Implement and Support Patch and Vulnerability Management
Patch and vulnerability management is the process of regularly assessing, testing, installing and verifying fixes and patches for software bugs and flaws as they are discovered. Some of software bugs and flaws are security vulnerabilities that could permit an attacker to control a target system and at result access sensitive data or critical functions.
Patch management is the process of managing all the patches on the system from all vendors. A good management system implements new patches immediately upon release.
This system should include the following processes:
- Automatic Detection and Download of New Patches: This process should occur at least once per day.
- Automatic Distribution of Patches: Be careful not to install a patch on all systems immediately after it is released. First in a lab environment, test the releases of patches on a few systems. If everything is functional and no issues are found, distribute the patches on other systems.
- Reporting on Patch Compliance: Anyway, you need a way to assess your overall compliance. Do 100% of your computers have the patch? Or 70%? So it is very important to prepare these reports because it makes you always aware of the status of patches in your systems.
- Automatic Rollback Capabilities: Sometimes, vendors release patches that create problems or have incompatibilities. At such times the environment should have an automated way of rolling back or removing the patch across all systems.