What’s in a Patch

-Derek Melber

Patching has to be one of the most fundamental security concepts in computing. There is a bug or security issue, so someone creates a fix for it and puts the fix in a file (called a patch), which when installed fixes the problem. Thus “patching” the system. So, why is “patching” such a problem? First, everything has bugs and security issues. Software, operating systems, hardware, firmware, drivers… everything. Second, most things have MANY bugs, and some things have MANY security issues. Third, often the patch will cause problems, sometimes the problems are worse than the original bug or security issue. Fourth, most organizations have so many devices and are so far behind patching that there is no possible way to catch up on patching everything they have.

How Should We Patch in 2024?

Whether you are an MSSP or an Enterprise, you need to take a logical approach to patching. The logical approach is to patch what matters.

Security patching is essential (High CVSS and EPSS scores)
Critical functionality bug fixes
Zero-day

Ideally, if you are an MSSP, you want to be able to send out patches to all customers with as little effort as possible. This is possible with the right RMM solution. The key is to be able to categorize your assets from the global, company, and custom levels. This gives you the flexibility to easily send patches to the targets you need to patch with as few clicks as possible. The right system will allow you to set up the automation of the patching, such that the system will automatically patch any system that meets the criteria you define.

If you are an enterprise, you will want to setup a scheduled deployment, giving you time to pilot test your patching solution. This is ideal so you can set up your deployment, test your patching, then the deployment will automatically reach all of your endpoints with little to no effort from your workforce.

Of course, you will want to restrict your critical servers and workstations from these automatic patching scenarios. The critical servers and workstations need to be handled manually, as they need to be checked to see if there are any issues with the patching process.

Summary

Patching is essential. The right system can help you regulate your customers and their endpoints, to ensure they are as secure as possible. Securing as many workstations and servers, with as little effort is the key. However, the right RMM system is important! Flexibility is pivotal for MSSPs, enterprises, SMBs, and everything in between.