The WannaCry ransomware attack, which was one of the largest cyber attacks faced recently, was based on exploit of a Windows OS vulnerability. Just a couple of months earlier, Microsoft had released patches in its MS 17-010 security update. This ransomware that spread across hundreds of countries and infected thousands of computers could have been blocked if appropriate patches had been applied in a timely manner.
The WannaCry ransomware typically targeted older versions of the Windows operating systems. Microsoft had stopped support for these versions some time back, and had advised those users to upgrade to the latest Windows operating system – Win 10. However, due to many reasons – some valid and some invalid, enterprises did not upgrade to Win 10.
The reasons include –
- Necessary hardware upgrades which are deemed too expensive
- Compatibility with existing software applications
- Fear of performance of the new OS
- Usage of unlicensed software
However, the implications of the WannaCry ransomware attack – the ransom demand, loss of data, business down time and loss of reputation – has highlighted the importance of patch management. And a name-only patch-management system will not serve the purpose. It must be effective.
The patch-management system must be compatible with the multiple operating systems, applications and endpoint devices. Many types of endpoint devices are used by employees in an enterprise. Linux, Windows, Mac, and Android OSs are used in devices. Further, various third-party applications, antivirus softwares, etc. are used. The patch-management system must be able to manage the patches on these entities.
2. Effective Tracking
OS vendors and application vendors release updated patches from time to time or as hotfixes due to a critical emergency such as a malware outbreak. The patch-management system must check out the availability of patches for the OSs, and other applications, and download them onto the centralized management server, test them in a simulated environment for compatibility issues and then promptly roll them out to the endpoints. It is very important that the system regularly checks for availability of patches. The more frequently it does, the safer the endpoints and enterprise network.
3. Endpoint Monitoring
All endpoints must be continuously monitored and status of their patches must be updated with the patch management server. The status must be available in real-time on the management dashboard. Whenever a new patch has been downloaded onto the management server, the endpoint must check the server for availability of new patches and immediately initiate installation of those patch updates.
4. Patch Status Monitoring
Even after deployment of the patch, the patch-management system must keep continuously monitoring the patch requirements and ensure that the endpoints are always secured with the latest patches.
5. Adherence to Regulatory Requirements
Based on regulatory requirements, compliance to necessary and defined policies must be adhered to, constantly.