The cyberattack landscape grows increasingly ominous. Businesses need to protect themselves from sophisticated ransomware attacks designed to evade detection until they’ve spread throughout a network to supply chain attacks that come through trusted applications. But, one of the biggest cybersecurity threats continues to be unpatched vulnerabilities. A report from Tenable points out that vulnerabilities discovered back in 2017 are still giving actors a way in. Furthermore, IBM reports that the costs of cyberattacks that hit their mark are skyrocketing, with data breaches totaling $4.45 million in 2023, an increase of 15 percent compared to the costs in 2020. This all adds up to the crucial need for businesses to follow patch management best practices.
Ali Karimi, CEO of California-based GTI and member of The ASCII Group, shares his insights into ensuring his clients’ systems are up-to-date with patches and how his company efficiently offers this service.
How do you prioritize updates?
Karimi: We update systems with our remote monitoring and management (RMM) tool. We allow updates based on category and only push critical updates. We run a random audit to ensure all systems are patched and following our security baseline, and we avoid pushing unnecessary updates. If it’s a build update, we will wait a bit to get a response from the community before we push it.
Patch scheduling is set with the customer agreement, which days of the week we push the updates and force the reboot; if it is a significant critical update, we always communicate with the customer to do it ASAP instead of waiting for the scheduled date.
How do you keep an up-to-date inventory of a client’s IT assets?
Karimi: The first step we always perform is identifying a go-to contact person for each customer. This person has the most knowledge of their operation and has the authority to make decisions. We run an SNMP-enabled scan on their site to discover all equipment connected to the network. The results will be exported to a spreadsheet. This is an ongoing active scan, and if any new devices are added to the network, the list will be sent to the contact person to verify.
How do you make sure your team is informed of new vulnerabilities?
Karimi: The best way to get vendor updates is to sign up for ongoing updates. However, the reality is that most vulnerabilities are out before vendors know or announce them. After all, announcing a vulnerability requires a patch, which may take some time. Our best source to stay informed about vulnerabilities is Google Alerts.
How do you address keeping open-source apps up to date?
Karimi: With open source applications, we use Google Alert to get informed about any changes/security alerts and patches about the application and do our best to limit internet access to them, if possible.
What Can You Add to This List of Patch Management Best Practices?
Have you found ways to streamline patch management for your team and increase the value you provide to your clients? We’d love for you to share them with our readers. We welcome contributed articles and ideas. Reach out today to share your thought-leadership content. https://www.xaasjournal.com/contact/
About The ASCII Group, Inc.
The ASCII Group is the premier community of North American MSPs, MSSPs, VARs and solution providers. The group has over 1,300 members throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members, including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more. ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs grow their businesses. For more information, please visit www.ascii.com.