WEBVTT 1 00:00:00.000 --> 00:00:02.040 In this lesson, we will learn 2 00:00:02.040 --> 00:00:04.170 about automated patching. 3 00:00:04.170 --> 00:00:06.810 Automated patching is the process 4 00:00:06.810 --> 00:00:09.990 of automatically applying software updates 5 00:00:09.990 --> 00:00:11.850 and security patches 6 00:00:11.850 --> 00:00:16.500 to systems and applications without manual intervention. 7 00:00:16.500 --> 00:00:20.160 This involves scheduling or triggering updates 8 00:00:20.160 --> 00:00:22.890 based on predefined criteria, 9 00:00:22.890 --> 00:00:25.950 such as the severity of a vulnerability 10 00:00:25.950 --> 00:00:28.800 or a predefined maintenance window. 11 00:00:28.800 --> 00:00:31.800 In this way, scheduling and triggering 12 00:00:31.800 --> 00:00:35.400 ensure that network disruptions are minimized, 13 00:00:35.400 --> 00:00:39.660 and that organizations stay ahead of potential threats 14 00:00:39.660 --> 00:00:43.950 by ensuring all systems are consistently updated 15 00:00:43.950 --> 00:00:46.650 with the latest security fixes. 16 00:00:46.650 --> 00:00:49.530 Let's learn more about automated patching. 17 00:00:49.530 --> 00:00:52.110 Automated patching is the process 18 00:00:52.110 --> 00:00:56.160 of applying software updates and security patches 19 00:00:56.160 --> 00:00:58.200 to systems and applications 20 00:00:58.200 --> 00:01:00.990 without needing manual intervention. 21 00:01:00.990 --> 00:01:04.380 In this context, updates are generally used 22 00:01:04.380 --> 00:01:07.950 to add new features or improve functionality, 23 00:01:07.950 --> 00:01:11.430 while patches specifically address and fix 24 00:01:11.430 --> 00:01:15.270 security vulnerabilities or bugs in software. 25 00:01:15.270 --> 00:01:19.020 In this discussion, we will refer to this process 26 00:01:19.020 --> 00:01:21.030 as automated patching. 27 00:01:21.030 --> 00:01:23.550 Recognizing the concept and planning 28 00:01:23.550 --> 00:01:27.990 for both updates and patch automation can be the same. 29 00:01:27.990 --> 00:01:31.860 So automated patching ensures all systems 30 00:01:31.860 --> 00:01:35.400 are regularly updated against vulnerabilities. 31 00:01:35.400 --> 00:01:38.940 The scheduling and triggering of automated patching 32 00:01:38.940 --> 00:01:42.540 then helps organizations maintain security 33 00:01:42.540 --> 00:01:45.210 while minimizing network disruptions, 34 00:01:45.210 --> 00:01:48.510 typically by planning for updates to happen 35 00:01:48.510 --> 00:01:50.790 during defined maintenance windows, 36 00:01:50.790 --> 00:01:53.760 or in an unplanned maintenance window 37 00:01:53.760 --> 00:01:58.020 in response to specific criteria such as high 38 00:01:58.020 --> 00:02:01.950 or critical severities of vulnerabilities. 39 00:02:01.950 --> 00:02:05.490 For example, an organization might schedule 40 00:02:05.490 --> 00:02:10.170 automated patches to deploy critical security updates 41 00:02:10.170 --> 00:02:15.170 across all its servers overnight within 24 hours of receipt. 42 00:02:15.960 --> 00:02:19.590 This approach ensures network vulnerabilities 43 00:02:19.590 --> 00:02:21.180 are addressed quickly, 44 00:02:21.180 --> 00:02:23.850 without waiting for manual approval 45 00:02:23.850 --> 00:02:25.890 and without risking exposure 46 00:02:25.890 --> 00:02:29.520 or downtime during business hours. 47 00:02:29.520 --> 00:02:32.730 But do we need a program to manage this? 48 00:02:32.730 --> 00:02:34.530 Well, yes, we do. 49 00:02:34.530 --> 00:02:36.660 One of the best ways to secure 50 00:02:36.660 --> 00:02:40.170 or harden network workstations and servers 51 00:02:40.170 --> 00:02:44.010 is to adopt an effective patch management strategy 52 00:02:44.010 --> 00:02:45.900 and program. 53 00:02:45.900 --> 00:02:49.050 This is better than implementing one patch 54 00:02:49.050 --> 00:02:52.860 or update at a time where each implementation 55 00:02:52.860 --> 00:02:56.040 is planned for as a new event. 56 00:02:56.040 --> 00:03:00.720 That way, when external software developers identified bugs 57 00:03:00.720 --> 00:03:04.620 or security issues and release patches or fixes, 58 00:03:04.620 --> 00:03:07.500 the patches are immediately implemented 59 00:03:07.500 --> 00:03:10.230 to address security vulnerabilities 60 00:03:10.230 --> 00:03:14.040 across operating systems, applications, 61 00:03:14.040 --> 00:03:16.920 cloud instances, and firmware. 