The global Covid-19 pandemic has created a drastic and sudden shift to working from home (WFH) that has caught many companies unprepared from a security perspective. Specifically, in the case of patch management, many organisations have quickly discovered their current solutions struggle to operate effectively in the new remote work environment.
Employees are now out from under the watchful eyes of IT and security teams at a time when security threats are mounting from malicious actors looking to profit from the pandemic. With plenty on their plates already, IT and security teams must ensure managing vulnerabilities stays front of mind, and that they do everything they can to make the process as seamless as possible.
Getting your endpoints in order: Adopting a risk-based approach to patch management
Facing remote work difficulties
Remote working always proves challenging in terms of IT support and security. With employees connecting to an enterprise’s network using a multitude of methods and devices, cracks can soon appear in a secure façade opening opportunities for cybercriminals access to the business’ valuable data, to disrupt services, or to ransom those services or data. Due to the sudden shift to WFH, security professionals have been facing three main challenges over recent months:
Virtual Private Network
Many patching solutions – including Windows Server Update Services (WSUS) and Microsoft System Centre Configuration Manager (SCCM) – have limitations when it comes to remote patching, as they need to communicate with on-premise infrastructure in order to update centrally. IT teams will have to spend time and resources shaping VPN traffic in order to allow updates through it. However, even when this is achieved, VPN bandwidth will be saturated by update traffic – causing lag or downtime for employees trying to get on with their work remotely.
Reconfiguring the patching process and forcing each system to get updates directly from Windows Updates, for example, may reduce bandwidth impact on the VPN, but cause the IT team to lose control and visibility over patching in their environment, which could be detrimental to the security of the network.
Those businesses not prepared or set-up for remote working before it was enforced may now be dealing with the sudden and extreme shift to ‘bring your own device’ (BYOD). Some companies have embraced BYOD for years but, for those who haven’t, the challenges of adopting it overnight can seem unmanageable. These businesses must now cope with corporate data being accessed from countless personal devices outside of their control.
Away from the wider security threats this brings, how can IT and security teams ensure patching is being managed effectively on these devices without the oversight enjoyed within an office environment?
Businesses on a Microsoft ELA may find themselves condensing their plans and pushing remote users to Intune sooner. Intune manages the mobile devices and operating systems that access corporate data and applications – enabling Unified Endpoint Management (UEM) of both company-owned devices and BYOD. In practice, adopting Intune will mean Microsoft updates and patches can be applied to every device accessing the business’ network. But what about third-party updates such as those from Adobe, Google and Mozilla?
Unfortunately, Intune is quite limited and will only push updates from Microsoft, meaning the majority of third-party updates will not be installed across the business’ digital estate. IT teams will have to find a way around this issue, as while Microsoft has an API that will extend Intune’s capabilities, it is limited in what types of packages it can support. Currently it only allows MSI installers and other file types are in a beta phase and vendors are being directed to only use it for testing.
Preparing for future Challenges
Fortunately, businesses can put solutions in place to solve many of the problems faced when it comes to remote patching – hybrid and cloud-based patch management solutions for example. Hybrid options can ensure agents that are off-network can report back to their on-premise management console. These agents utilise secure cloud-based services to get policy updates and return results, but will get the updates needed directly from the vendor’s download centre.
Many companies are focusing on keeping their heads above water in the current global climate, and thus can’t afford to overhaul their IT processes at the moment. However, in the long-term, they should look to add hybrid and cloud support to all of their vendor checklists, from systems management tool sets to troubleshooting tools and security solutions. Those that were unprepared for this shift to remote working will benefit from this forward-looking approach in the future, as there is still uncertainty surrounding when and if businesses will return to traditional ways of working. IT and security teams should therefore ensure they can support all systems – including those on the business’ network and those in user environments, and from on-premise data centres to public and private cloud data centres.
During the age of remote working, where security threats can come from a plethora of new angles, never has it been more important to adopt a layered approach to cybersecurity.
IT and security teams must work together to ensure they have a full toolkit of security initiatives in their environment, including: vulnerability management, privilege access management, application whitelisting, regular back-ups and employee education.
IT and security professionals are facing an abundance of new challenges as they continue to maintain remote environments and contest with uncertainty surrounding what the new world of work may bring. In combination with a layered approach to cybersecurity, adopting hybrid and cloud-based patch management systems can be the difference between winning and losing in these unparalleled times.