Takeaway: In honor of Microsoft Patch Tuesday, here’s a look at 10 areas IT pros need to keep an eye on to ensure a smooth patch management strategy.
The recent spate of Java vulnerabilities has required a number of large vendors to react almost instantly to optimize security levels. But as good as these reactions are, organisations urgently need to apply insightful strategic thinking to ensure that security updates are reaching the entire organisation’s IT estate.
CentraStage analyzed anonymous hardware and software data (including thousands of PCs and servers in 6,000 organisations across public sector establishments currently running our solution) and found that 40 percent of servers and workstations are missing security patches. In addition, six vendors — Microsoft, Adobe, Mozilla, Apple, Oracle, and Google — together released 257 security bulletins/advisories fixing 1,521 vulnerabilities in 2011. In 2010, these vendors fixed 1,458 vulnerabilities, demonstrating the extent of the issue as well as the numbers of bulletins we annually face.
With more and more organizations supporting remote working, the challenge isn’t just to implement patches as they are released, but to be fully confident that devices have been updated and are thus continuously safeguarded. So what areas should IT experts tick off the list for a successful patch management implementation?
1: Ensure transparency
At the heart, asset discovery is essential. If you don’t know what you’ve got, you don’t know the extent of the problem you may have. If you do nothing else, make sure you know where your IT assets are; this is a quick gain that will put your house in order.
Once the estate is established, you need to have real-time visibility of the assets you support. With the urgency in which we need to manage patches, the first secret is to not only have full awareness of the estate but instantly know the health of it too.
2: Don’t just look at the security
Knowing the whereabouts and health of the IT estate is paramount, as it provides the intelligence for ensuring its security. A study of public sector CIOs in December 2012 found that 87% of respondents were either concerned or very concerned about the risks associated with IT security breaches. In addition to security, keep an eye on securing IP, as it can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host.
3: Define your patch nirvana
While the audit and assessment element of patch management will help identify systems that are out of compliance with your guidelines, you should also work to reduce noncompliance. Start by creating a baseline — a standard you want the entire estate to comply with. Once complete, it’s easier to bring controls in line to ensure that newly deployed and rebuilt systems are up to spec with regard to patch levels.
4: Face the facts
You must know which security issues and software updates are relevant to your environment. Further analysis of our data showed that 50 percent of PCs and laptops are still running Windows XP, and 32 percent of devices are more than four years old.
Beyond patch management and the protection against vulnerabilities and exploits that by now must have caught the attention of IT leaders globally is the preparation and planning for end-of-life Windows XP support. If you do not replace, there is no way to safeguard. If you do replace, this has implications on expenditure. Make sure that you have a realistic view of patch management and its limitations, but also ask whether the discipline of patch management indirectly ensures the infrastructure and IT estate is viable from support and budget perspectives.
5: Do it your way with software policies
You can customise policies targeted at filters or groups at the account or profile level. The filter targets can be either the default filters provided within your account or any custom filters you have previously defined. The secret here is to define custom filters or groups to identify devices with specific criteria. One or more of these filters can be associated with a policy to target those devices.
This goes back to your baseline creation. Set the policies from the outset and customisation will be a simple step forward.
6: Get the timing right
Why wouldn’t you implement a patch management update as soon as you can? With baseline mechanisms in place, there’s no need to delay. However, you should consider the time of day for updates by policy — what time will have the least impact on day-to-day business? The ideal timing for updating patches should follow any rollout best practice. Consider the day of the week, the impact on the business if something doesn’t go smoothly, and whether there is sufficient time and resources to rectify if necessary. If your IT management solution is on-premise rather than cloud- based, you might have to take responsibility of scale and load of the update.
7: Audit first — is it too broken to be fixed?
Gaining visibility of devices that are vulnerable is crucial, but so is analysing the overall health of each device. Ensure that all devices are audited prior to rolling out patches or patch policies. There could be a more urgent matter requiring attention before the device can be brought in line.
