Patching has a couple of things in common with cutting your fingernails: Both tasks completely lack the entertainment factor and people will turn away from you if you don’t do them on a regular basis.
I’ve put my fingers to the keyboard and typed some tips to help you optimize your patching process and release time for more interesting activities.
1. Automate to optimize patching process.
Remember the good ol’ days with only Microsoft OS in the machine park and new patches available on Patch Tuesday? Those were the days.
Today, real-time patch management allows your business to operate without any hiccups or delays in your system. With automated processes, you can implement patches as soon as an issue arises, without anyone knowing or getting disturbed.
Automation can help you ensure that patches are applied to all devices. That allows you to stay focused. When updating fails – which it eventually will on some devices – the system should warn you, so you only have to spend time, where it matters in order to getting everybody up-to-date. Automation will take care of most of your machines leaving you with only those machines requiring your attention. In addition, automation will validate your manual work – ensuring that all and any machine are patched.
2. Hackers don’t care about your weekly patching routines.
Some network administrators are still caught up in habits from the Patch Tuesday era. And some MSPs assign time for maintenance to various clients on specific days of the month, such as updating servers every first Sunday of the month, etc.
When it comes to patching, it is always better to patch as soon as each patch becomes available instead of doing all the patches in weekly or biweekly cycles. Hackers, unfortunately, do not respect patch cycles, and try to exploit weaknesses whenever possible, so never postpone your patching.
At Panorama9 we do more than just recommend this—we’ve built a strong tool for patch management. Over the years, we’ve seen and heard from quite a few companies that did not apply patches in time. Moreover, there’s a reason why important patches are released immediately and are not held in waiting for the next weekly cycle of releases. Does your patching process deal with that?
3. Reboot at convenient o’clock.
When patches are applied, the final—and most inconvenient—part of the job begins: rebooting the machines!
Some admins just force a reboot on users machines. Without any warning, applications close before the users have a chance to save whatever they’re working on.
Rebooting your servers is an even bigger issue. The outage needs to be done when it is least disturbing to your users, and that’s typically at night.
If you didn’t cut your fingernails already, there’s a good chance you will start biting your nails while waiting for the mail server to come online again and hoping that it does not refuse to start the MS Exchange services.
The inconvenience of rebooting machines does put security at risk. On any given day, 8.9 percent of the machines monitored by Panorama9 report that one or more patches have been installed but that a reboot must be done before the vulnerable code is flushed from memory. In addition, 13.4 percent haven’t been updated in the last 60 days, either because a reboot is required or simply because nobody applied the needed patches—because that would result in an inconvenient reboot.
Smart MSPs setup the autosave function on users’ machines and schedule the reboot to happen during the least used periods. Here are more details on how to reboot machines in smart and convenient ways.
I hope you’ve found some good ways to optimize your patching process. Feel free to write a comment or contact us, if you have other tips.