Patch Problems: Background, Context and Audience
In a previous blog post, we covered some general information about why you might not be able to patch your systems. You can read our article here:
Blog: What to do when you can’t patch.
In this follow-up blog, the experts here at Optimising IT will continue our discussion on patch problems. Today, we will get into a few more specific and technical issues relating to networking patching. Don’t worry if you’re concerned about not understanding this content due to a lack of technical IT knowledge! While we’ll discuss details about patch problems, we’ll ensure it’s straightforward, easy to understand and, most importantly, easy to action.
What to Do When You Have Patch Problems: Always Ask “Why?”
At Optimising IT, we like to use the 5 Whys technique when assessing a patch problem. This is a process of continually asking why an issue is occurring until you reach the actual root cause.
By continuing to layer your “why?” questions, you’ll dig into the crux of your patch problem rather than remaining fixated on surface-level issues.
Once you get to the root cause of your patch problem, you have two options:
- Understand the challenge and correct it
- Find some way to mitigate the patch problem or work around it, so it doesn’t cause the said problem.
Often, once you get to the root cause, you may find you can patch your systems, but there is a simple reason getting in the way. This could be a lack of support for your current systems or that you need to reconfigure your software before you can patch it.
Sometimes, asking the fundamental ‘whys’ of patch problems can lead you down a more technical and intricate path than you’re capable of following. Fortunately, at Optimising IT, we can keep digging as deep as you need us to. Talk to our expert consultants today if you’re facing blockers you can handle.
Patch Problems: Updating & Upgrading Your Network
Networks often get overlooked in patching terms.
The main reason to patch a system is to prevent malware attacks, and networks are not usually perceived as something that malware can affect.
Instead, networks are seen as a switchboard or access point. A thing that malware travels through to reach a destination.
And this is half true.
The network itself is not something that can be hacked, it’s merely a point of connection. However, those pieces of network equipment that the network uses to operate? They can be hit by malware.
In particular, firewalls, remote-access VPNs and tools like routers are problems – as they are accessible from outside your network. Those who want to damage or ransom your system can attack these pieces of tech to control your network.
Let’s dig a little deeper. Let’s ask why this matters.
Patching Problems: Why Is Your Network an Issue?
Networking equipment usually works well without you needing to keep it up-to-date or replacing it, which means there are rarely any tangible business results to be seen beyond letting it continue to do what it does.
The problem with networks is that they don’t usually have active or effective security monitoring to detect when some security breach (or attempted breach) happens.
Many botnets, for example, are made using insecure home routers with poor security – as they are easy to breach and nobody notices when someone skims some performance off the top – they just assume their network is running slow.
What’s more – these devices have no third-party malware prevention systems to detect such attacks. Patching can be one of the only ways to stop your network devices from becoming vulnerable to such malicious attacks.
If you’re not patching your network, then you’re vulnerable. This means if you can’t patch because of patch problems, then your risk factors are just going up and up and up the longer you continue to have patch problems.
Are Your Networking Patching Problems Caused by out of Date Kit?
One of the critical issues we see with network security are organisations still running out-of-date firewalls.
In one recent example, the firewall model in use at an organisation we visited was last offered for sale in 2013. Our experts had been installing the system as far back as 2005. Because the software was so outdated, the last patch for the network firewall was from 2018.
This meant the patching was years out of date, leaving the firewall vulnerable to all sorts of new threats. It also meant that the business was failing to comply with new regulations and IT system governance.
This is the sort of issue that the ICO loves to investigate and highlight – and for good reason.
It creates risk.
Nobody wants to fall on the wrong side of ICO, so what can you do?
What to Do When You Can’t Patch Your Network
In this section, we’ll look at what we would do with an out of date firewall. We’ll also cover remote access VPNs, another common culprit for unpatched vulnerabilities on business IT networks. You can apply these methods to other network systems, like routers.
First, let’s set some criteria to work with:
- You have a firewall which is beyond support, or;
- The remote client VPN you are using has a critical vulnerability that can easily allow an attacker to hijack a VPN session or create their own and bypass any authentication.
Because you are having patch problems, you cannot get the updates you need to secure your network. So now what?
We want to avoid quick wins in favour of strong, long-term solutions. So what should we not do?
- Just open the services you need to the internet.
- Allow users to use their own remote access tools in an uncontrolled way.
- Just switch off the remote VPN – that is a quick way to start looking for a new job.
- Nothing.
Suggested Actions for Your Network Patch Problems
- The most obvious solution would be to update network technology to something that is supported with new patch updates. If funding is a problem, businesses must be aware of the consequences of not having a patched network.
- For specific VPN issues, it’s possible to disable the vulnerable and unpatched remote VPN service on devices and use something else instead. For example, you can purchase a small Fortigate firewall appliance to handle just remote VPN for around £1,200. Just remember not to switch off your VPN without first having a replacement option.
- If you’re making changes, it’s essential to create an IT systems development plan and provide instructions for users engaging with new technology. As part of this, you should implement and test your new network technology with a small user group to begin with, and get feedback.
The answer to your patch problems will be further financial investment in your IT network systems. Without increasing your spend, you’ll be working with technology that is incapable of providing your business with the security and compliance you need.
Optimising Your Patch Solutions: Moving to the Cloud
As part of the ‘why’ scenario, we often ask this question:
Have you considered moving them to the cloud?
The answer is usually:
No, that’s not for small businesses, is it?
The cloud is an exceptionally powerful resource for your small business and can help eliminate your patching problems. By moving your business services to their cloud equivalents, you join platforms that provide their own hosting and security, which means you don’t have to worry about updates and patching because they do it for you.
Need Help With Your Network Patch Problems?
At Optimising IT, we offer award-winning IT consultancy and cloud service solutions. Whether you’re looking to solve your patch problems directly or move to the cloud and have somebody else worry about them, we can help you protect your business.