62 00:03:16.920 --> 00:03:20.460 Patch management tools can facilitate this. 63 00:03:20.460 --> 00:03:23.610 An example of a patch management tool 64 00:03:23.610 --> 00:03:28.610 is Microsoft Systems Center Configuration Manager, or SCCM, 65 00:03:30.120 --> 00:03:34.560 which helps streamline patching across enterprise networks. 66 00:03:34.560 --> 00:03:37.920 Tools like SCCM make it easy 67 00:03:37.920 --> 00:03:42.360 by automatically checking endpoints for required patches 68 00:03:42.360 --> 00:03:46.800 and then automatically deploying patches across the network, 69 00:03:46.800 --> 00:03:51.630 reducing the need for manual oversight and intervention. 70 00:03:51.630 --> 00:03:53.850 However, some administrators 71 00:03:53.850 --> 00:03:57.300 may still manually apply patches to sensitive 72 00:03:57.300 --> 00:04:01.500 or high value systems to minimize the possibility 73 00:04:01.500 --> 00:04:05.640 of unexpected disruption or compatibility issues 74 00:04:05.640 --> 00:04:09.210 that could impact critical production operations. 75 00:04:09.210 --> 00:04:12.900 Still, automating as much of the patching process 76 00:04:12.900 --> 00:04:17.460 as possible benefits IT and client systems 77 00:04:17.460 --> 00:04:19.470 by maintaining security 78 00:04:19.470 --> 00:04:22.440 while reducing administrative effort. 79 00:04:22.440 --> 00:04:26.250 If a patch management process is slowed or delayed, 80 00:04:26.250 --> 00:04:28.710 risk is directly incurred. 81 00:04:28.710 --> 00:04:31.530 This is because when manufacturers 82 00:04:31.530 --> 00:04:33.750 release significant patches, 83 00:04:33.750 --> 00:04:37.470 hackers reverse engineer them to identify 84 00:04:37.470 --> 00:04:42.240 and exploit the vulnerabilities addressed by these patches. 85 00:04:42.240 --> 00:04:46.470 This reverse engineering often happens within days 86 00:04:46.470 --> 00:04:48.210 of a patch release, 87 00:04:48.210 --> 00:04:51.120 and many data breaches are the result 88 00:04:51.120 --> 00:04:53.370 of missed software patches 89 00:04:53.370 --> 00:04:57.300 where proper updates could have blocked attackers. 90 00:04:57.300 --> 00:05:01.620 An example of a significant patch is a hotfix 91 00:05:01.620 --> 00:05:04.980 or critical update, which is a type of patch 92 00:05:04.980 --> 00:05:07.560 for a critical security flaw, 93 00:05:07.560 --> 00:05:12.090 usually one that is being actively exploited in the wild, 94 00:05:12.090 --> 00:05:15.300 while an update on its own is often used 95 00:05:15.300 --> 00:05:17.640 to add functionality to a system 96 00:05:17.640 --> 00:05:20.310 without addressing security directly. 97 00:05:20.310 --> 00:05:24.870 Sometimes updates can even introduce new vulnerabilities 98 00:05:24.870 --> 00:05:28.680 that will require hotfixes or critical updates. 99 00:05:28.680 --> 00:05:33.420 Over time, manufacturers like Microsoft can compile patches 100 00:05:33.420 --> 00:05:36.180 and updates into a service pack, 101 00:05:36.180 --> 00:05:39.990 which is a cumulative bundle that includes all updates 102 00:05:39.990 --> 00:05:43.350 and security fixes in one installation. 103 00:05:43.350 --> 00:05:44.760 In recent years though, 104 00:05:44.760 --> 00:05:48.570 Microsoft has shifted from using traditional service packs 105 00:05:48.570 --> 00:05:53.190 to a continuous update model, especially with Windows 10. 106 00:05:53.190 --> 00:05:57.450 So rather than releasing large bundled service packs, 107 00:05:57.450 --> 00:06:01.770 Microsoft now provides cumulative updates regularly. 108 00:06:01.770 --> 00:06:04.830 These cumulative updates roll out monthly 109 00:06:04.830 --> 00:06:08.760 and include all previous patches and security fixes, 110 00:06:08.760 --> 00:06:12.150 ensuring that any new installation of Windows 111 00:06:12.150 --> 00:06:16.170 receives all necessary updates in one update. 112 00:06:16.170 --> 00:06:19.440 Major updates known as feature updates 113 00:06:19.440 --> 00:06:21.900 are typically released twice a year 114 00:06:21.900 --> 00:06:25.260 and bring additional functionality and improvements 115 00:06:25.260 --> 00:06:29.070 along with the latest security enhancements. 