On average, how long does it take your organization to roll out a critical path to endpoints?

October is National Cyber Security Awareness Month (#NCSAM), and one of the topics I like to bring up is security patching. Just about every IT leader will tell you that timely security patching is a priority for their organization. So, why did the ControlScan 2019 Managed Detection and Response Report find that 43% of IT teams are taking more than a week to implement even the most critical of security patches?

The software and application security holes failing to patch creates open the door to attackers entering and wreaking havoc on your business IT network. Our SOC analysts see it just about every day, but some recent examples include unpatched web servers leading to attempts to install cryptocurrency mining software, unpatched remote desktop/VDI systems exposing direct network access, and vulnerable back office computers falling victim to malware due to unpatched web browsers.

Time is risk

The clock begins ticking as soon as a security patch is released. Thats because the forums and notifications releasing these patches arent just monitored by IT pros, theyre also watched by hackers and cyber criminals. And, in some cases, the vulnerability identified by the patch is already well known and being actively exploited in the wild.”

There is a lot of malware out there today and most of it takes advantage of unpatched vulnerabilities. In fact, a recent Ponemon study found that nearly 60% of breached organizations were operating with a known vulnerability they hadnt gotten around to security patching.

Attackers go to work the moment a patch release is announced, utilizing exploit kits to take advantage of the now-public vulnerabilities. Therefore, the longer you wait to roll out a patch to your organization, the greater the risk that you will be compromised.

Time is money

The ControlScan report also notes that on average, IT teams are spending only 40 hours a month on security log and endpoint security monitoring. There are 280 hours alone in a week for 24/7 monitoring coverage, so that average of 1.3 hours per day just isnt going to cut it.

When its combined with the missing security monitoring component, a lack of priority in implementing security patches can be potentially disastrous. Lets say an attacker exploits your unpatched vulnerability within the first week of a patch release, but it takes you a month to implement the patch. Without anyone to actively detect and respond to threats in your network, that attacker will continue to operate unnoticed for an indefinite period of time.

When the intruder finally is discovered, your organization could be looking at significant financial repercussions as it performs analysis on the breach and the impact to the organization.

Patch early, monitor always

So how fast is fast enough? Patching ASAP, especially when its a critical patch, is the way to go. Unless there is an extenuating circumstance, all security patches should be implemented within a week of their release. Im a firm believer that those who wait months to apply patches are the reason we have botnets!

If it isnt already taking place, round-the-clock monitoring should also be one of your top security operations goals. Evidence of malicious activity can be found in log records and machine data generated by your networked systems, security devices and applications—but only if someone with the appropriate tools, expertise and bandwidth is actively looking for it.

Contact us today to learn more about how to maximize your cybersecurity functions by supplementing your organizations security threat management efforts.

*PDI acquired ControlScan Managed Security Services (MSS) for their extensive industry knowledge, trusted security expertise, and tools that simplify the complexity of managing, monitoring, and protecting data against cyber threats. We invite you to learn more.