Update Management —Prompt Installation Required to Maintain Network Security

In most companies, at least those who believe in managing security correctly, the rollout of all updates is controlled by the IT team. Only users with administrative access can install security patches, firmware and software updates or service packs. Basic users are also blocked from installing software on company assets. This is good practice and prevents shadow IT (where users can install unapproved and unsupported software). It does annoy users, as they must ask IT to add any applications they feel are necessary to add productivity to their roles. However, it does make sense and aids security, ultimately creating a list of approved software that satisfies all company activities.

Unfortunately, this activity is not enough as, regardless of hardware and software configurations, updates are necessary on at least a weekly basis, whether related to the OS, applications or installed hardware. Some experts recommend prompt installation while others advise performing some research before installation, to make sure the update does not have a negative impact on operations. I advise a combination–it’s better to verify on an offline machine before rolling out the update to all.

What is the ideal way to ensure reliable yet prompt update installation? In a traditional office environment, is it practical to supervise individual installs? Can we rely on all updates or will they cause additional problems?

Unfortunately, there is no single solution, given the plethora of hardware and software configurations available. It’s impossible for manufacturers to test on all possible system configurations not to mention on connected peripherals and other software. Therefore, as security vulnerabilities and other issues are identified by end-users and real-world usage, patches and updates are released. Managing all these updates on a company network is a task that requires prompt action but in a way that ensures business continuity, given that some updates cause problems.

How Important is Update Management?

Ignoring updates is not a good idea as hackers exploit known vulnerabilities, secure in the knowledge that companies are often slow to implement security updates. It’s not enough to focus on OS patches as commonly used applications such as MS Office, Acrobat and many more are all attractive targets, exploited to launch cyber-attacks, ransomware, or simply to harvest data. Therefore, a process is needed to stay on top of all updates.

Are you Prepared for Updates?

A company’s activities are often defined by processes, procedures and compliance requirements. Documentation is key to ensuring a defined strategy for all aspects of the business. Most will have a security policy, cybersecurity strategy, disaster recovery policy and other documents to ensure a defined process is maintained and improved where necessary. Update or patch management is no different. Define your process and follow it. If you haven’t decided how to officially handle updates in your organisation, it’s worth starting. Let’s make a few assumptions first:

  • Most companies will have similar (if not identical) desktops and notebooks. In most cases, they will at least be from the same manufacturer if not the same model. It makes sense to do so as discounts are available for volume orders. A mix and match approach to desktops is rarely observed.
  • All will have the same OS.
  • A complete audit of the network has provided an inventory of all hardware and software on the business network.
  • Installations and updates are managed by the IT team, with users unable to perform admin functions on their machines.
  • System restore or other rollback function is installed on every machine in case a patch or update requires removal.

If all the above are not true, it complicates matters for the IT team. In my opinion, driver updates for hardware and application updates rarely cause problems and can easily be rolled back on a machine if problems occur. OS patches are another matter and need more careful rollout, given that they will apply to all machines. If flawed, a patch can grind operations to a halt. It’s for this reason, I’d recommend a dedicated machine for testing updates before rolling out updates to the entire network.

Define a Process

Therefore, a potential process could include a review beforehand. Ask some questions. These could include but are not limited to the following:

  1. Is the update plugging a security vulnerability or just a performance/feature update? Security updates receive priority.
  2. Have any problems been identified by those who have already installed the update? Google is your friend in this case.
  3. Who is affected by the update? If everyone, test on standalone machine before rollout.
  4. Is a network rollout possible or is it necessary to update each individual machine? Most sysadmins perform updates after hours to mimimise downtime.

Of course, there are other issues, especially for software companies or those who use software with a browser-based GUI. Such issues should be identified during online research.

In conclusion, it’s best to act on new updates as soon as possible. Automatic installs are possible but carry some risks. It may be best to avoid automated installs in some cases and follow a manual process based on prior experience with your company systems (most admins will identify a pattern of problematic updates). Regardless of the method used to process updates, ignoring them is not an option, especially when you consider that doing so could allow a data breach or result in network downtime. Can you take that risk?

5 Ways Predictive Analytics can Prevent Network Failures

The good news—you can put your crystal ball away. Preventing network failure doesn’t have to be a guessing game anymore. Predictive analytics can help you find these performance issues before they happen.

The ability to find and address network problems before they even begin affecting your operations is giving information technology (IT) professionals the freedom to focus on progressive projects as opposed to reactive ones.

“There is a growing need for networks to adapt to dynamic application demands as well as address dynamically to special events, seasonality and so on,” Diomedes Kastanis, head of technology and innovation for Ericsson told CIO.online.

“Although we have a lot of automation systems and rules to manage and operate networks, it still is not enough to cope with the intense changing environment and proactively adapt to changing demands.”

There’s a reason predictive analytics are so effective. We’re pinpointing five ways that they can help your IT department prevent network failures.

1) Incorporating AI in new technologies is paving the way for failure prevention.

Most of the current adoption of predictive analytics comes from updates to technologies that are already being used. Different security platforms, like endpoint technologies, include updates that leverage artificial intelligence (AI) or machine learning (ML).