116 00:06:29.070 --> 00:06:33.120 This approach allows Windows 10 to stay consistently 117 00:06:33.120 --> 00:06:37.830 up to date with the latest features and security protections 118 00:06:37.830 --> 00:06:41.310 without the need for traditional service pack. 119 00:06:41.310 --> 00:06:44.520 Now that we understand the importance of patching, 120 00:06:44.520 --> 00:06:46.320 how do we make it all happen? 121 00:06:46.320 --> 00:06:49.830 To establish an effective patch management program, 122 00:06:49.830 --> 00:06:54.270 organization should first designate an individual or team 123 00:06:54.270 --> 00:06:58.470 responsible for tracking vendor supplied security patches 124 00:06:58.470 --> 00:07:02.670 and releases, as well as firmware updates. 125 00:07:02.670 --> 00:07:06.960 Next, all systems, including cloud-based resources, 126 00:07:06.960 --> 00:07:10.050 should have a consistent patching mechanism 127 00:07:10.050 --> 00:07:12.630 where automated patching is preferred, 128 00:07:12.630 --> 00:07:17.490 but manual updates can occur if automation isn't possible. 129 00:07:17.490 --> 00:07:21.720 Additionally, a prioritization and patch testing environment 130 00:07:21.720 --> 00:07:23.910 should exist to facilitate 131 00:07:23.910 --> 00:07:26.580 and enable the patch management program. 132 00:07:26.580 --> 00:07:30.000 With prioritization, patches can be categorized 133 00:07:30.000 --> 00:07:33.420 as urgent, important, or non-critical, 134 00:07:33.420 --> 00:07:37.650 with resources allocated based on the patch priority. 135 00:07:37.650 --> 00:07:42.480 After prioritization, all patches, regardless of urgency, 136 00:07:42.480 --> 00:07:44.640 should be tested in a staging 137 00:07:44.640 --> 00:07:47.130 or a non-production environment 138 00:07:47.130 --> 00:07:50.520 before being deployed to the production environment 139 00:07:50.520 --> 00:07:53.130 to minimize functionality issues. 140 00:07:53.130 --> 00:07:54.780 This can take time. 141 00:07:54.780 --> 00:07:57.900 Urgent patches, however, may trigger the need 142 00:07:57.900 --> 00:08:01.290 to be fast tracked through an emergency change 143 00:08:01.290 --> 00:08:02.970 for prompt deployment. 144 00:08:02.970 --> 00:08:07.770 Finally, the periodic implementation of non-critical patches 145 00:08:07.770 --> 00:08:10.710 can streamline the update process. 146 00:08:10.710 --> 00:08:14.340 For instance, scheduling noncritical patches 147 00:08:14.340 --> 00:08:17.010 for rollout every two weeks 148 00:08:17.010 --> 00:08:21.300 balances resource allocation with security maintenance. 149 00:08:21.300 --> 00:08:24.540 By dedicating time and resources 150 00:08:24.540 --> 00:08:28.200 to a comprehensive patch management strategy, 151 00:08:28.200 --> 00:08:33.200 organizations significantly reduce their risk of attack, 152 00:08:33.210 --> 00:08:37.110 making automated patching an indispensable part 153 00:08:37.110 --> 00:08:39.870 of network and system security. 154 00:08:39.870 --> 00:08:44.870 So remember, automated patching ensure systems stay secure 155 00:08:45.630 --> 00:08:50.460 by applying updates and patches without manual intervention, 156 00:08:50.460 --> 00:08:54.390 and there is a difference between updates and patches. 157 00:08:54.390 --> 00:08:57.210 Generally, updates add new features 158 00:08:57.210 --> 00:09:01.560 and patches focus on fixing security vulnerabilities, 159 00:09:01.560 --> 00:09:05.670 but both are needed to keep network systems protected. 160 00:09:05.670 --> 00:09:09.750 By scheduling automated patches during maintenance windows 161 00:09:09.750 --> 00:09:12.900 or triggering them based on risk severity, 162 00:09:12.900 --> 00:09:15.810 organizations can maintain security 163 00:09:15.810 --> 00:09:18.030 while minimizing disruptions. 164 00:09:18.030 --> 00:09:22.080 Finally, effective patch management also includes 165 00:09:22.080 --> 00:09:24.810 prioritizing patches and testing them 166 00:09:24.810 --> 00:09:29.160 in a staging environment before pushing them to production. 167 00:09:29.160 --> 00:09:33.780 So with a structured and automated patch management program, 168 00:09:33.780 --> 00:09:38.763 organizations reduce their security risks significantly.