Today’s article starts with a look at the problems that can arise when faulty patches are applied across a corporate network. Then we’ll look at how a capable patch management program like BatchPatch or Solar Winds Patch Manager can lessen the risks.
The Need for Patches
Most of us think of patches in terms of Microsoft’s Windows system. In reality all software can potentially contain bugs susceptible to exploit based attacks. As a software behemoth Windows just has the greatest potential for weaknesses.
The system is simply vast. The sheer quantity of code means that new vulnerabilities are found with predictable frequency. Other software isn’t immune though. Microsoft’s integrated browsers Edge and Internet Explorer both see their fair share of updates come ‘patch Tuesday’.
Nor are third-party tools immune. The regular updates offered for programs like Chrome, Firefox and Java are frequently designed to patch weaknesses. No one could deny the need to apply updates in a timely fashion.
The Problem With Patches
The issue that comes up time and again is with faulty patches. It can sometimes seem that updating is more trouble than it’s worth. Certainly many network administrators have faced questions like ‘Why do we need to update at all?’
Patches may be inherently faulty. The new code may not sit correctly within the system or program it’s applied to. But more often the problem’s more complex.
The old saying ‘no man is an island’ could equally be applied to a computer program. No program (or system) functions entirely alone and independently. It interacts, constantly, with the wide array of other programs that populate its Universe.
And there’s the rub… The real issue with updates is that they have to play nice… with every other program they might ever bump into!
In an enterprise environment it’s common to find custom built programs that fulfill a single niche requirement. The nature (and quality) of such programs is so varied that their interaction with other programs is often unpredictable.
Start applying regular updates within this environment and you has a recipe for disaster.
Patch Management – A Measured Approach
The safest way to apply patches in this context is via purpose built patch management software. Two of the stand-out products in this field are BatchPatch and Solar Winds Patch Management. The two share some functionality and are both capable products we are happy to recommend.
The primary purpose of a patch manager is to provide a simple, centralized ‘control-panel’ for patch-deployment. A network administrator can issue updates in a careful, controlled and selective way to systems and programs right across their network.
The benefit of this approach is that it allows for simplified testing of new patches. The risky ‘try it and see’ approach of issuing all available updates to all networked machines can be abandoned.
Patches can be trialled one at a time on non-mission-critical devices. Working quickly but carefully in this way allows administrators to achieve both security and stability across the network they manage.
We hope you’re already enjoying the convenience and safety of effective patch management. If not we strongly recommend you download and try BatchPatch or Solar Winds Patch Manager ASAP.
The benefits will soon be clear.