Blog post by
As mundane as this might seem, patching is as important as risk management. It should be treated as a risk management exercise. Patches improve the performance of a system and contain data to update, fix, and improve the installed software.
In recent years, the threat landscape has changed significantly. Zero day attacks are negligible. It is the old, unpatched vulnerabilities that are at risk. Estimates show that attackers use well known vulnerabilities for which patches have been available for as long as a year ago.
Patching gap – the time between patch availability and patch application – shouldn’t be long. However, the bitter truth is, many organizations barely stay ahead to fix their most critical vulnerabilities. The question that arises here is, why does it take an organization so long to apply patches? Why do they stake it all to let their sensitive data be at risk?
Reasons could be:
- Sheer volume of patches rolled out by OS vendors
- Limited number of resources available
- To avoid the possibility of system downtime
- Risk that some patches may introduce new vulnerabilities
- Notion that patching is a manual time-consuming process capable of disrupting a fully functional system
Therefore, many organizations deliberately delay patching, not realizing that they are sitting on a ticking time bomb. Numerous patches are rolled out by OS vendors but, not all patches are relevant for an organization’s need.
Data Center Automation (DCA) offers a simple solution enabling you to select patches from the list and apply them to your data center. This is done in 6 simple steps:
- Download and import patch and CVE metadata into DCA.
- Create a list of patches you need based on the applicability scope and add them to a static patch bundle.
- Create a policy with the Measurement Service Level Objective (MSLO) and Remediation Service Level Objective (RSLO) defined. MSLO and RSLO specify the frequency (in days) for scanning and remediation based on the maintenance window defined.
- Attach the static patch bundle to this policy.
- Attach this policy to a resource group. This ensures only the resources that are a part of this resource group get the patch updates.
- Run a patch scan or a patch remediation job, alternatively wait for the scan to run based on the maintenance window defined.
In conclusion, DCA static patching is simple, making an administrator’s life stress-free. It allows you to:
- Pick and choose patches based on priority or remediation need.
- Automatically schedule scan and remediation as soon as the maintenance window, MSLO, and RSLO are defined.
For more information on product features and technical guides, visit the DCA customer documentation.
For more information on what’s new in DCA, use cases, product discussions, idea exchanges, videos and blogs see the ITOM Practitioner Portal.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.