本视频涵盖了补丁管理的基础知识,包括它是什么以及为什么它很重要. You’ll also learn about the common sources of patches—OS vendors, 应用程序供应商, 以及网络设备供应商,以及补丁管理工具如何帮助您修复漏洞.
Common areas that will need patches include operating systems, 应用程序, 和 embedded systems (like network equipment). When a vulnerability is found after the release of a piece of software, 可以使用补丁进行修复. 这样做有助于确保环境中的资产不容易被利用.
为什么补丁管理很重要?
Patch managers are important for the following key reasons:
安全: 补丁管理可修复软件和应用程序上易受影响的漏洞 网络攻击, helping your organization reduce its security risk.
系统正常运行时间: 补丁管理确保您的软件和应用程序保持最新状态并顺利运行, 支持系统正常运行时间.
合规: 随着网络攻击的持续增加, 监管机构经常要求组织保持一定程度的遵从性. Patch management is a necessary piece of adhering to 遵从性标准.
Patch management is a vital part of every 脆弱性管理 s解决. 然而, 采用一致的补丁管理方法并不总是意味着对所有可以看到的东西都进行修复. 当一个漏洞被识别出来时,你基本上有三个选择:
安装补丁 for the vulnerability, if available, to fix the issue.
实施补偿控制 so the vulnerability is mitigated without being fully patched. This route is common when a proper fix or patch is not yet available, 和 can be used to buy time before eventual remediation.
接受风险 posed by that vulnerability 和 do nothing.
在特定情况下,由组织决定哪种选择最适合他们, though patching is the ideal treatment to ultimately strive for.
术语“补丁管理”和“漏洞管理”有时可以互换使用, but it is important to underst和 the difference. Though both strategies aim to mitigate risk, 补丁管理(管理软件更新的过程)的范围是有限的.
To gain a deeper underst和ing of your environment 和 make informed, 有效的决策, 您需要通过漏洞管理转向更全面的方法. 脆弱性 management is a continuous process of identifying, 优先级, 医治, 报告系统中的安全漏洞以及在其上运行的软件.
5补丁管理操作步骤
Patch management is a critical component of 脆弱性管理, 但这只是拼图的一部分. 成功地将补丁管理嵌入到漏洞管理程序中, the following steps should be implemented:
建立资产管理. 您降低风险的能力取决于您对环境的可见性. 资产管理解决方案可以帮助您全面了解所拥有的资产以及与每个资产相关的漏洞. 有了这些知识, you are equipped to prioritize vulnerabilities, 纠正问题, 和 communicate effectively with stakeholders.
优先考虑漏洞. With limited time 和 resources 和 an ever-changing threat l和scape, 认为可以在每一个漏洞出现时就修复它是不现实的. 因此,优先级是漏洞管理中最关键的方面之一.
修复漏洞降低风险. Identifying 和 优先级 vulnerabilities is important, 但如果你不纠正这些问题,你实际上并没有降低风险.
Measure the success of your 脆弱性管理 program. 无论漏洞管理解决方案有多少奇特的特性, 只有当它满足组织的独特需求并为您和您的团队增加价值时,才值得投资. 为了确定你是否获得了良好的投资回报率,并向高层领导证明购买的合理性,你必须确定如何衡量成功.
发展伙伴关系和支持. 当事情出错时, 你想知道你有一个可以依靠的团队来帮助你解决问题.
补丁管理计划的好处
更安全的环境: When you’re regularly patching vulnerabilities, 您正在帮助管理和减少环境中存在的风险. This helps protect your organization from potential security breaches.
快乐的客户: 如果您的组织销售的产品或服务需要客户使用您的技术, you know how important it is that the technology actually works. Patch management is the process of fixing software bugs, which helps keep your systems up 和 running.
没有不必要的罚款: 如果你的组织没有打补丁, 因此, 不符合合规标准, you could be hit with some monetary fines from regulatory bodies. 成功ful patch management ensures that you are in compliance.
在组织库存中的所有资产都可以使用新补丁时,不考虑其影响就安装新补丁,这将是一个糟糕的策略. Instead, a more strategic approach should be taken. Patch management should be implemented with a detailed, 既节约成本又注重安全的组织过程.
Develop an up-to-date inventory of all your production systems: Whether this be on a quarterly or monthly basis, 这是真正监控生态系统中存在的资产的唯一方法. 通过勤勉的资产管理, you’ll have an informed view of operating systems, 版本类型, 和存在的IP地址, along with their geographic locations 和 organizational “owners.“一般来说, the more frequently you maintain your asset inventory, 你就会了解得越多.
制定一个将系统和操作系统标准化为相同版本类型的计划: 虽然很难执行, 标准化您的资产清单使补丁更快,更有效. 您将希望将您的资产标准化到一个可管理的数字,以便在发布新补丁时加速您的修复过程. This will help save both you 和 technical teams time spent 医治.
列出组织内的所有安全控制措施: Keep track of your firewalls, antivirus, 和 漏洞管理工具. You’ll want to know where these are sitting, 他们在保护什么, 以及哪些资产与它们相关联.
Compare reported vulnerabilities against your inventory: 使用漏洞管理工具 评估生态系统中哪些资产存在哪些漏洞 is going to help you underst和 your security risk as an organization.
风险分类: 通过漏洞管理工具,您可以轻松地管理哪些资产对您的组织至关重要, 因此, prioritize what needs to be remediated accordingly.
贴片: Once you’ve prioritized what needs to be remediated first, start patching to actually reduce the risk in your environment. More advanced 漏洞管理工具s also offer the ability to automate the time-consuming parts of the patching process. Consider rolling the patches out to batches of assets; although you already tested in your lab environment (you did do that right!?) there may still be unexpected results in production. 在跳进去之前先试几下,这样就不会有任何大范围的问题.
跟踪你的进步: Reassess your assets to ensure patching was successful.
补丁管理最佳实践
在实施补丁管理时需要牢记的一些最佳实践包括:
Set clear expectations 和 hold teams accountable: 利用组织协议, 比如服务水平协议, 能控制团队吗, 和 ensure that the work of reducing risk is actually being done.
Work collaboratively with technical teams to ensure a common language: Security teams often refer to software errors as a “risk,” whereas IT/DevOps teams may use the term “patch.“确保每个人都在同一页,并认识到补丁的重要性是一个成功的补丁管理过程的关键.
建立灾难恢复流程: In case your patch management process does fail 和 causes issues, it’s always a good idea to have a backup plan.
Latest Patch Updates, Vulnerabilities, 和 Exploits
查看报告的最新补丁 by the Rapid7 experts on the Patch Tuesday blog