Check out this recent infographic commissioned by Skype, and you’ll see why you shouldn’t trust the patching of your workstations to be left to your end users. According to the survey results, 40% do not always update their software when prompted to do so. The reason? Half of users don’t see a benefit to doing so, nor do they understand the impact of the upgrade. Nearly one-third of respondents think patching takes too long.
This can be very problematic, especially as we are seeing an increase in BYOD, and according to a joint survey by SolarWinds & Network World, 27% of IT pros are not at all confident on the level of visibility into personal devices accessing the corporate network.
This is also very concerning because applications residing on workstations are the kind that have critical vulnerabilities. Just take a look at 3rd party updates and you can see that many of the critical patches in recent months are for applications like Chrome, Firefox and Flash. In this other article from ars technica, Peter Bright reveals that 37% of Firefox users are running older versions of Firefox that are not being updated (by Firefox) with critical patches for known vulnerabilities.
How can you control whether applications on endpoints are protected from the latest known vulnerabilities?
- Implement a policy to patch desktops, determining which and when these applications should be patched. For example, your policy should outline timing of patching all on-line workstations, and when off-line workstations are updated.
- Enable the Network Access Policies (NAP) feature of Windows Server 2008. This feature was designed exactly for the scenario of a guest device desiring to connect to the network. With NAP, before the device is allowed to connect, it must have certain requirements, e.g. current AV signature files; all security patches applied, etc.
- Ensure these policies can be timely adopted with automated patch management software. Automated patching software will help you very quickly inventory computers that are at risk, provide pre-built/pre-tested patches and will deploy patches to the right computers at the right time (within maintenance schedules), automate system re-boots and so forth.
- Educate end users on the logic behind how frequently updates are made, examining the trade-offs between system downtime and risk of vulnerability.
Security incidents can be very costly and damaging to your business. Responsibly protect your company’s reputation and assets with a sound patching strategy for all end users accessing the corporate network.
If you have not done so already, download a free 30 day trial of Solarwinds Patch Manager and automate the patching process for your endpoints.