8: Keep it simple
We are led to believe that the bigger the enterprise estate, the more complex the management. But in most cases, solutions are easily scalable. The issue comes with usability. As complexity increases (and in some cases, the number of solutions and providers also grows), the technology team is used more and more to ensure the estate is kept up to date. Keep usability as simple as possible. There are solutions that do not even require a technically skilled person to ensure the estate is kept up to date quickly and easily.
9: Consider automated solutions
Often, patch management is a distress purchase because vulnerabilities such the ones we’ve seen recently place patch management in a crisis management budget and not an ongoing IT budget. Of course, this has financial implications. Some enterprise IT management solutions may save you money by providing tools that automatically audit and monitor. If automation is behind the scenes, it doesn’t interrupt the business and will keep all software solutions running smoothly, without input.
10: Visualise your patch management
Make sure you can see a graphic representation of your patch management, tailored by severity and whether the patch requires a reboot or user interaction. This also fundamentally supports measurement and service level agreements by reporting SLAs in a way that’s visual. Not only will this help with compliance, but it will demonstrate that IT is making a difference to the business. This makes for better relationships throughout an organisation, whether internal or external.
Open Source Software: The Mega List A jaw-dropping 1,000+ open source software tools. Open source software for, well, everything: Desktop, security, multimedia, small businesses, enterprises, education....
December 19, 2012
By Cynthia Harvey
Throughout the year, Datamation publishes guides to open source software in a variety of different categories, such as security, cloud computing, big data, small businesses, mobility and even games. It's become an annual tradition to compile all those open source apps we've featured into one gigantic list.
Our 2012 guide is longer than ever before with a jaw-dropping 1000+ open source apps in all. As usual, we've divided the list into categories and then alphabetized the projects within each category.
Whether you're a long-time Linux fan or a Windows or OS X user who's curious about the open source phenomenon, you're sure to find something new, interesting and useful.
1. Edoceo Imperium
Designed for small and mediu…
Mengenal Fungsi Dan Komponen Panel Listrik Panel Listrik – Electrical switchboard atau lebih kita kenal dgn panel listrik terbentuk berdasarkan susunan komponen listrik yg sengaja disusun dalam sebuah papan control, sehingga dapat memudahkan penggunaanya. Tuk lebih mengenal fungsi dari panel listrik kita telebih dahulu mengenal komponen- komponen panel listrik dan harus memahami fungsi dari bagian-bagaian listrik itu sendiri Berikut beberapa komponen panel listrik beserta fungsinya yang perlu anda ketahui:
MCB, yg singkatan dari ( Miniature Circuit Board) merupakan komponen panel listrik yang berfungsi sebagai switch pembatas arus akibat dari kenaikan daya /tegangan yg melebihi batas dan atau hubung singkat. Komponen panel listrik ini biasanya terbatas pada arus nominal kecil sampai dgn kurang dari 100 Ampere. Bentuknya ada yg satu pole (satu input dan satu output), ada yg dua pole, tiga pole hingga empat pole.
MCCB, MCCB singkatan dari Moulded Case Circuit Breaker. Circuit Breaker pemb…
Membangun Ruang Server merupakan kegiatan yang tidak dapat dianggap remeh. Untuk sebagian kita menganggap ruang server hanyalah tempat dimana perangkat server disimpan dengan baik. Tapi pada dasarnya, ruang server adalah ruangan yang bisa dikatakan merupakan juga data center dalam ukuran kecil, maka seyogyanya kita juga mengikuti standar untuk pembangunan ruang data center.
Ukuran ruang server umumnya akan sangat bergantung dari kegunaan dan kapasitas penampungan yang direncanakan. Oleh karena itu, ruang server dapat berukuran dari sangat kecil (minimal 2 meter x 2 meter) hingga ruang yang cukup besar.
Kalau kita bicara kegunaannya, umumnya ruang server digunakan untuk :
Menampung perangkat server (baik ukuran tower / rackmounted). Server bisa diasumsikan PC Server juga.Menampung perangkat jaringan, umumnya dalam hal ini minimal switch yang digunakan untuk koneksi ke server atau koneksi ke user.Menampung perangkat sumber daya catuan cadangan (atau kita mengenal istilah UPS)