Remember Code Red? Not the one from the movie—A Few Good Men! The Code Red that infamously plagued the internet on July 15, 2001. Such was the magnitude of the disruption this computer worm created that it led Microsoft to start patching software vulnerabilities. Before Code Red, patch management was all about IT, not cybersecurity. Meanwhile, computer worms continued their attacks. Finally, in May 2017, came the notorious ransomware cryptoworm—WannaCry. It sure caused a lot of trouble for the security and IT teams at Microsoft. It also made organizations aware that patch management is not just a good-to-have process—it is an absolute necessity!
As tech and economies grew, small grocery shops became supermarkets and now hypermarkets. Marketing, sales, and customer success specialists moved from personalization to hyperpersonalization. Thus, the next chapter in patch management for every organization is simple—automation, rather, hyperautomation.
Patch Management: The Current State of Affairs
No doubt that OS makers have learned from past enterprise-level attacks and have evolved. But threat actors these days are also evolved and on a rampage 24*7. They feed on software and app vulnerabilities. You give them an inch and they’ll make a mile. Believe it or not SaaS folks, there’re operations underway as cybercrime-as-a-service and ransomware-as-a-service.
The current state of patch management as most CIOs would agree revolves around risk analysis. Security teams analyze OS and app vulnerabilities and prioritize them and IT teams implement patches to fix those vulnerabilities or bugs. Unless these risks are prioritized and communicated in advance, your IT will be reluctant to implement patches.
At present, the biggest pain point for IT teams in issuing patches proactively is device availability and responsiveness. So, if there’s no red alert for a particular patch, IT teams won’t push them to devices. And they have a strong case—device downtime. For instance, the laptop of your salesperson who is in the midst of an important meeting presentation can’t suddenly display the message, ‘updating device, please wait’. This is pretty much what’s going on in most organizations. It’s a see-saw between device downtime and device security. Equilibrium is not easy to establish. Then comes the math—the probability mix of vulnerabilities—because not all vulnerabilities have serious exploitation implications from threat actors.
Threat actors prowl around the equilibrium just mentioned above. Security professionals around the world are cognizant of ransomware threats. There’re ransomware-as-a-service (let’s say RaaS) gangs like Conti hunting out there on the web. Cybercriminals love the gaps or silos that may creep in among your IT and security departments. In September 2021, a joint initiative between the FBI and CISA concluded that Conti RaaS led to over 400 attacks on global and US-based organizations.
The current state of patch management affairs may not hold ground in the future. IT and cybersecurity teams need enhanced collaboration as just priority-based risk analysis for patch updates won’t be sufficient in the years to come.
Mapping the Road Ahead
Defeating the relentless approach of RaaS players like Conti and other individual threat actors isn’t a stroll in the park. IT and cybersecurity teams in organizations must be more closely knit than ever before. Their common agenda must be to combat attacks. Reducing the time to patch devices needs to top their priority list. When attackers don’t have sufficient time to exploit vulnerabilities, they’re most likely to relinquish and move away from preying on your organization.
The balancing act between device downtime and reducing the time to patch while keeping device security at the forefront needs to be perfected. As mentioned before, not all vulnerabilities are exploitable; just 10% of them are. This depicts that chasing every little single patch isn’t advisable. Meanwhile, it also doesn’t mean that the rest 90% should be ignored—but they can wait. The risk analysis needs to have a clear mapping of the context and impact of threats. Gaining insights on patches and related vulnerabilities is imperative to realize which ones are weaponized, susceptible to RaaS, and exploitable.
The right mix of patch insights and risk analysis of vulnerabilities is critical to patch management prioritization based on the damage prospects of threats.
Into the Future with Hyperautomation
In the next 5-10 years, patch management would be centralized on two aspects—best cybersecurity practices and developing secure codes. Codes need to be checked for security lapses at the development stage and not once they are downstream in the app or software. This will be essential to the device downtime and patch time balance we talked about earlier.
Unpatched, exploitable vulnerabilities are the prime cause of most data breaches or ransomware creeping into systems and devices. Simply automating patch insights or intelligence would not be enough in times to come. Why? There’re strong reasons. First, remote and hybrid work models are continuing to strive even in the post-pandemic world. To support such models, more organizations will continue to adopt cloud-based operations. Already IT teams find patch management to be complex and considering remote/hybrid work and the rapid shift to cloud, this complexity isn’t getting any easier in the future.
The answer to all patch management and process challenges lies in the next level of automation—hyperautomation. Most unified endpoint management (UEM) solutions today offer automated patch management but even they would need to make a swift shift to hyperautomation in the future. It’s time for IT and security teams to be more proactive and predict real-time vulnerabilities. Threat analysis needs to be taken to the next level to detect, comprehend, and respond to risk patterns of patches. That’s the only viable option to stay in sync with the complex operating patterns of threat actors. Human intervention needs to be minimized as much as possible. Of course, at the final stage, there will be an element of human-based arbitrage. The whole scenario may sound overwhelming but organizations must find a way to achieve hyperautomation of patch management using UEM.
Path to Hyperautomation
So how does a CIO/CISO/CSO ensure that hyperautomation becomes integral to patch management in an organization? The present-day risk-based patch management came into the picture from 2018 onward. Yes, that’s a year after WannaCry (2017). While risk analysis and patch intelligence today can be automated via a UEM solution, are organizations waiting for another large-scale attack to move to hyperautomation? Do they want Conti to strike heavy? No, right? We must keep a close eye on the whole UEM space for developments and innovations in patch management. And innovations would be key to adopting hyperautomation.
The innovative path to hyperautomated patch management will begin with embedding more code-based security controls into software, including security, developer, and policy codes. The same code-based control will apply to patches, exposure, and vulnerabilities. Simply put, patch hyperautomation will be all about inclusive and embedded coding.
Closing It Up
The variants of Code Red and WannaCry will continue to storm attacks on enterprise security and RaaS gangs like Conti will keep finding their ways into systems. Nonetheless, the future needs and will always have ‘A Few Good Men’.
The only way to defend against threat actors is to stay a step ahead of them and move with the innovation tides. Automation of scanning and analyzing vulnerabilities will lay the foundation for hyperautomated patch management. The evolution of UEM will also be a key factor for patch management hyperautomation. As complex the future of patching may appear, IT and cybersecurity teams need to unite to make the move to hyperautomation a reality, and unified endpoint management will have an important role in that future.
Scalefusion UEM offers OS patch management for Windows. Sign-up for a 14-day free trial to know more and schedule a demo.