Implement and Support Patch and Vulnerability Management
Patch and vulnerability management is the process of regularly assessing, testing, installing and verifying fixes and patches for software bugs and flaws as they are discovered. Some of software bugs and flaws are security vulnerabilities that could permit an attacker to control a target system and at result access sensitive data or critical functions.
Patch Management
Patch management is the process of managing all the patches on the system from all vendors. A good management system implements new patches immediately upon release.
This system should include the following processes:
- Automatic Detection and Download of New Patches: This process should occur at least once per day.
- Automatic Distribution of Patches: Be careful not to install a patch on all systems immediately after it is released. First in a lab environment, test the releases of patches on a few systems. If everything is functional and no issues are found, distribute the patches on other systems.
- Reporting on Patch Compliance: Anyway, you need a way to assess your overall compliance. Do 100% of your computers have the patch? Or 70%? So it is very important to prepare these reports because it makes you always aware of the status of patches in your systems.
- Automatic Rollback Capabilities: Sometimes, vendors release patches that create problems or have incompatibilities. At such times the environment should have an automated way of rolling back or removing the patch across all systems.
Vulnerability Management
Security patches are typically proposed to eliminate a known vulnerability.
Vulnerability scanning is a way to discover poor configurations and missing patches in an environment. At result, it is important that there is a process that manages the prioritization and remediation of these vulnerabilities:
- Zero-day Vulnerability: The term for a vulnerability being known before the existence of a patch is “zero-day vulnerability” or ” 0-day vulnerability”. Discovery and disclosure of zero-day vulnerabilities are being legitimatized. These vulnerabilities are becoming increasingly important.
- Zero-day Exploit: Attackers can release malicious code to exploit a vulnerability for which no patch is available. These zero-day exploits is one of the toughest challenges for all organizations.