Showing results for 
Search instead for 
Did you mean: 

So, You Need to Patch! But Why, What, When, and How?

Level 14

As system administrators, we definitely know that we need to patch all the software and 3rd-party apps in our system’s environment. Software patching is a part of our IT role that we do frequently. For IT administration, there are typically two approaches that you normally look at patching software.Patch.png

  1. You are proactive and watch out for the latest patch updates from vendors and patch them pronto.
  2. You really don’t care what version of software you’re running in your enterprise. If you see a lot of buzz in the industry about a particular software version being insecure, your organization might go all uproarious about security and vulnerability and compliance. At that point, you suddenly realize you should have applied the patch and scurry to do a patchwork before hackers break down your firewall barriers.

I know you don’t want to be the second guy, but we do end up becoming that sometimes. And that is because we don’t comprehend the full gravity of patch management and the upshot of not doing it soon enough.


Why Patch?

Let’s look at some top reasons why you need to apply software patches and update applications in your IT infrastructure.

  • Your current application version is not secure anymore. There can be vulnerabilities in your software which could compromise the security of your network’s data and IT assets. That’s why the vendor has released a security fix.
  • Your organizational IT policy now states that you have to run a specific version of an application on some specific platforms. It’s time to apply patches to update those apps.
  • Compliance is a key requirement for all organizations. You don’t want to run insecure and potentially vulnerable apps and get penalized for non-compliance.
  • You simply don’t want any data breaches and security compromises and later bear the brunt of the resulting casualties including data loss, monetary loss, tarnished reputation, and the cost of repair and redemption.

What to Patch?

There are likely a lot of patches that you need to apply on both your servers and end-user workstations. Much of this is software that gets patch updates from their manufacturers and released online to be downloaded and installed. Patches are often required to ensure the proper functionality and security of the following items:

  1. Your operating system
  2. Your browsers
  3. Your anti-virus software
  4. Vulnerable apps with frequent exploits such as Java® and Adobe®
  5. Chat messengers and online VoIP apps

Also, any other 3rd-party apps and software that you run which gets security fixes and patch updates from vendors.

When to Patch?

To ensure the security of your data and IT infrastructure, it’s a good idea to apply patches as soon as the manufacturer releases them, and when you have finished testing them in your environment (so they don’t break your system or cause any unprecedented failures).

Patching is better done sooner than later so actively watch for patch updates. Maybe you can subscribe to some vendor alerts to receive timely patch updates. One security issue includes zero-day exploits that can compromise your system security through non-updated and vulnerable software. Another risk is malware that sneaks in onto your system via the unpatched apps and gradually starts causing damage and stealing secure data.

Patch before they hatch – the exploits!

How to Patch?

The process of patching can get complicated. For example, you might need to patch either the same or different applications running multiple systems, in multiple platforms, in distributed locations and network environments—and you can’t do it manually on a system-by-system basis. Then, what about the status of the applied patch? How do you know if it was successful or not?

Patch management is part of the larger IT administration and security strategy where organizations leverage centralized and automated patch distribution solutions to patch their system’s environment.

With the “how” of patch management, it is key to understand as much as you can about the status and success rate of patches. To efficiently manage patches, you need the capability to:

  • Automate patch management so you save a ton of time and increase operational expenditure value.
  • Benefit from bulk patch deployment so you can improve productivity by patching thousands of systems at the same time.
  • Gain access to pre-tested patch catalogues so all you need to do is deploy the patch and not worry about whether it’ll work okay and not impact any other running apps or the system itself.
  • Receive notifications and reports on patch statuses, as well as when, where, and who applied the patches and whether they were successful.
  • Discover the status of application versions and unpatched statuses by conducting a vulnerability analysis and asset discovery.

Patch management is not just another IT task. It’s an organizational IT mandate that has both compliance and information security implications. Choose the best patch management solution that can simplify your organization-wide patch management process and scale up to meet your growing systems and application patching needs.

Visit PatchZone and learn more about patch management!

Level 8

Hi Sir, just want to inquire how are we going to implement the patches immediately if we don't have Test Servers/Test Environment?

That's what makes our job difficult.

Level 14

Hello jmariano,

As much as it is vitally important to test patches before deployment, we may not have the time and set-up to do that. But there are software solutions like SolarWinds Patch Manager that offer pre-tested, pre-built application packages for patching based on third-party vendor updates. Our R&D team researches for patch updates for a large number of third-party apps, tests them on different platforms, and packages them for out-of-the-box availability so that you can just choose to deploy them right away.

As Lawrence Garvin, our resident patch guru and Microsoft MVP, mentioned in his PatchZone blog, "you can also use snapshots (virtualization capability) to test patches. Take a snapshot of each virtual machine before applying a patch, or patches. If any issues occur after patching, simply apply the snapshot to restore the machine to the pre-patch state and decide if the patch is important enough to find another way to install it. This can be an effective way to identify a single problematic patch out of a larger group with no risk to production systems."

Hope this helps!

Level 8

thanks a lot Sir. all we need to do is to established our scheduled Server Maintenance and proper coordination with the application team.

the snapshot helps a lot.

Level 15

Thanks for the posting.  Good information.