Patch

A Patch is a software component that is installed onto a device that modifies files or device settings. Patches are typically done to fix an issue with a device or software solution. Often times, patches are released by vendors to address a critical security bug, or vulnerability.

Purchasing Commercial-Off-The-Shelf (COTS) software helps ensure a steady development cycle that includes patches for the software running your business.  Just be aware that all software can go end-of-life and end-of-support which means the software developer will no longer issue patches to fix problems.  In these situations you need to upgrade to a more current version of hardware or software to continue to receive patches for your IT infrastructure.

Source: NIST

Additional Reading: What Is a Security Patch?  What is Vulnerability Management?

Related Terms: Commercial-Off-The-Shelf (COTS) Software, End-of-Life and End-of-Support, Software Life Cycle Development

What should SMBs being doing with Patching?

SMBs need someone responsible for software patching across all their devices and software solutions in use. This can be their own staff member or a 3rd party such as your Managed Services Provider (MSP). (Cybersecurity Maturity Model (CMM) Level 2)
 
Mature SMBs also need a process that guides a repeatable process to follow when a critical risk or vulnerability is identified in order to reduce the threats those risks place on your organization.  Having a repeatable and agreed upon process for responding to vulnerabilities is part of any strong cybersecurity program. (CMM Level 3)
 
The next level of maturity in any cybersecurity program beyond a process for patching vulnerabilities is a process for testing your network for vulnerabilities and missing patches, at risk hardware, and insecure configurations. This is known as vulnerability scanning and is most beneficial for SMB’s that have strong processes for patching and vulnerability management as the next step up the cybersecurity maturity scale. (CMM Level 4)
 
Most SMBs will never get beyond level 4 on the Cybersecurity Maturity Model relating to patches and vulnerability management.  However, just so you know, one way to begin to achieve CMM Level 5 is to deploy a Network Access Control solution that allows or denies devices connecting to your network based upon a real-time assessment of the device to validate patch levels, security hardening of the device, and monitoring agents.  Not a strong investment idea for your typical SMB.

To learn more about Patching, watch this short 5 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Sign Up Today!