200px wide
1300 378 676
+61 7 3120 0640
[email protected]
CONTACT US
CALL US
CONTACT US
  • Corporate Services
    • IT Support Services
      • Managed IT Services Brisbane
      • IT Consulting
      • Outsource Your IT Department
      • IT Audit & Review
      • Project Services
      • Virtual CIO Services
      • Corporate Apple Services
      • Mobile Device Management
      • IT Support Sydney
      • IT Support Melbourne
    • IT Cyber Security Services
      • Managed Security Services
      • ISO 27001 Services & Consulting
      • IT Cyber Security Audits & Assessments
      • Information Security Management
      • RFFR & DESE ISMS Services
      • The Essential Eight Framework
    • Managed Cloud Services
      • Private Cloud
      • Hybrid Cloud
      • Cloud Consulting
      • Microsoft SharePoint
      • Microsoft Office 365
      • Power BI
      • Amazon Web Services
      • Microsoft Azure
      • Colocation & Server Hosting
      • Cloud Backups
      • Microsoft Teams
    • Managed Network Services
      • Business Internet
      • Power Apps Development & Consulting
      • Managed Wi-Fi
      • Network Security
      • Private WAN
    • Business Telephony
      • Hosted PBX
      • On-Premise PBX
      • Microsoft Teams Calling
      • Call Centre Services
    • Hardware and Software Procurement
    • Supported Industries
      • Accountant & Finance IT Support Services
      • Civil & Construction IT Services
      • Creative Industries IT Support Services
      • Law Firm & Legal IT Support Services
      • Not For Profit IT Support Services
      • Healthcare IT Support Services
      • Real Estate IT Support Services
      • Manufacturing IT Support Services
  • Education Services
    • Education Device Procurement & Technology in Schools
    • IT Support for Education Services
    • Mobile Device Management for Schools
    • Professional Development for Teachers
    • Apple Solution Expert
  • Case Studies
  • News
  • About Us
    • Why Choose Us?
    • Client Testimonials
    • Partners and Awards
    • Careers
  • Contact Us

EWOTEE Ep 5: Patching Apps & Operating Systems

November 19, 2021 By Melissa Hoarau

Patch Applications & Operating Systems

Essential 8 Mitigation Strategies 2 & 3: (Patches, updates, or vendor mitigations for security vulnerabilities in internet-facing services should be applied within two weeks of release, or within 48 hours if an exploit exists.)

Let’s delve into what this means.

 

 

What are patches?

Patches are fixes in software code that address security gaps, add new functionalities, or repair broken functionalities. These patches usually come in the form of an update (for instance; the notifications you’ve inevitably received for Windows 10, Adobe Reader or even your phone’s operating system).

Everyone dreads these updates, but it is vitally important we stay on top of patches to minimise security risks. Failing to update applications or software can cause critical issues in the integrity of your devices and computers, as these patches keep you one step ahead of attackers and their latest methods of exploitation. In fact, about 57% of data breaches are attributed to poor patch management.

As an enterprise or organisation, especially one with hundreds of employees and devices, managing patching can become a real pain. Unless you have implemented whitelisting or mobile device management, it can be difficult to keep track of every application, software, browser, and even plugin that has been installed on your systems.

You can send email blasts out to your users to remind them to update when a new patch comes out, but as mentioned, no one likes updating their devices, and many users may just put it on the backburner, which can cause serious gaps in your cyber security for attackers to exploit.

The best way to keep on top of patching yourself is to create a patch management plan and policy. To do this, you must first start with understanding the devices, operating systems, browsers, and third-party applications your users have installed on your network, and segment them into high and low risk categories.

Once you’ve done this, create a policy that establishes which applications will be patched and when, and under what conditions. For example, someone with admin privileges may need to patch their applications automatically, while those with restrictions are offered a more flexible timeframe. Another example is setting a 24–48-hour timeframe for OS updates but allowing a 1–2-week timeframe for browser or non-critical updates.

After you have your policy in place, follow up with audits to ensure your employees and end users are compliant, and review and optimise your policy to ensure you are following best practices.

Patch Apps & OS Maturity Level 1:

Requirement 1:

Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services and operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.

Requirement 2:

Patches, updates or vendor mitigations for security vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, security products, and operating systems of workstations, servers and network devices are applied within one month of release.

Requirement 3:

A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in internet-facing services and operating systems of internet-facing services.

Requirement 4:

A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, security products, and operating systems of workstations, servers and network services.

Requirement 5:

Internet-facing services, office productivity suites, web browsers and their extensions, email clients, PDF software, Adobe Flash Player, security products, and operating systems that are no longer supported by vendors are removed or replaced.

Don’t want to keep track of patches manually?

Luckily there is plenty of software or IT companies out there that can do the grunt of the work for you. By employing software vendors or MSPs, you can automate updates and patches to a granular level and set and forget it, revising occasionally to ensure patches are rolling out correctly.

Filed Under: News

How To Achieve ISO 27001 Certification

11 Types of Phishing Attacks

Mastering Microsoft Ep 8: How to Externally Share Files in SharePoint

Tags

amazon Apple apps brisbane lions business network security cloud computing cloud management cloud migration cybercrime cybersecurity education email scam emerging technology facebook Google HomePod hybrid cloud management IT Events IT managed service provider it outsourcing IT services it strategy Microsoft microsoft office 365 Mircosoft password security phishing Phone Solutions remax australia remote work two-factor authentication virtual desktop infrastructure windows workplace productivity

Latest News

  • How To Achieve ISO 27001 Certification
  • 11 Types of Phishing Attacks
  • Mastering Microsoft Ep 8: How to Externally Share Files in SharePoint
  • What is cyber insurance and do you need it?
  • Phishing Attack Prevention: How You Can Avoid Becoming the Catch of the Day

eStorm Australia Head Office

Level 1, 16 Old Cleveland Road
Stones Corner, QLD 4120
P: 1300 378 676
P: +61 7 3120 0640
E: [email protected]

Service Centre Springfield

1/145 Sinnathamby Boulevard,
Springfield Central, QLD, 4300
P: (07) 3180 4228
E: [email protected]

Service Centre Toowoomba

11/12 Prescott St,
Toowoomba City, QLD, 4350
P: (07) 4596 6268
E: [email protected]

Interstate Contact

Sydney
P: (02) 9188 5148
Melbourne
P: (03) 9088 6431

 

Client Tools

Pay Invoice
Remote Support
Additional Support
Create a Ticket

NDIS provider

QAssure - 10805 - eStorm
GITC: Q-4675
DET QLD preferred
DoE QLD preferred Supplier

Find us on LinkedIn Follow us on Facebook Find us on YouTube

© 2022 eStorm Australia. All Rights Reserved.

Terms of Service | Refund Policy | Privacy Policy | Social Responsibility Policy