Time to patch increases significantly during pandemic

New data from US-based endpoint management specialist Automox reveals some of the challenges security teams face in keeping up with endpoint security

That the Covid-19 pandemic has left organisations struggling to secure and manage remote devices is beyond doubt, but a new report from Automox, a Colorado-based supplier of endpoint management automation services, had given fresh insight into how keeping tabs on the device estate has become more complex and time-consuming because of the new normal of hybrid working.

To compile its report The 2021 state of IT operations, Automox studied 500 IT operations and security professionals at enterprises with headcounts ranging from 500 to 25,000, in 15 different industries, and based on its data, it described the hybrid model as a potential “cyber security disaster” for the unprepared.

In the report’s preamble, Automox said it was perhaps unsurprising that organisations were struggling to get on top of their patching responsibilities. The report’s authors wrote: “To adapt and survive in this new normal, companies took swift action in 2020 to implement and support an almost entirely remote workforce.

“The effort companies made to keep employees and customers safe while maintaining business operations has been truly inspirational. But that effort was rushed, leaving IT operations with the overwhelming, if not impossible, task of managing thousands of new devices, endpoints and support requests remotely.”

Among some of the headline findings in the data was a sharp decrease in the frequency with which disclosed vulnerabilities are patched in under 24 hours – which dropped from 20% last year to 9.9% today – despite new vulnerabilities or zero-days being quickly exploited by malicious actors, as has been seen in many cases, even before disclosure.

The survey also found that about 60% of organisations take more than 72 hours to patch, and more than 20% take over 30 days, giving malicious actors a wide-open window to take advantage of the disclosed vulnerabilities to get inside target networks, establish persistence, steal data, and drop malware or ransomware.

The data also shows small, but still stark, differences, in the length of time taken to patch on-premise devices, including virtual machines (VMs) and servers, as opposed to remote desktops and laptops. Some 40.3% of remote devices were patched in between four and 30 days post-disclosure, compared with 37.9% of on-prem devices and 38.5% of cloud-hosted devices. Just 9.9% of remote devices were patched in under 24 hours, compared with 17.9% of on-prem devices and 12.3% of cloud-hosted devices.

Factors influencing the ability to patch specific remote endpoints included having multiple or separate tools for patching, time needed to test new patches, remote employees inconsistently connecting back to the enterprise network for updates, and an inability to take systems offline for maintenance. Less frequently disclosed, yet no less important, impediments to patching included insufficient staff, a lack of coordination between security and IT teams, and a lack of automated patch management solutions.

Read more about endpoint management

  • Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both.
  • While the focus during the pandemic has been on getting employees connected so that they can work from home, proper endpoint management is key to enterprise data security.

A total of 34.1% of respondents strongly agreed with the statement that the process of managing endpoints – patching, reconfiguring and inventorising software for laptops and desktops – had become harder because of the shift to more employees operating remotely. Slightly more, 45.2%, somewhat agreed, and only 4.7% strongly disagreed.

“The fact that most organisations maintain several tools in-house to manage their endpoints already poses a challenge to IT operations,” said Automox. “The growing remote workforce has exacerbated and further complicated the situation as organisations have added more endpoints that are increasingly diverse and distributed with a continuous growing list of issues to remediate.”

Automox said it found evidence that many IT operations and security teams were now looking at new ways of taking back control, with many considering cloud-native approaches to endpoint management.

“Our new normal requires a new approach – automating remote IT operations capabilities using cloud-native approaches to enable real-time visibility and control over diverse, shifting IT environments,” said the report.

“Cloud-native is an on-demand, elastic, multi-tenant service, accessible anywhere from any device, and with usage that is measured and monitored.

“An agile native-cloud approach is different from all other on-premise, hybrid and cloud approaches because it offers quick deployment; requires zero maintenance; provides the scalability for organisations to evolve and grow without boundaries; and enables real-time visibility and control over diverse, shifting IT environments.”

Read more on Endpoint security