The recent critical security update for macOS Monterey, one that includes arbitrary code vulnerabilities, has caused a stir in relation to computer system vulnerability. The issues were both zero-days and they have already been exploited (CVE-2022-32894 and CVE-2022-32893).
Staying on top of patches is hard, especially for larger enterprises. However, it remains that time is of the essence. Without implementing the appropriate updates then most organizations are in the unfortunate position that gives potential adversaries ample time to attack.
Russ Miller, CTO of OPSWAT MetaAccess, a firm that works with critical infrastructure protection (CIP) cybersecurity solutions, has set out his top 5 challenges of patch management that organizations should know to Digital Journal.
These recommendations are:
There are a variety of systems and applications
Every organization now has a mixture of operating systems and 3rd-party applications. Likely, this means macOS, Windows, Linux and more, as well as apps from hundreds of different vendors.
Hybrid workers with systems that are only occasionally connected to a domain
It is hard enough to stay on top of devices you directly manage, but it is more challenging and maybe even more critical to ensure bring your own device (BYOD) or contractor devices are patched before accessing your organization’s resources.
Even urgent critical security patches need some amount of testing
In addition caution is required when rolling out to ensure they do not impact availability. Doing this requires process and automation that supports incrementally releasing a patch to larger groups of devices.
On-going visibility and monitoring of vulnerable systems are a must
Even after you have considered the risk trade-offs and tested and patched the latest critical vulnerability, the work is not done. It is still vital to monitor actively to ensure a device that may have not been connected when you were reacting to the threat is patched when it connects back to resources. You need both visibility into any devices that are not patched, and ongoing protection from a vulnerable device.
There is a shortage of security and IT staff
One common challenge for any size security or IT organization is too few resources for the day-to-day work, let alone the fire drills that each high-profile vulnerability triggers.
Miller concludes the assessment stating: “While looking to alleviate these challenges, organizations should look for solutions that can provide visibility into application vulnerabilities, operate on-premises or remote, can be gradually rolled out in the event of hidden risks, and allow them to enforce different policies for different groups of devices. Additionally, proactively communicating remediation steps to the end-users makes them more likely to patch their own devices sooner.”