How to Improve Vulnerability Patching Efficiency through Automation

Last updated at Mon, 08 Jan 2024 15:39:33 GMT

The 2019 Forrester Total Economic Impact™ of Rapid7 InsightVM found that our customers saw a 60% reduction in effort for patching, thanks to automation and improved workflows, especially through integrations with popular patching software. But just how can automation improve your security team’s patching efficiency.

An overview of the traditional vulnerability management and patching process

As long as computer networks have been vulnerable to attacks, the vulnerability risk management (VRM) process and its end point (patching) have followed a standard set of steps.

First, the security team has to gain visibility into assets, including:

• Everything onsite, such as servers, laptops, and other assets
• Offsite devices, such as remote laptops
• Cloud devices and third-party assets

In recent years, network perimeters have blurred, and inventory of infrastructure can be difficult to maintain, especially through manual processes. Once your team has gained visibility into what assets you have, security has to determine how those assets are being used and what vulnerabilities they are exposed to.

From there, you have to prioritize the assets through thorough assessment, including determining which vulnerabilities or misconfigurations they have. After the assessment, you’ll have identified a lot of risk—always more than you will ever have time to work on. This means you have to prioritize which risks need to be fixed. Generally, there are two questions you have to ask to determine the priority of threats: First, what’s important to the business? For instance, an identified risk of an attack on your payroll system would be a much higher priority than risk to an individual’s laptop. Second, which vulns are attackers actually taking advantage of? This takes an in-depth understanding of the current threat landscape, which your security team may or may not have time for.

Then comes reporting, which generally means printing a PDF report of what needs to be patched that goes onto an IT professional’s desk. Usually, this printed report will be enormous, which means the IT professional is not going to be happy that you’ve added so much to their existing to-do pile. There will be a lot of back-and-forth about competing priorities, further muddied by an assumed existing lack of communication between IT and security.

Unfortunately, while it is your team’s job to identify and analyze risk, remediation and patching must be completed by IT. This means that the biggest challenge in patching, for both the security team and the IT team, is in this disconnect between the two teams. No matter how much time and effort your team has put into visibility, assessment, and prioritization, remediation can’t happen without good interaction between IT and security teams.

Automation as the solution to patching inefficiency

Automation removes the convolution and adds structure to the VRM process, ensuring communication bi-directionally between all teams and making the process more straightforward. Humans can never be fully replaced in the patching process, mostly due to politics, such as change control boards and policy management teams, but the repetitive and menial tasks between key points is where automation brings a lot of value and time-saving.

For instance, IT and security teams often have different ticketing processes, which can be a major point of contention in assigning, tracking, and completing remediation and patching activities. If the security team can plug their security solution directly into the ticketing system that the IT operations team uses, they can break down the barriers between siloed IT operations and security. Automated VRM systems should include integrations with popular ticketing solutions like ServiceNow or Jira so that the security team can put the risk information directly into those tools and ensure they’re synchronized as progress is made.

Integration is also an important part of automating orchestration, which is another area where patching processes tend to clog up. Automation-assisted patching can be possible in vulnerability risk management solutions through integrations with patch management tools like Microsoft SCCM and BigFix to go even deeper into the IT stack to where the work really gets done.

InsightVM and Automation-Assisted Patching

You may have noticed that Rapid7 refers to our automation processes for patching as “automation-assisted”. This is because we make room for necessary human interaction within the automated workflow, such as if a human needs to make a decision about how to proceed.

InsightVM allows you to automate workflows for assets or vulnerabilities. To do so, you simply set up a trigger, then select a workflow and a connection type (which is set up inside the app to communicate with integrated systems). Finally, you confirm, and activate.

From there, you can click on the workflows tab, which shows you all the automations you’ve created and where they are in terms of three statuses: running, paused, and succeeded. If a human decision is necessary in a workflow, it will be paused until a person selects the option to move forward.

Rapid7’s InsightVM is the automated solution to help improve your patching efficiency by addressing all the steps in the vulnerability risk management process. You can gain clarity into risk, extend security’s influence, and see shared progress—all with the final result of reducing risk across your organization.

By decreasing manual effort by 60%, InsightVM’s automation-assisted patching saved more than just time for the five organizations who were surveyed for the Forrester Study; it also saved an average of $188,000 per year.

If you’re ready to make automation-assisted patching part of a more efficient security ecosystem, and to go from simple patch management to full vulnerability risk management, get in touch today for a demo of Rapid7’s InsightVM.