Vulnerability assessments and patch management: more important than you think

As the number of people working from home remains at record levels, it’s important to remember that cybercriminals compromise home computer users and businesses in a variety of ways. One of the most popular and effective tactics is exploiting vulnerabilities in software, either in the operating system itself or in any third-party applications that are installed.

As you might expect, cybercriminals typically go after widely used applications and services, making things like the Windows operating systems and popular third-party software (PDF readers, office suites, browsers, packers, viewers, etc.) common targets. Of course, that doesn’t mean that these attacks won’t probe other applications – quite the opposite in fact. Cybercriminals will often check what software is in use to search for rare apps with severe vulnerabilities that were never patched.

While any vulnerability is dangerous, a vulnerability needs to be exploitable (i.e. used in real life) to do damage. So if software vulnerabilities are determined to be a high or critical risk, it requires immediate action.

Vendors and security analyst firms alike report that the number of vulnerabilities continues to climb from year to year. For instance, BeyondTrust reports that Microsoft vulnerabilities continued to rise in 2018, with 700 vulnerabilities discovered.

A report by Skybox security “2019 VULNERABILITY AND THREAT TRENDS”

Eliminating vulnerabilities requires software patches – updates released by a manufacturer to close security loopholes, add functionality, or improve performance. Some software vendors do this well, others don’t. In either case, there is always a time gap , since any patch release requires time.

The Equifax data breach, one of the biggest known data thefts to date, was successful because it was done via a known “critical vulnerability” in the Apache Struts software. That vulnerability was originally disclosed on March 7, 2017. Despite being alerted by the Department of Homeland Security on March 8, “Equifax did not fully patch its systems … leaving its systems and data exposed. On May 13, 2017, attackers began a cyberattack on Equifax which lasted for 76 days…”

Data from Edgescan’s 2019 Vulnerability Statistics Report reflects the typical time required to close a vulnerability in the modern software industry

It’s important to note that patching is typically only done for supported software. As soon as support for an older version of an application stops, it should not be used because the developer is no longer obliged to close security holes.

The bigger issues arise when patching isn’t transparent or automated, since neither personal users nor business admins are nearly as careful as they should be about regular patching. That’s why software developers are continuously improving and automating update procedures for their products. Microsoft, for example, has Windows Server Update Services (WSUS) for corporate environments and Windows Update for home users and home offices. These are update mechanisms for Windows-based applications. Companies like Java, Adobe, Google, Mozilla, and others also typically include their own update routines in the software they release. 

That said, none of those embedded update routines are perfect. Microsoft can only update its own software and can’t do anything about third-party software. That is only supported through the expensive Windows Server, which requires a lot of storage for updates and which has a management database prone to occasional corruption.

Other software developers only update their own apps and often require user interaction, which causes other issues since users tend to delay updates as long as possible to avoid an operating system restart. Alternately, users will install updates but not restart their machines, leaving their system vulnerable until it’s restarted.

That’s why specialized solutions, called patch management systems, exist. Unfortunately, these solutions often lack the required functionality and fail to meet customers’ expectations.

As a cyber protection company, Acronis covers all aspects of cybersecurity to ensure seamless business continuity for its partners and customers. Vulnerability assessments and patch management are important parts of Acronis’ cyber protection proposition, which centralizes your security posture in one management console and one agent, eliminating the complexity typical of security management.

Acronis vulnerability assessments and patch management functions meet all the expectations of small and medium businesses while providing detailed information about devices and applications running on the network. Vulnerabilities are classified according to an internal severity scale and required updates are fetched automatically and rolled out to different groups in a variety of ways by tweaking the corresponding protection plan.

Acronis distributes patches from its cloud servers around the world, but it also uses peer-to-peer patch distribution technology to prevent slowdowns during patch rollouts for non-Windows systems and third-party apps. Updates, upgrades, and applications can contain packages with very large files. Downloading and distributing them can consume network resources on the devices receiving them. That’s why Acronis uses delivery optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in a customer’s deployment.   

Unlike many competitive solutions, Acronis Cyber Protect’s vulnerability assessment supports not only Windows-based networks but also Linux networks. Its patch management capability includes a set of client management tools that automate a wide range of IT administration functions, saving time and resources. Acronis Cyber Protect’s patch management feature, for example, can patch endpoints located both inside and outside the corporate network, a capability that is frequently demanded by customers with remote and mobile users.

This patch management functionality can be used in unique safe restore scenarios from a full disk backup. As you may be aware, malware can be included in a backup – especially in full system backups. This can happen when there is no antimalware product on the machine being backed up, or if the antimalware solution wasn’t good enough to catch it. Acronis Cyber Protect is able to scan backups for malware and eliminate them so admins can restore a user’s machine from a “clean” disk image, free from malware.

More importantly, Acronis Cyber Protect can patch the system with the latest available updates automatically if the administrator enables this option – thus preventing live new worm epidemics. We’ve heard directly from companies where the network was compromised, the admin tried to restore machines from a full disk image, and they got infected all other again because net worm malware was using an unpatched vulnerability in the operating system.

Acronis Cyber Protect’s safe restore feature guarantees you’re protected by updating antimalware bases of the Acronis Cyber Protect agent in this full disk backup to the latest definitions and AI-models, so you can detect malware and prevent it from attacking already patched systems.  

New vulnerabilities are constantly being identified, so having a proven way to patch your systems and applications is critical. To learn more about how vulnerabilities are discovered and how exploits can be closed using a good patch management system, read our full white paper on The Importance of Vulnerability Assessment and Patch Management.

With Acronis Cyber Protect, your organization gains top-level vulnerability assessments and patch management functionality that provides a number of useful, unique features due to close integration between exceptional cybersecurity and an award-winning backup solution. To experience these capabilities for yourself, you can either schedule a demo of Acronis Cyber Protect or you can try it free for 30 days.