Skip to main content
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
N-able
  • Request a Quote
  • Try Now
    • N-able RMM
    • N-able N-central
    • N-able Backup
    • MSP Manager
    • N-able Mail Assure
    • N-able Passportal
    • N-able Risk Intelligence
    • N-able Take Control
Request quote
N-able
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare N-able RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
SolarWinds MSP is becoming Read More
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Remote Management Patch Management Best Practices
Remote Management

Patch Management Best Practices

By SolarWinds MSP
25 February, 2020

Skim today’s cybersecurity headlines and the scope of damages from cyberattacks will likely shock you. Not only are the number of security breaches increasing each year, but so is the average cost of a cybercrime incident. In 2018, the average cybercrime incident cost $13 million, which represented a whopping 72% increase from 2013. By 2021, experts estimate that cybercrime will represent a total global cost of $6 trillion annually. These financial concerns are why managed services providers (MSPs) should take a proactive approach to their customers’ security countermeasures and risk intelligence.

Patch management is one essential way MSPs can help keep their customers safe. Patches are small fixes made to the code of software applications and programs, often with the intention of addressing bugs or security issues. The consequences of improper patching can be far-reaching—some of the largest data breaches of the past few years can be traced back to a lack of patch management best practices. 

For instance, the 2017 Equifax data breach, which exposed the data of 143 million Americans, was linked to an Apache Struts vulnerability that had gone unpatched for two months. Another high-profile breach came in 2018, when an outdated version of Outlook at SingHealth was responsible for exposing the data of 1.5 million patients. Ultimately, strong patch management policy and procedures are essential for data privacy, and security. 

What are the general steps for patch management?

CTA Image

N-able Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

General patch management strategy includes several processes: scanning networked devices for missing software updates, downloading these patches when they become available, deploying the patches to the necessary devices, and ensuring they are properly installed. 

Patch management for Windows machines tends to rely on two software updating services, depending on the size of the networked environment. Small- and medium-sized companies can get by with Windows Server Update Services (WSUS), which manages and deploys updates for Microsoft-specific operating systems and software across multiple machines. System Center Configuration Manager, which is designed for large-scale enterprises, builds upon the capabilities that WSUS provides but includes greater functionality for scheduling and automated patch deployment.

Windows patch management best practices will help with the Microsoft infrastructure, but things get more complicated when considering the various third-party applications and programs that many companies rely on to achieve their strategic and organizational goals. That’s why implementing a patch management software solution is often key. Patch management software not only helps to ensure that Windows server patching best practices are maintained, but that open source patch management needs are seen to as well—thereby helping ensure that all applications within the computing environment are kept up to date.

Why is patch management important?

Proactive patch management policy and best practices provide several benefits, security being perhaps the most obvious and important. In fact, one 2018 study found that more than half of data breaches could be traced back to identified vulnerabilities that had been left unpatched. Because patches identify the specific vulnerabilities they’re meant to fix, it’s essential that they be installed quickly, because hackers and malware can start to exploit those vulnerabilities within hours of the patch’s release.

However, patch management best practices can also help to optimize business-critical functions in other ways. Take productivity, for example. While patches help to prevent the exploitation of vulnerabilities in software code, many of them also provide performance improvements, leading to fewer application crashes and system downtime. Automated patch management also helps to ensure that organizations stay abreast of the latest technological developments and updates, which can include new features and capabilities that often increase the ease and speed of use for end-users.

One other benefit that patch management provides is compliance. Because of the ubiquity of cyberthreats, many regulatory bodies require businesses to demonstrate they’re actively staying on top of security updates and best practices. Failure to do so can result in legal and financial ramifications. 

What are patch management best practices?

CTA Image

N-able N-central

Try the powerful N-central solution for free.

Try It Free Learn More

Pressing concerns about security means patch management best practices are vital to a safer and more secure computing environment. Here are a few of the policies and practices that MSPs should be enacting to help ensure their customers’ assets are safe.

  1. Maintain accurate systems inventory

    If you don’t have an accurate inventory of all the software and hardware elements connected to a network, it becomes incredibly difficult to ensure that all applications and devices are kept patched. Running regular scans of a network’s asset inventory is important for keeping an accurate portrait, which can then be used to determine which patches need to be applied.

  2. Assign assets to categories

    After creating an accurate inventory, group them by how exposed they are to attack and how great an impact they would have on business functions if they were to be taken offline. This helps determine which assets require immediate patch deployment (anywhere between hours and days of a patch’s release) or a more standard timeframe (which could take up to several weeks). Assets that store sensitive information, support public-facing elements, or enable important functions should be given priority.

