and why it’s important. It’s one of those areas that every organization claims to have under control, yet the number of incidents we see in the press about data breaches related to vulnerability exposure seems to increase each quarter. Costs associated with cleaning up a data breach far outweigh the costs of good prevention software and procedures.
High-Profile Exposure
Everyone will have heard of the WannaCry ransomware attack that stormed the world in mid-2017. There have been lots of other malware infections, but WannaCry as an example affected more than 200,000 companies in over 150 countries. There are reports that state that WannaCry has cost organizations upwards of $4 billion USD. That’s a huge amount of money for something that could have been prevented simply by following good patch management practices.
WannaCry used an exploit called EternalBlue, which exploited Microsoft’s implementation of the SMB protocol. That means it affected almost every Windows operating system available. Now here’s the issue—Microsoft had issued a software patch to resolve the vulnerability on March 14, 2017, two months prior to the outbreak. Yes, it could have been prevented by applying a single patch.
So Why Wasn’t the Patch Deployed?
While 200,000 represents a large number of organizations affected, the fact is that many did deploy the patch. But what about those infected? On average, it takes an organization 90 - 120 days to deploy a patch to their devices, which is too big a gap between a patch being released and it being deployed.
There are usually a number of factors mentioned when organizations justify why patches aren’t deployed in a timely fashion. Perhaps it’s a shortage in staff to help test or deploy patches. There could be four or five larger projects in play that are consuming the organization’s resources. The greatest challenge is dealing with the vast amount of vulnerabilities that are announced and finding a way to zero in on those that are relevant to you.
According to the National Vulnerability Database (NVD), there were more than 16,000 CVE’s (Common Vulnerabilities and Exposures) in 2018. Sifting through to determine what needs to be deployed can become an overwhelming task for an organization of any size.
Ways to Reduce the Patch Gap
Most large organizations have a Security team whose job it is to protect the environment at all costs. They scan the network for vulnerabilities and report these back to the Operations team in the form of a list of CVE’s. The Operations team, tasked with keeping the organization running smoothly, must take that list and try to work out which patches resolve which CVE’s and then deploy those to the devices that need them.
Two of our patching solutions—Ivanti Security Controls and Ivanti Patch for Endpoint Manager—feature a unique ‘CVE to Patch’ capability that lets you import a CVE list from any third-party vulnerability scanning tool. It then converts that automatically into a list of applicable patches ready to download and deploy. This feature alone can save your operations teams hundreds of hours spent researching CVE’s. It helps you deploy patches to your devices faster and reduces that 120-day patch gap to a matter of hours.
Employ Automation as Much as Possible
Another key way to help reduce the patch gap is to use Automation as much as possible. Matching CVE’s to patches is only one way automation helps. By using runbook automation, you can automate almost every part of the patch process via the API—everything from scanning for new devices, scanning for applicable patches, deploying patches during the patch window, and reporting on the success or failure of the whole process. For complex patch jobs, you can even automate the order in which you stop services, reboot servers, and start everything back up in a certain order.
Ivanti can help you drastically reduce the gap between first learning about a vulnerability and being able to inform your CEO that you’re fully patched.
For more information on how Ivanti can help you reduce the gap between exposure and remediation, click here to organize a demo, download a free trial, or contact someone on our team.