Patching Security Vulnerabilities

There’s always a layer of details that differentiates between easy and simple. BackBox enhances network security by making network software upgrades for patching security vulnerabilities accessible and straightforward. Let me first illustrate the difference between easy and simple with an example that most people can grasp.

Just File a Claim

The U.S. healthcare system includes a layer between ‘care providers’ and patients—the ‘payor.’ When a patient with insurance visits a provider, a claim is submitted to the payor (insurance company), who then processes the claim and remits a payment to the care provider. Simple.

The patient visits the doctor, pays their portion of the appointment (in the form of a co-pay or deductible), and the care provider files a claim with the insurance company for reimbursement of the remaining charges. It’s straightforward, but it’s not very straightforward at all.

Because I manage the care and finances for my family, I track the medical expenses for multiple people. I keep track of the appointments, which appointments qualify for different levels of coverage, what co-pays are required, and when we have met our deductibles.

We may choose to see a provider not in the insurance company’s network. There may be a procedure that the insurance company does not cover completely. We may choose a specialist or seek alternative care that is either not covered or paid at a different rate.

I also need to track the status and completion of claims and monitor if a provider or facility requires additional payment. If a claim is not completely covered, I can request reimbursement from our medical savings account. I also track which over-the-counter medications we buy because, even though that is not an insurance issue, I can use our medical savings account for those, too. Based on all of these moving parts, I may make decisions regarding my care and that of my family.

So, it seems like making an appointment for medical care is simple. It’s anything but simple.

Just Make the Fix, Wait for the Patch, Then Patch the Vulnerability

Let’s apply this approach to addressing security vulnerabilities. If you’re one step removed from these patches, it can be challenging to recall how complex they are, even when they seem straightforward.

Patching vulnerabilities is critical and time-sensitive. Automating it is one of the top things teams can do to improve security. What does it take to patch? Is it simple? Let’s walk through it.

First, a vendor announces a vulnerability and “mitigating configurations” to protect the network until a patch is available. The ‘mitigating configurations’ are straightforward to apply; however, 40 firewalls from various vendors are located in different time zones, not all running the same version of the device OS and supporting a range of business applications.

It’s important to note that each device requires two touches—once to mitigate and a second time to patch. In theory, there are maintenance windows during which you’ll conduct a vulnerability assessment. If you discover any vulnerabilities, that maintenance window might become irrelevant.

Patching Security Vulnerabilities: Need to Automate

You need to automate the steps taken to mitigate and then update so that you can handle the other tasks, such as scheduling, vulnerability assessment, and testing, in collaboration with the rest of the organization. You also need to automate for speed and efficiency because a lot of activity happens in the above-mentioned steps.

Want to make a device change? You will want to backup first. Then, do some pre-checks. HA, pair? Maybe do pre-checks on both devices to know you’re good to go. Then, start on one. Make the changes, and it’s time for post-checks. Did it work? Is it ready to take the failover? How about another backup to have the new configuration backed up and validated? Didn’t work? BackBox’s one-click pre-validated restore takes all the worry out of restoring from backup.

Once you have backed up and configured the secondary device to your preference, with pre- and post-backups, and confirmed its functionality, you can initiate a failover. This ensures it operates correctly. After confirmation, the entire process from above is replicated on the second machine, and this continues through all devices in the cluster until you are satisfied.

Each step is as hard as they are, but not insurmountable. People are skilled. They’re good at solving the problems of figuring out how to do these right. But equally, computers are much better than humans at doing repeatable tasks efficiently. Remember, each step must be done twice—once for the ‘configuration remediation’ and again for the ‘patch update’ with the permanent fix.

Security Vulnerability Patching with BackBox Automation

With BackBox, our team of support experts helps customers create the necessary automations, which can then be modified to suit customers’ needs. Out-of-the-box upgrades are available to HA clusters directly to Palo Alto devices or through Palo Alto Panorama. The same, of course, goes for other vendors—180+ other vendors, to be specific.

With BackBox’s network cyber resilience platform, your network will be protected more quickly than if done manually, causing less disruption. Additionally, your team can manage this effort more efficiently, allowing them to be better partners to those who rely on the network services and protection these devices provide.

It’s also quick to get started. So, what’s keeping you from learning more? Let’s schedule a custom demo soon.