In this week’s Whiteboard Wednesday, Justin Buchanan, Solutions Manager for Vulnerability Management and Offensive Security, discusses what patching is and why it is important. He explains the common sources of patches—OS vendors, application vendors, and network equipment vendors—and how patch management tools like IBM BigFix and Microsoft SCCM can help you remediate vulnerabilities.
Hi and welcome to this week's Whiteboard Wednesday. My name is Justin Buchanan, Senior Solutions Manager for Vulnerability Management and Offensive Security solutions, here at Rapid7. Today we're going to talk about patching. What are patches? Patches are fixes for errors that perhaps we've made and we need to correct. Modern software is extremely complex and very difficult to make, and as a result mistakes do happen. When those mistakes happen, we have to go back afterwards and apply a fix. This is commonly referred to as a patch.Show more Show less
Before we dig in a little bit more, let's understand where patches came from. Back in the day, when we used to program computers, we would program them with punch cards. We would actually use paper, punch holes in it, and feed those into the machines. The machines would read those various holes as instructions. When we made mistakes in our instructions, we would take back the original punch card and apply a patch to the erroneous hole. That may be actually like a piece of tape over that hole so that it was no longer there, and we'd feed those instructions back in.
Today it's a little bit different, but it's still the same concept. We're probably familiar with it when we see the Windows update box pop up on our machine. That means that for some reason the software that Microsoft has provided to us needs to be retroactively updated in some way, perhaps there was an error in the code that was released or some other kind of issue. When that happens we install the updates. As always, make sure you install your updates right away every time. In terms of who makes patches, we mentioned one already. We're familiar with Microsoft as an operating system vendor. Operating systems have a really important job of managing all of the components of our computer systems for us. A lot of opportunities there for us to need to go back and maybe fix some things that we set up a certain way in the past, so they'll release patches to fix any kind of issues there.
We also have application vendors. When we think of this we think of some tools we use at work like Slack, or Zoom, or Microsoft Word. These applications critical to our success and also critical that we always have them patched up the best way and 100% ready for work. Then we have network equipment vendors. These ones are a little bit trickier. When we think about our home environment or our office environment, we often have devices that are connected but less successful to us. Things that come to mind is routers, switches, and things like Internet of Things (IoT) video cameras. These also run software and that software can sometimes have issues with it, and they also need to be patched. That process might take a little bit more work, but it's also just as important.
When we think about patches holistically, when we only have a few things to manage, like just the updated on our individual laptop, or just the updates on our one router at home, we can probably handle it ourselves. But when we think about our modern environment at our companies, now we need some help. We have quite a few different assets to take care of and a lot of diversity in terms of the systems that we need to work with.
So manual is not going to work in our corporate environments and that's where we can turn for help to tools like IBM BigFix, which can help us understand what patches are available and help us do the work of installing them, Microsoft SCCM, which is going to help us with our Microsoft assets, our Windows servers, our Windows laptops, help us make sure that the patches for those devices are installed, and in our modern dynamic environments like cloud environments we can use our infrastructure orchestration tools like Ansible, Puppet, and Chef to help us make sure that when we're going through the process of building these assets for the first time we're installing the operating system and then also layering on all the appropriate patches to keep those systems safe and secure.
Patching is the most important part of a vulnerability management program. In vulnerability management when we have identified a vulnerability, we can really do one of three things. We can either accept that risk for our business, we can implement compensating controls, so we can do something else to make the vulnerability of that machine mitigating, or finally and most commonly we can remediate, we can actually install the patch if available to fix the issue that is causing the vulnerability on that machine.
If you'd like to learn more about how you can understand all of the vulnerabilities in your environment, all of the patches that are available to help correct those issues in your environment, and orchestrate the process of getting that work done, patching up those holes, head on over to rapid7.com/try/insightVM. That's it for this week's Whiteboard Wednesday. I hope that it had you in stitches.