Patch management

Patch management is concerned with the identification, acquisition, distribution, and installation of patches to systems. Proper patch management can be a net productivity boost for the organization. Patches can be used to defend against and eliminate potential vulnerabilities of a system, so that no threats may exploit them. Problems that can arise during patch management, including buggy patches that either fail to fix their problem or introduce new issues. Patch management tools can help orchestrate all of the procedures involved in patch management.

Description

Patch management is defined as a sub-practice of various disciplines including vulnerability management (part of security management), lifecycle management (with further possible sub-classification into application lifecycle management and release management), change management, and systems management. The practice is broadly concerned with the identification, acquisition, distribution, and installation of patches to systems. Some definitions of patch management are as a software-level practice,^[1] while others are as a systems-level process: software, drivers, and firmware.^[2]^[3]^[4]

Cost–benefit analysis

While reserving time for patching takes up enterprise resources, there are balancing factors which can make proper patch management into a net productivity boost for the organization. Up-to-date systems often perform more efficiently, less expensively, with less errors, less security risks, and better user workflow. Additionally, compliance with changing local and federal regulations are more likely to be satisfied.^[1]^[2]^[3]^[4]

Relation to security management

Patches can be used to defend against and eliminate potential vulnerabilities of a system, so that no threats may exploit them; therefore, patch management can be considered a sub-discipline of vulnerability management. Every device in a system presents an attack surface that must be secured.^[4]

Challenges

There are a multitude of problems that can arise during patch management. A common issue is buggy patches, which either fail to fix their problem or introduce new issues. Another issue is deployment synchronization, since various subsystems may receive instructions to update at different times. Similarly, the difficulty of patch management across many devices may grow at an uncontrollable rate depending on organizational size.^[3]

One prominent demonstration of the challenges facing proper patch management was the buggy Falcon Sensor patch by CrowdStrike which caused one of the worst IT outages of all time.^[5]

Implementations

A patch management tool (alternatively patch manager, patch management system, patch management software, or centralized patch management) help orchestrate all of the procedures involved in patch management. Tools can be in-house (applied locally by local administrators), or external, as with managed service providers (applied externally by a provider).

Patch management software

Intel Active Management Technology, used with Intel vPro technologies, has features like scheduling, upgrade verification, and remote management; implementing patches along with unified endpoint management.^[2]
Windows Update for Business, System Center Configuration Manager, and Windows Server Update Services offer control over patch deployment, with features enabling testing, scheduling updates, and setting custom configurations on Windows platforms.^[3]^[6]

Managed service providers

ManageEngine Patch Manager
SolarWinds Patch Manager
Automox
Atera
Kaseya VSA

References

^ ^a ^b "Patch Management: Definition & Best Practices". Rapid7. Retrieved 15 July 2024.
^ ^a ^b ^c "What Is Patch Management?". Intel. Retrieved 15 July 2024.
^ ^a ^b ^c ^d David Essex; Brien Posey. "What is patch management? Lifecycle, benefits and best practices". TechTarget. Retrieved 15 July 2024.
^ ^a ^b ^c "What is patch management?". IBM. 20 December 2022. Retrieved 15 July 2024.
^ Milmo, Dan; Kollewe, Julia; Quinn, Ben; Taylor, Josh; Ibrahim, Mimi (19 July 2024). "'Largest IT outage in history' hits Microsoft Windows and causes global chaos". The Guardian. Retrieved 19 July 2024.
^ Firch, Jason (30 March 2023). "Windows Patch Management Best Practices For 2023". PurpleSec. Retrieved 15 July 2024.

[rapid7-1] "Patch Management: Definition & Best Practices". Rapid7. Retrieved 15 July 2024.

[intel-2] "What Is Patch Management?". Intel. Retrieved 15 July 2024.

[techtarget-3] David Essex; Brien Posey. "What is patch management? Lifecycle, benefits and best practices". TechTarget. Retrieved 15 July 2024.

[ibm-4] "What is patch management?". IBM. 20 December 2022. Retrieved 15 July 2024.

[5] Milmo, Dan; Kollewe, Julia; Quinn, Ben; Taylor, Josh; Ibrahim, Mimi (19 July 2024). "'Largest IT outage in history' hits Microsoft Windows and causes global chaos". The Guardian. Retrieved 19 July 2024.

[purplesec-6] Firch, Jason (30 March 2023). "Windows Patch Management Best Practices For 2023". PurpleSec. Retrieved 15 July 2024.

[1]

[2]

[3]

[4]

[5]

[6]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Information security management Information risk management Security information and event management (SIEM) Runtime application self-protection Site isolation