By Logan Gilbert

What is Patch Validation?

Introduction

A recent report indicates nearly 20,000 new software vulnerabilities were discovered in 2017 – an all-time high.1 Think about that for a minute. That’s an average of 55 new vulnerabilities per day. That’s a lot for any IT shop to manage.

Now there’s good news and bad news. The good news is that patches were available for 86% of those vulnerabilities on the day of disclosure. The bad news is that most organizations continue to struggle with patch prioritization, application, and validation. And as IT workloads increasingly migrate to the cloud, vulnerability visibility tends to decrease – exacerbating an already difficult challenge.

Let’s take a closer look at how to manage cloud patch validation effectively.

First, a Patch Management Primer

Patch management is the practice of updating software with code changes that address vulnerabilities exploitable by cyber attackers. Even though it’s been around for decades, patch management remains a challenging process for most IT organizations.

Modern enterprises have complex IT environments with multiple integration points between business systems. That makes it is difficult for software developers to account for all unintended consequences, e.g., a condition that could close a port, disable critical infrastructure communication, or even crash its host server.

And focusing on the effective patching of known vulnerabilities is the unquestionable ‘big bang for the buck’ play. In 2017, Gartner reported 99% of exploits are based on vulnerabilities that have already been known to security and IT professionals for at least one year.2

Cloud Patching Fundamentals

The first key to closing down the right vulnerabilities in your cloud IT infrastructure is visibility. Without visibility into your cloud systems and applications, you can’t really know if both those systems and applications are patched where it is most important. The second key is patch validation. Simply firing off a patch is no guarantee that it activated properly. It may, or may not, have deployed successfully. How would you know?

The Ziften Approach

Ziften provides the visibility and validation you need to ensure your cloud IT environment is safe and secure from the vulnerabilities that matter:

  • Detailed capture of discovered OS and application vulnerabilities
  • Findings mapped to vulnerability insight references, e.g., OWASP, CIS, CVE, CWE, and OSVDB
  • Detailed explanations of the implications of findings, business impacts, and risks for each of the identified exposures
  • Vulnerability prioritization based on asset criticality and risk of attack
  • Remediation recommendations to close identified deficiencies
  • Detailed steps to follow while mitigating reported deficiencies
  • Detection and mitigation of attacks that exploit unpatched systems with quarantine procedures

Far too often we find that the data from customer’s patching systems incorrectly report that vulnerabilities are indeed patched. This creates a false sense of security that is unacceptable for security operations and IT operations teams.

Learn more about how Ziften can help.

  • 1 https://www.infosecurity-magazine.com/news/flexera-20000-new-software-flaws/
  • 2 Technology Insight for Patch Management Tools; Gartner, April 3, 2017
Get the General Here