So let’s jump right in… what can happen when you’re environment is not security compliant and your organization is not patching your systems on a regular basis? The importance of patching regularly is a challenge many organizations face. There are times when development cycles, unportable code, lack of time and lack of discipline can prevent systems from being patched. Let’s also not forget about the whole change management challenge and testing requirements.
More times then not developers and administrators will not patch a development environment simply to keep development cycles moving, administrators will not force patching cycles because “the business” wants to get the next project completed. This tiny fissure can very easily become a canyon in the security lifecycle process. Bleeding its way up to production systems not being patched. This is just one scenario of many different types of challenges organizations are facing.
The purpose of this blog and demo video is to show you what can happen if you don't practice a good patching discipline. Many of you have heard the term exploit, Zero Day, Heartbleed, Dirty Cow and the affect they have on the industry and the media. But many people don’t understand the true magnitude it can have on your organization until you have the chance to see what it looks like in action. I plan to show just that, a simple exploit in action and the effects it can have on your organization's systems, security and intellectual property.
The majority of the system breaches happen from the inside and can be prevented with simple automated patch cycles. These cracks can be filled with modern tooling and proper discipline. Modern solutions that will accelerate your development life cycles while keeping your system secure and compliant every step of the way. Let’s be honest, making news by delivering great products is better than being on the front page for not doing the simple things.
There are many great tools to help automate these activities, we like to utilize Satellite 6 and OpenSCAP in many cases. Below are some other blogs Arctiq has posted on these tools and topics, please check them out.
If you want to discuss patch management and security best practice, we would love to hear from you.