Cyber Risk Management Solutions
Are You Overlooking This Vital Patch Management Process?

Are You Overlooking This Vital Patch Management Process?

Are You Overlooking This Vital Patch Management Process?

patch management processPatch Management is a seemingly simple task that is often overlooked. And has been one of the causes of the biggest breaches in cybersecurity history. IT operations workers that apply the patches are often pulled many different directions, so patch management isn’t always a priority.

While the patch management process seems simple, the actual implementation is overwhelming. There are often many open vulnerabilities and patching them all just seems too complicated.

So, many companies just skip the patch management process and only focus on critical needs.

Sometimes even understand what is the most critical to patch seems difficult.

Enterprises typically have thousands of different pieces of software, ranging from mobile apps on phones to legacy systems of record running in on-premises data centers – and everything in between.

Furthermore, such software is typically a mix of commercial off-the-shelf (COTS) packages, open source software, and custom-built applications. Vulnerabilities crop up in all of these on a regular basis.

Given this never-ending stream of available patches combined with perennially limited security staff, prioritization is essential. A recent Ponemon study underscored this point. “65% of respondents say they find it difficult to prioritize what needs to be patched first,” explains the ServiceNow-commissioned study Today’s State of Vulnerability Response: Patch Work Demands Attention. “To accurately prioritize vulnerabilities, you need to know both the severity—as measured by Common Vulnerability Scoring System (CVVS) scores, for example—and the types of business systems affected.”

Source: https://www.forbes.com/sites/jasonbloomberg/2018/04/16/to-patch-or-not-to-patch-surprisingly-that-is-the-question/#cd948f658fe9

Importance of Patch Management 

“To prevent data breaches, security teams need to patch more quickly,” the study says. “However, the survey shows that they are being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.”

If patch management is not a priority at your organization, consider Responsive Patch Management from Cybriant. As part of our PREtect ADVANCED service, it takes the stress and guesswork out of your hands and put it into our capable expertise.

An often-missed piece of the patch management process is understanding your inventory. Our Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise.

Our Responsive Patch Management Process

By utilizing an industry-leading patch management software and our dedicated experts, your patch management process will always be a priority.

Our patch management process includes:

Step 1: Automatic System Discovery

You can choose the systems that are required to be managed and we take it from there. The agent will perform a vulnerability assessment scan and patch deployment.

Step 2: Online Vulnerability Database

A vital feature of our patch management process is our vulnerability database. This hosts the latest vulnerabilities that have been published after a thorough analysis. When we find a patch that matches a vulnerability on your system, we download the patch from this database. This provides the information required for patch scanning and installation.

Step 3: Vulnerability Assessment Scan

We scan all the systems for missing Windows patches in the operating systems as well as applications. It reports the level of vulnerability after the scan. Missing Windows patches are identified from the local vulnerability database.

Step 4: Approval of Patches

Most often, patches are deployed in a sandbox environment before they are introduced to your entire network. This extra set makes the patch management process error-free and stable. Our team can ensure that the patches tested are directly approved for deployment.

Step 5: Patch Deployment

When approval has been finalized, we will deploy the necessary patches. The status of the patch deployment is updated back to you. The installation process can also be scheduled for a specific time.

Step 6: Patch Reports

Reports are available for system vulnerability level, missing Windows patches, application Windows patches, and task status. These reports can be exported to PDF or CSV formats.

Step 7: Severity-Based Patch Management

Our team will work with you to determine and configure severity levels for missing patches, eliminating the need to evaluate system health and vulnerability status based on a common list of missing patches. This helps deploy patches based on severity and ensures accuracy on identifying missing patches.

Step 8: Automated Patch Management

An important piece of the patch management process is automating patches for computers on your network. We can automatically install software, patches, and services packs in regular desktop activities. This includes:

  • Scanning computers periodically to identify missing patches
  • Identifying and downloading the missing patches from the vendors’ websites
  • Downloading required patches and creating tasks related to patch deployment
  • Downloading required patches automatically and installing them on to specific computers

This process can be specified for a targeted set of client systems. You can choose to have different levels of automation for different sets of client systems. The process of deploying patches automatically depends on the level of automation you choose. This helps ensure that all computers remain up to date with the latest patch releases from OS and application software vendors.

If the patch management process is important to you, but you don’t have the necessary resources on staff to manage it, consider our Responsive Patch Management Service.

 

Patch Management is included in PREtect PREMIUM!

