An Out-Of-Band (OOB) Patch is a security update released outside of the normal frequency. Typically, Microsoft releases patches on the second Tuesday of each month, called Patch Tuesday. When there are security updates or patches released not on the second Tuesday of the month, that would be considered an OOB patch.
The typical reasoning for releasing an OOB patch is the emergence of an unexpected, widespread exploit. A good example is a zero-day exploit, which takes advantage of a security hole on the same day that the vulnerability becomes known. Typically, when there is an OOB patch released, it’s something that you should take seriously and you and your organization should take action immediately.
What does this mean for an SMB?
Every SMB should have a process for handling critical vulnerability alerts in order to quickly assess risk and make important, time-sensitive decisions, on how to react. With a Vulnerability Alert Management Process (VAMP) in place, you can have a clear guide to when to jump and how high to jump for a given vulnerability or exposure.
In order to stay up to date at all times, it’s important to deploy a cloud-based patch management solution to automatically update software whenever and wherever necessary. Most Managed Service Providers leverage one of the big three Remote Monitoring and Management (RMM) solutions (Connectwise, Datto, and Kaseya) for patching their managed systems. These RMM solutions also provide monitoring, and remote access in addition to tested and validated patching services to their clients.
Standalone patch management solutions for companies not using the above-mentioned RMM solutions include ManageEngine and Automox.
SMB PROTECTIONS BEYOND PATCH MANAGEMENT
In addition to adopting a patch management system, CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
- Adopt a password manager for better personal/work password hygiene
- Require two-factor authentication on any SaaS solution or critical accounts
- Require 14+ character Passwords in your Governance Policies
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Backup data using the 3-2-1 method
- Incorporate the Principle of Least Privilege
- Perform a risk assessment every two to three years
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.