"If we had just kept our systems patched, the malware wouldn't have been a problem." After every major breach you usually hear those words echoed across news media. You might even pause for a moment and tell yourself that if the victims had just patched their systems, they would have been protected. For years, security experts have recommended keeping systems up-to-date as a first line of defense. After all, it's a common-sense approach since most breaches exploit known vulnerabilities where patches are already available and have been for a while. And on the surface, it would seem a simple fix to patch your systems with the latest software updates.
Top cybersecurity issues with patching
But the truth is, effective security patch management for your network may not be that easy. Why? Let's take a closer look at the key reasons.
How to stay cybersecure
So the myth is busted. Even if it were possible for you to patch in a timely fashion, malware would still be a problem. And, as we saw in the cases above, patching doesn't always work. To keep your organization secure, you need to detect and stop malware in other ways. But while there are many reasons that patching is not a panacea, you still need to patch to the best of your ability. Why? Because it's still a key part of a holistic and effective security posture.
To keep your organization cybersecure, you should develop an architectural approach that leverages risk-based decisions for your organization. This includes determining:
You also need to patch and protect against other ways malware can enter your environment. You may even want to use a best practice to make sure you cover all your bases. If so, we'd suggest the NIST Cybersecurity Framework (CSF) as a starting point.
Simple, open, and automated security
At Cisco, we encourage you to develop a strategic plan, leverage the features already built into your network, and then add innovative security capabilities that can provide your organization with a more holistic security posture. We also suggest increasing visibility into your network and enabling solutions that integrate easily. By doing so, you can create a simple, open, and automated security approach to better protect your organization against growing threats.
Learn how to create a simple, open, and automated security approach at www.cisco.com/go/security
Get up to speed on the latest cybersecurity threats to government in our new 2018 Annual Cybersecurity Report for Government
Check out our award winning Identity Services Engine (ISE) at https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html