How to Automate Pre- and Post-Patch Management

How to Automate Pre- and Post-Patch Management

Author: Guy Nadivi

Patch management is considered by many to be one of the more vital functions provided by the IT or Security Operations team. That’s especially true nowadays when there are so many threats from hackers, and so many bugs found in systems after they’ve gone into production. Software patching is critical for preventing data breaches, server crashes, and lots of other bad outcomes from various vulnerabilities.

There are many options for you to choose from when considering a patch management solution. Ayehu has no favorites in that regard, and just to be clear, we’re not going to be talking today about our automation platform replacing any of those solutions. What we’re going to focus on actually is automating the equally important activities adjacent to the application of a software patch.

That wasn’t one of the original use cases Ayehu NG was intended for, but we’re very much a customer-driven product, and it turns out that our customers were the ones who realized they could use our automation platform to streamline patch management and dramatically improve their overall process.

Ayehu believes that streamlining the patch management process while ensuring its thoroughness in complying with organizational standards, is a critically overlooked aspect of many organizations’ lifecycle management strategy.

Patch management tools are (mostly) good at doing 3 things:

  • Pre-patch checks: This includes things you’re likely familiar with such as identifying dependencies, testing patches out on a test environment before applying them to a production system, etc. BTW – There’s a number of great checklists on the internet that include best practices to implement when doing a pre-patch check.
  • Applying patches: This one is self-explanatory and doesn’t really require any elaboration.
  • Post-patch checks: This includes rebooting machines that require it, performing a smoke test to ensure everything that worked correctly before the patch was applied still does, and executing rollbacks wherever problems are uncovered.

And that’s pretty much it. Those are the 3 things patch management solutions do well.

Customers tell us their biggest pain point with patch management tools is their one-size-fits-all rigidness. Vendors in that niche just assume everyone’s patch management process should be aligned with the way their solution works out of the box. Basically, their philosophy seems to boil down to you can have your patch management solution in any flavor you like, as long as it’s vanilla.

The vanilla approach doesn’t work for everyone though.

There are probably as many different patch management standard operating procedures (SOP’s) as there are organizations performing patch management.

And that’s where you’ll find the biggest gap among patch management vendors – their relative lack of customization, which many organizations require to ensure conformity with their unique enterprise SOP’s. These organizations want more flexibility from the patch management tool so its workflow conforms to their way of doing things, instead of the other way around.

That’s where Ayehu comes in.

We recognize that organizations want to orchestrate their patch management process their way, according to their schedule, and based on the outcomes they desire. So Ayehu NG’s integration and automation capabilities allows organizations to use best-of-breed tools for all aspects of the patch management process.

For example, Ayehu enables you to easily incorporate:

  • ITSM platforms like ServiceNow, BMC Remedy, JIRA, etc. into any aspect of your change management process.
  • VM platforms like VMWare, Azure, etc., can be incorporated
  • And even notification tools like Twilio, Everbridge, PagerDuty, etc. can be part of your change management workflow

All of these, together with whatever patch management platform you use, can all be orchestrated into one finely-tuned patch management process that works the way you want it to, so that you can ensure compliance with enterprise SOP’s and adhere to your organization’s best practices.

And BTW – If there are other tools that are part of your patch management process, even proprietary in-house solutions, Ayehu can integrate them as well.

Continuing with the ice cream metaphor, you can think of Ayehu as the ice cream scooper. This higher-level control over the process allows you to pick and choose whatever flavored IT system you’d like to incorporate into your patch management workflow, and to orchestrate it exactly where you want it to execute.

For pre-patch management, that means you can do things like initialize your patch management process via submission of a change request to your ITSM solution. Just send in the request, let Ayehu do the rest.

Or you can simply send Ayehu an email to kick off the patch management process.

If you only want to apply the latest patch to a specific list of your servers, for whatever reason, you can create a list of them in Excel, leave the spreadsheet on a shared drive, and point the Ayehu workflow at it so your patch only gets applied to the servers in that spreadsheet.

Another very popular use of Ayehu NG in the patch management process is taking VM snapshots to create rollback points prior to applying the patch, in case something in the patching process leads to less than desirable results?

What about post-patch management?

With Ayehu orchestrating the process, you can automatically update ITSM tickets following conclusion of the patching process. This can include documenting the details on all the servers that got updated, what specific patches were added, and any other information you’d like to keep track of for future reference.

Another popular post-patch management task is notifying people and groups about the status or completion of the patch management process, which Ayehu can do for you via email, text, or even by phone.

All of these tasks and many more can be included in your overall patch management process when Ayehu is used to orchestrate all your different-flavored IT systems into providing the specific outcome you want.

In October 2019, the Ponemon Institute published a study called “COSTS AND CONSEQUENCES OF GAPS IN VULNERABILITY RESPONSE”.

One of the questions they asked was “What steps would you take to improve your organization’s patch management?”

The #1 response from about 3,000 respondents was “Increase Automation”. 45% said that was the top thing they would do to improve their organization’s patch management.

Another question asked by the Ponemon Institute was regarding how automation impacted the time to respond to vulnerabilities.

80% said that automation reduced their time to respond either slightly or significantly, with more than 2/3 saying significantly.

If you’re interested in test driving Ayehu NG as the automation platform that orchestrates your overall patch management process, click here to download your very own free 30-day trial version today.

To watch the full recording of the webinar, click the graphic below.