It’s technologies like these that have led companies like Skymind to start to adopt the practice, but the technology still isn’t yet fully evolved—only 95 percent accuracy for them.

“In other words, to predict data for the next month, you need five months of historic data,” Gianluca Noya, digital network deployment and analytics lead at Accenture told Networks Asia.

Still, the advancements in computing power, security technology and network data are allowing IT departments to start to figure out how to take advantage of this resource—including anticipating capacity requirements.

2) IT departments can stop spending time analyzing capacity data.

To determine to future capacity of their networks, IT professionals spend time determining a benchmark metric, and continuing to measure against it for comparison. This takes time—staff will spend months trying to gather and project data for several month forecasts, only to find they have to start over when those months roll around.

Instead of spending those months analyzing traffic, services, device use and how employees are using them, predictive algorithms can crunch all of that data for you. Not only can it same time, but it can continuously learn as it does this, beyond what is capable with benchmarks that don’t move.

3) Quality of performance is taken into account.

Learning capabilities also come into effect when you’re trying to analyze quality of performance in the future. Based on past events, deep learning technology can be applied to forecast for the future.

“When you have a dataset that includes records of events you want to predict, you can train a deep neural network on that data,”Chris Nicholson, CEO of Skymind, an AI developer supporting the open source deep learning framework Deeplearning4j told CIO.

“When you can predict capacity problems accurately (for example), you can act pre-emptively to rebalance the load on your network and provision the network with more capacity.”

The more data you have, the better the technology can learn. While there are still some stopgaps here—like data that’s not clean or organized properly—when applied correctly, it can proactively secure your organization.

4) As AI technology learns, predictive analytics learn about attackers as well.

As attackers get smarter, supporting intrusion detection gets tougher, and organizations will soon require predictive analytics to stay ahead.

It’s effective because this technology learns about your system in a more complete way than any other human could. This means it knows what your ‘normal’ looks like, and recognizing anomalous behavior is easy.

This will become very important in industries like banking, where risk mitigation and detection of security breaches is so important. The cost of a security breach is immense—the more quickly you detect them, the less impact to your organization.

5) Predictive analytics will cost you less in the long run.

Network pricing structures can be complicated, but coupling your system with predictive analytics can not only help you save in the event of an attack, but can help you forecast for effectively—like network upgrades, new devices and staff.

The key to success with predictive analytics is to have data that the technology can learn from. A historical look at past problems is paramount to predicting security events in the future.

While this is not a ‘quick-fix’ solution, predictive analytics are a tool for CIOs to better prepare for the future and identify behavioral patterns across all of your systems.

3 Secret Habits of Really Effective Network Security Programs

Effective network security programs require more than just one layer of protection if one solution fails, you still have others guarding your company and its data from all types of network attacks.

There are best practices that set the highly effective network security programs apart from the rest.

A recent survey conducted by ReRez Research, and commissioned by Infoblox, shows that when IT departments are segmented by security success factors, there are certain best practices that rise to the top.

The study was comprised of 200 large organizations, and shows how certain habits differed between organizations with top-tier network security programs and everyone else.

These alterations in behavior matter, as breaches in security can cost organizations large fees in both recovery and damages.

Analysts estimate the cost of a typical unplanned network outage now tops $740,000. Protecting the network – from problems like breaches, outages and poor performance – is crucial for organizations. – Infoblox 2016 Network Protection Survey

Education is the first place you should start. Your network security awareness program is probably following a one-year plan, which isn’t the best practice. Programs that follow 90-day plans are more effective, and focus on three topics simultaneously throughout those 90 days.

After your awareness program is in place, start thinking about your network security structure in a different way.

Below are the three secrets of the most highly effective network security programs.

1. Make Sure there is Cooperation Between the Network, Security and Application Teams

Siloing the various teams in your department can stifle your security activities, and keep you from reaching your goals. Network operations staff, the security staff and the application teams should all be communicating fluidly, with 100% of top-tier organizations in the survey citing this as a best practice.

High performing organizations are 9x more likely than others to be using integrated visibility tools already, and they’re 4x as likely to be using integrated security tools in conjunction.

Communication becomes paramount when it comes to reporting. One key factor in running a successful network security program is being able to prove that success. The only way to do so is to collect metrics that reflect this success across the organization.

2. Utilize DNS/DHCP Data to it’s Full Potential

This is a slowly growing but serious differentiator between effective and mediocre security departments. According to the survey, close to half of top-tier organizations use DNS/DHCP data to discover other new devices, compared to zero other contenders.

Not only are they tracking and utilizing the data, but they’re 3x as likely to use DNS logs for security purposes.

3. Commit to the Continual Use of Intelligence

The most successful organizations have a mechanism in place that forces them to commit to security intelligence. They’re 6x as likely to have deployed an SIEM, and 4x as likely to invest in machine-readable threat intelligence.

In addition to intelligence commitment, they’re 6x as likely to use automated tools that alert them to new devices appearing on the network.

Keep in mind some of these changes when building your network security program certain best practices could not only set you apart from the rest, but save your organization it’s reputation, and hundreds of thousands in damages.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.