Muhammad Bin Naeem

Title: 3 Patch Management Strategies Keyword: None Word Count: None Instructions: Update in Place (Traditional approach of updating an OS. When is this a good idea?) Update an Image & Release (Update a base AMI, and use that to update servers e.g. app servers. When is this approach good?) Patching in a Container World (Exploring container security: How containers enable passive patching and a better model for supply chain security) 3 Patch Management Strategies Operating cloud servers at scale is challenging. It takes a diligent operations team to make sure that regular maintenance is performed. If things go wrong, the team must also be able to rapidly respond and resolve any issues. This article looks into some of the specific patch management strategies in server administration and talks about how InfraGuard can help. The Constant Need For Patch Management Cybersecurity threats are everchanging and evolving, exploiting well-known vulnerabilities to breach into a system. As soon as a vulnerability is discovered, cyberattacks targeting this vulnerability start to take place. Thus, the need for patch management is constant and everlasting. The basic underlying process of all patch management strategies is the process of researching, testing, and then the deployment of patches to production systems and applications. In addition to deploying a patch against cybersecurity threats, patch management strategies also streamline to process of: Making changes in existing code Fixing bugs Adding addition features In this article, we will look into three specific patch management strategies for: Updating In Place Updating An Image & Release Patching In A Container World Patch Management Strategy: Update in Place Both Windows and Unix based systems release regular updates that need to be applied to the systems. Traditional Approach Using the traditional approach only one user can update at a time. When you update-in-place, you read records, process them, and write them back to their original positions without destroying the remaining records. Trying to update in place using the traditional approach is extremely tedious, timeconsuming, and error-prone. There are a great number of things that can go wrong, including: Setup Errors System Freeze Data Loss Permissions Issues This list goes on quite a long way. When Is This A Good Approach? The traditional approach makes sense for a really small organization with a humble infrastructure. But when it comes to enterprises and corporations with large system infrastructures the traditional approach can take months to perform a single update or patch iteration. Such organizations must use solutions such as InfraGuard to automate the entire process. Patch Management Strategy: Update An Image and Release When it comes to updating an Image & Release before the following steps should be taken as the basic strategy for patch management: Check the versions that are available from your configured publisher origin. Display the list of packages that will be updated without actually performing the update. To update your operating system release, check the available versions of the entire incorporation package. If none of these versions is what you want, then you need to set your publisher’s origin to a different package repository location. Update each package from the publisher that provided the currently installed version. Any installed packages that do not belong to the entire incorporation should also be updated. All installed packages should be updated to the newest version allowed by the constraints imposed on the system by installed package dependencies and publisher configuration. When Is This A Good Approach? This approach is good when downtime is not a big issue since employing this approach for updating Image & Release involves a reasonable amount of downtime. Patch Management Strategy: Patching In A Container World Incorporating containers in patch mangement imparts trememdeous benefits and thus their utlization is increasing with each passing day. Using containers can: Provide software supply chain. Enable continuous and automatic patch management. Inform if you are being affected by a new vulnerability. Make Google more secure and more reliable. Not only this, containers also enable you to automatically Update Red Hat Container Images on OpenShift. Some of the steps for a good patch management strategy, when it comes to patching in a container world, are mentioned before: Build a new image with the patches and restart the container. By doing so you will be able to reduce the scale of patching issues and at the same time improve security. Run image scanning on your deployed container images on a regular basis in order to get alerts when a new vulnerability has been found that affects your code. Shif security left to developers, this will give them more awareness of issues, and stop security from being treated as an afterthought. The InfraGuard Process With InfraGuard you create a policy once, attach it to your desired servers and relax. InfraGuard will make sure your servers are scanned and updated at the set intervals or selected dates. In addition, InfraGuard also provides the following functionalities: Only Scan and Both Scan & Install options are available. You can filter which category of patches to be installed for Windows and Linux. InfraGuard shoots an email with detailed report every time a server is scanned or patches are installed. If reboot is required after patch installation, it will happen automatically. No human intervention required. Patch management made effortless by InfraGuard Increase security of your systems with better patch management: Create multiple patching scenarios by using policies, scripts or simple clicks. Automate your patch management as per your company policies. Receive detailed email reports after every scan or install. Filter and selectively install patches. Manage Instance images of any cloud provider without leaving InfraGuard.