  3. Consolidate software

    The more versions of software a customer is using, the more complicated patching becomes. That’s why streamlining software is another important practice—it reduces administrative overhead and promotes internal cohesion by helping ensure that multiple distinct applications or programs aren’t being used for the same purpose. Fewer software options result in fewer patches that will eventually need to be deployed, meaning less risk for vulnerability.

  4. Stay on top of vendor patch announcements

    Third-party products are commonplace in networked environments, which makes keeping up with vendor patch announcements a key part of maintaining patch security. Having an accurate asset inventory allows you to subscribe to third-party vendor security updates, which can often be sent to specific email inboxes or communication channels to help ensure that they aren’t overlooked.

  5. Work around patch exceptions

    It’s likely you’ll encounter situations in which a patch can’t be deployed immediately or requires changes in order for it to work properly. Given that this can take time, the best course of action is to limit how much risk the asset in question is exposed to until the patch can be applied. While you should have already restricted user permissions to necessary personnel only, this step becomes even more essential when patch exceptions come into play. You should never expose high-stakes assets like servers to the internet when left unpatched. 

  6. Test before you deploy

    Every network environment is going to have at least a few unique quirks. For this reason, it’s important to test patches in restricted sandbox environments that allow MSPs to help ensure a given patch doesn’t cause problems or cause assets to crash. If a patch clears the smaller subset of systems, you can likely roll it out in additional subsets across the rest of the network. 

  7. Automate when possible

    You can often automate open source patch management. If your customers rely on open source applications and libraries, you should patch them as soon as possible. Because it can be difficult to track the various open source libraries and tools in use by your customer’s developers, automation is an essential part of helping ensure that asset inventories are kept up to date—including which open source tools are in use and the software versions that are vulnerable and require patching. 

 

The best automated tools will come with library integrations baked-in, meaning that you’ll be able to instantly know which libraries customer’s developers are using. This will allow you to automatically deploy updates when unsafe library versions are detected. Because vulnerabilities in open source code will affect whatever applications end up using those portions of vulnerable code, it’s strongly advised that open source patching be automated so you don’t have to track down each application and individually fix affected code.  

While there are a few key things to keep in mind when it comes to patch management best practices in 2020 and beyond, the bottom line is that patch management is crucial to helping protect your customers in today’s computing world. To make patch management as smooth as possible, consider user-friendly tools that make rollout and reporting easy. SolarWinds® RMM and N-central® both feature a robust patch management feature that can help fine-tune your patch management policies and make updating your customers’ software a seamless process. 

 

Interested in learning more about how patch management software works? Explore our product suite to see how you can prepare for potential vulnerabilities.

 

Additional reading

The Key Differences Between a Disaster Recovery Plan vs. a Business Continuity Plan
Patch Management philosophy and procedures
Five steps to an easier patch management process
You might also like...
Data

Data Protection for Remote Work: What MSPs Must Know

Remote Management

Remote Monitoring and EDR: Better Together

Remote Management

Security Risks of Remote Desktop Access and How to Prevent Them

Operations

Three Steps to Create a Remote Work Policy at Your Company

Remote Management

10 Tips to Help Ensure Remote Access Security at Your Organization

Security

DearCry Ransomware Review 

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • DearCry Ransomware Review 
  • PSA vs ITSM vs ESM: Part 2—Which is the right fit for your MSP?
  • 4 ways PSA software helps MSP businesses
  • PSA vs ITSM vs ESM: Part 1—What do they do? 
  • Endpoint security for Mac: What you need to know In 2021
Categories:
  • Security (252)
  • Tips & Advice (130)
  • Backup & Disaster Recovery (97)
  • Best Practices (97)
  • Managed Services (89)
  • The Head Nerds (88)
  • Business Growth (79)
  • IT Support (43)
  • Business (42)
  • Automation (41)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (37)
  • Remote Management (31)
  • ITSM (26)
  • Data (23)
  • Networking (22)
  • Cloud Computing (21)
  • PSA (16)
  • Marketing (15)
  • Product (11)
  • Service Desk (7)
  • Services & Support (5)
  • Risk Intelligence (4)
  • Mobile (4)
  • Customer Service (3)
  • GDPR (3)
  • Internet of Things (3)
  • Research & Trends (2)
  • Training (2)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
  • Business Risk (1)
Show moreless
N-able

Products
  • N-able RMM
  • N-able N-central
  • N-able Backup
  • N-able EDR
  • N-able MSP Manager
  • N-able Mail Assure
  • N-able Risk Intelligence
  • N-able Take Control
  • N-able Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • COVID-19 Response
Support
  • N-able RMM
  • N-able N-central
  • N-able Backup
  • N-able Mail Assure
  • N-able Take Control
  • N-able MSP Manager
  • N-able Risk Intelligence
  • N-able Threat Monitor
  • N-able Passportal
  • N-able Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© N-able Solutions ULC and N-able Technologies Ltd.
All rights reserved.