Patching the Meltdown Patch

Patching the Meltdown Patch

meltdown errorAccording to meltdownattack.com, these hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

It turns out the patch that Microsoft created for Meltdown could be worse than the original Meltdown vulnerability. Ulf Frisk, a Swedish penetration tester, warns in his blog:

“Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well.

How is this possible?
In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”

Read more at https://blog.frizk.net/

Last week, Microsoft released an out-of-cycle security patch to address the problems created for the original patch.

Meltdown Patch: CVE-2018-1038 | Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

More on the update from Microsoft: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-1038#ID0EWIAC

Patch Management Policy

Patching is a common issue that we discuss, in fact, it’s one of the top 5 common cyber threats. Did you know:

  • 45% of companies are not using a dedicated patch management solution to distribute and manage software updates.
  • 72% of decision-makers do not deploy a patch within 24 hours after it is released to the public.
  • Failure to patch caused the infamous Equifax breach, releasing the data of 143 million people.

In a recent interview, Chris Goetti, director of product management at Ivanti, says the vulnerability created by the Microsoft patch is pretty significant and something that needs to be addressed with haste, if possible.

“When Microsoft issued a fix for Windows 7 and Windows Server 2008, they made a mistake and ended up opening up read and write access in RAM so anybody could access anything in memory and write to it,” he says. “It is a significant vulnerability and leaves those systems pretty much exposed” without the update.

If you don’t have time to test the new patch, a best practice may be to roll back to the March update and wait for Microsoft’s next update on  April 11.

“We are close to the April update,” Goetti says. “Our guidance is to either apply the new update or roll back the March update,” for Windows 7 x64-bit systems and Windows Server 2008 x64-bit systems, he says.

Patches a Problem?

Message from Meltdown and Spectre: Create a Patching Strategy!

Message from Meltdown and Spectre: Create a Patching Strategy!

“Those who patch, prevail.” – Unknown

While patching may be the most boring, thankless job in the IT department, it could be the one that prevents the most cyber attacks. Hackers use known vulnerabilities to launch attacks on businesses. Having your systems updated and patched may be the best first line of defense.

On January 3rd, 2018, Meltdown and Spectre were revealed. These security flaws exist in nearly every Intel CPU built since 1995. Both vulnerabilities involve speculative-execution side-channels that can be exploited to steal sensitive data from the devices in your network.

The Meltdown vulnerability, CVE-2017-5754, can potentially allow hackers to bypass the hardware barrier between applications and kernel or host memory.

The Spectre vulnerability has two variants: CVE-2017-5753 and CVE-2017-5715. These vulnerabilities break isolation between separate applications.

Both flaws provide hackers with a way of stealing data, including passwords and other sensitive information. If hackers manage to get the software running on one of these chips, they can grab data from other software running on the same machine.

While these flaws are unique since the vulnerabilities were found in the way the chips were manufactured, there is a way to help prevent any damage. You guessed it, patching! But, it’s not that simple…

Updating your patches will not simply fix the Meltdown and Spectre vulnerabilities. Your team should take the time to test patches to minimize the impact on your hardware and applications. Be sure to use industry best practices and thoroughly test each patch before implementing them company-wide.

 Bleeping Computer has a full list of patches and updates available here.

Let’s make patching the best, most rewarding job in the IT department.  Remember WannaCry? And how many companies would have been protected if they had used the patch made available by Microsoft? Don’t wait for the next attack!

 Plan to Fail  = Plan to Win

When any new cyber attack or vulnerability is announced, many companies will panic and create more disorder that is necessary. The best thing your organization can do is to plan to be attacked and monitor your network like you are currently being compromised. Have a strategy ahead of time. Discuss worse-case scenarios with management and have a communications plan in case something goes wrong.

We recently discussed how the cyber attacks of 2017 didn’t change the attitude or security budget of many organization around their cyber risk strategy. In addition to making patching part of your core strategy, there are typically five fundamental services that should be done proactively to help protect your organization. Those services include 24x7 SIEM with security monitoring, vulnerability management, patch management, endpoint detection and response, as well as security awareness training. These services help you create a solid security practice that ensures compliance and proactively protect your organization.

To make it even easier, all five services are available in one integrated package called PREtect from Cybriant. Find out more: https://www.cybriant.com/pretect

By planning to be attacked, you will be aware of what is on your network. You’ll be able to protect your organization and reduce the dwell time of those attacks.

PREtect