According to a recent Morgan Stanley report, “2024 Outlook – Rising Demand to Meet Rising Threats,” enterprises should expect a busy year for cybersecurity. Of particular note, the report cited “a historically elevated threat environment.” This was partly due to the stark rise in ransomware attacks — up more than 70% in 2023, coupled with the fact that hackers are getting savvy with AI tools. AI and other forms of automation are expected to help fortify defenses and transform threat detection.
Patching is a key defense mechanism against the increasing barrage of cyberattacks. Morgan Stanley identified patch management as one of the top four tasks that could be effectively automated. Let’s look at why.
One of the easiest ways for bad actors to infiltrate systems is through unaddressed vulnerabilities and missing patches. Known vulnerabilities were the source of the majority of disclosed cyberattacks in 2022, and to no great surprise, the most commonly exploited vulnerabilities had patches readily available. An organization can maintain impeccable security 99% of the time, but with a single lapse, that 1% can lead to a compromise. Conversely, a malicious actor can face failure 99% of the time yet only require that 1% opportunity to succeed.
As such, it is imperative for organizations to strive for absolute compliance, or as near to it as feasible, to mitigate their risk exposure. A significant breach can result in financial repercussions in the hundreds of millions for companies as well as cause tremendous reputational damage.
Many companies find patching to be manual, time-consuming and resource-intensive. Imagine trying to coordinate with Bob in Human Resources, “Hey, I’m going to be upgrading ADP next Tuesday, any issues?” or Sue in Design, “Have you finished your project yet; can we upgrade your AutoCAD?” every time you need to deploy a patch or upgrade. It’s maddening to schedule around the needs of thousands of workers with potentially hundreds of applications constantly needing an upgrade. Is it any wonder that hackers target vulnerabilities — including old vulnerabilities? They’re an easy mark as, even with dedicated team resources, fixes are often error-prone. This never-ending cycle for IT teams causes delays and increases security risks.
But it’s not just sending out patches to one and all. In the modern era, IT complexity is a reality. The complicated nature of enterprise systems, disruptions to endpoints, and application compatibility contribute to the difficulty of packaging and deploying patches consistently and accurately across the enterprise. On top of this, end users have different needs. This requires extensive patch process customization, which is just not scalable. Too much needs to happen too quickly to protect an entire enterprise.
This is vital: The duration devices remain unpatched directly correlates with their vulnerability to potential threats. Because of this, security teams face immense pressure to expedite the patching process to reduce the attack surface. Conventional patching solutions could not distinguish processes for critical updates, which can be disastrous in this environment where there is a need for speed. As a result, patching becomes more reactive rather than proactive where customization wins out. Given the manual effort associated with patching, processes today remain far too lengthy, consequently prolonging device vulnerabilities and exposure beyond acceptable thresholds.
There is another issue: IT and security teams must collaborate and align despite disparate priorities. Administrators should decide which patches to prioritize while also managing stakeholders with differing business objectives, including security and operational concerns affected by patching.
And this is just a snapshot of the challenges with patch management.
But all is not lost.
Much more intelligent tools for patch management are now reaching the market, solutions that can rapidly and comprehensively address vulnerabilities, reducing manual effort by fully automating even the most complex enterprise patching processes.
Processes need to be modeled and policies defined just once, then whenever an update is released, it follows the process and policies accordingly. This includes complex scenarios for managing deployments, applications, devices, groups, locations, testing and approvals. And the end-user experience can be streamlined with consolidated notifications and reboots. Think about the hundreds of hours and improved compliance that could be saved over a year.
Better yet, with intelligent tools, patches can also be deployed rapidly, at scale, and accelerated for critical vulnerabilities or known exploits. As a result, machines will be compliant, the attack surface will be reduced, and organizational risk can be minimized. The value proposition for automation in this regard is huge.
Recognizing that automation can be scary for many teams, there are controls in place that should ensure confidence from all stakeholders. For example, in addition to approvals and notifications, administrators can monitor ongoing deployments, abort them if something’s not going well, and roll back installations as necessary. This can be manual or built into their automated processes. Administrators have total visibility into what’s happening and the authority to change or alter course, removing any perceived risks associated with automation.
In an odd twist of fate, the technology accelerating cyberattacks in the coming year will be the same technology that enables companies to accelerate their patching velocity and that gives enterprises a fighting chance. AI and automation will profoundly transform cybersecurity practices and solutions. Providing the speed and the intelligence to eliminate vulnerabilities through better, one important way is more efficient patch management.