Patching isn’t the sexiest task in infrastructure management, but it is a vital one. By turning it into an end-to-end automated solution — including reporting and alerts — we help our customers on their way to continuous compliance.
We all know the situation: hackers penetrate a system through an unprotected vulnerability in the infrastructure. Regular patching is the solution. These patches cover vulnerable areas and thus reduce the risk of unwanted visitors. But installing patches isn’t the most fascinating aspect of infrastructure management, so all too often it gets delayed.
At the touch of a button
Automation offers an answer to this. Patching your entire infrastructure with the push of a button — that’s every infrastructure manager’s dream. Puppet Enterprise, to name but one, is a tool that offers a patching module. But the work isn’t finished once the patching is done. Every right-minded CISO asks for a report: Have all the patches been implemented correctly? What still needs to be done? What is the current status?
That information isn’t available as standard with Puppet Enterprise. This prompted us to take a broader look at the whole patching challenge. With Prometheus (observability) we retrieve all the necessary data from Puppet. We then use Grafana (visualization) to convert the data into understandable information. The result is an end-to-end solution for patching, including all the necessary reporting and associated alerts. We bring it all together in a dashboard tailored to your company, so that you can see at a glance exactly how things stand.
Choose the dishwasher
As a company, you have to consider the usefulness of such an end-to-end patching solution in the context of your broader security policy. Correct and timely patching reduces the number of external incidents. By automating the process and supporting it with an end-to-end solution, you also remove a second risk at the same time. In many IT departments, patching is a victim of procrastination. And not without reason. Whenever you install a new patch, there’s a risk that some pieces of the infrastructure will suddenly stop working. Finding and fixing those issues is often a difficult exercise.
The automation of patching prevents the IT department from going into a tailspin. If you delay the installation of patches for fear of technical difficulties, you’ll sooner or later have to install a lot of patches all at once, which only increases the risk of issues occurring. By delaying patching, the attack surface grows at the same time, so the chance of a security incident is always increasing.
So in a way patching is like doing the dishes. Those who procrastinate will only see the pile of dishes grow. And as the pile grows, the desire to act decreases further. A dishwasher is a lot more convenient: the machine does the dishes properly and at the right time. That’s exactly the role our end-to-end patching solution fulfills.
Continuous compliance
It’s also useful for organizations with modest IT infrastructure to automate the management of patching. Just because you only have five servers to manage doesn’t mean you like wasting time on repetitive work, right? Moreover, small organizations often don’t have their own IT departments, which reduces the available time for IT issues.
Whether you’re large or small, the fact is that your organization’s IT infrastructure must comply with certain rules. Automated patching allows you to eliminate some of the manual labor and helps to ensure that you’re always in compliance with security regulations, thus contributes to continuous compliance.