Plug your cyber security holes today to stay patched and protected!

The Essential Eight for Security in Practice: Patching of Operating Systems & Applications

Want to know what you should be focusing on for your organisation’s cybersecurity? The ASD Essential Eight security controls are exactly what you need. Part of a larger group of 37 mitigation strategies for effectively dealing with cybersecurity incidents, the Essential Eight are ones that are rated as… essential!

The Australian Cyber Security Centre (ACSC), based within the Australian Signals Directorate (ASD) recommends that all organisations implement these Essential Eight controls for mitigating cyber attacks. To help with implementation, the ASD has defined an Essential Eight maturity model. For each strategy, the levels in the model show how to move from partly, to mostly, and then to fully aligned with the intent of the mitigation strategy.
A series of practical webinars presented by Microsoft Australia can also help you accelerate towards a robust, well-rounded cyber protection foundation. Don’t delay, view today, and make sure that your organisation has the cybersecurity that it needs!

Vulnerabilities in your cyber security can hit your organisation hard. They are open doors for malicious code to execute and compromise your systems. This article covers patching of operating systems and applications as part of the ASD Essential Eight security controls. We discuss Microsoft patching solutions to strengthen and protect your IT against cyber threats. You’ll see how to use these patching strategies and tools to mitigate cyber risks efficiently and effectively on premises and in the cloud, without impacting your end-users’ productivity. Overall, you’ll discover ideas, approaches, and solutions for patching to help you achieve the best cyber security posture possible.

What hackers drool over

Vulnerabilities in your digital estate are hot favourites with hackers. They salivate over weaknesses and flaws in security that give them a toehold in your network, a foothold in your systems, and access to your confidential data. Besides giving IT teams sleepless nights, vulnerabilities are also the bane of auditors and compliance officers.

There can be no doubt. Vulnerabilities must be eliminated or at least mitigated. That’s why patching of operating systems and applications is one of the Essential Eight security controls from the ASD.

Get current and stay current!

We’ll start with a basic rule that can be enormously helpful in driving your patching strategy. Get current and stay current. If you make this rule your patching North Star, you’ve already won half the battle.

The ASD Essential Eight maturity model gives us a handy roadmap to get to this state of patching perfection. Here’s a quick summary of the model:

• Maturity Level 1: partly aligned, “extreme risk” vulnerabilities are handled within 1 month
• Maturity Level 2: mostly aligned, the window narrows to 2 weeks
• Maturity Level 3: fully aligned, “extreme risk” vulnerabilities must be dealt within 48 hours with automated confirmation of successful patching, and removal of software no longer supported by the vendor.

As we follow our North Star, we also want to:

• Minimise all windows of vulnerability
• Be flexible to meet the work needs of our users
• Get real-time info on how well updated all systems and devices are across the organisation

Microsoft solutions can help.

Microsoft solutions for patch management

Microsoft Endpoint Manager – an integrated solution for IT admins to understand and manage patching across all endpoints in their estate Windows Update for Business – lets you control which updates are offered and when they are offered with definition/optimization of the end-user experience, and compliance checking Microsoft Defender for Endpoint – Threat and Vulnerability Management (TVM): a risk-based approach to mature your vulnerability management program and make informed decisions

Cloud plays a key role

Cloud systems and data need patching just like on premises systems. But it also turns out that the cloud is a great resource for patching and meeting cyber security challenges. Microsoft leverages Azure cloud capabilities and automation for patching strategies for on premises, Azure, and multi-cloud datacentres.

Keep patching but stay productive

IT and cyber security is a never-ending trade-off between the two extremes of locking things down so hard that nobody can do any work (not good) and never correcting systems for fear of upsetting users (not good either).

Luckily, Microsoft provides you the tools to steer an optimal course between these excesses. You can choose fast deployment of patches, but you can also take time to plan and test updates. You can also phase your rollouts of Windows 10 updates to align with users’ workloads and preferences.

Now it’s time for action! Review the on-demand webinar for practical details and resources to implement this Essential Eight Security control. Remember that Microsoft experts can also help and advise you. And make this Essential Eight strategy part of daily life in your organisation!