Patch Management

In an organization’s IT environment, no application is not protected from risks posed by inadequate software patch management. Editors (Microsoft, SAP…) provide security updates because new vulnerabilities are regularly discovered. Once patches are published by editors, these vulnerabilities become public and their use by malicious actors is possible on unpatched systems.

Several studies performed over the last three years have revealed that there is a strong trend towards the malicious use of public vulnerabilities in ERP applications (e.g. SAP). This sensitive subject is fundamental for the cybersecurity of the company because it directly affects sensitive data and operational activities can be strongly impacted.

«  Eighty-nine percent of IT security professionals expect the number of cyberattacks against ERP systems to increase – 30% of them expect a significant increase»

Cybersecurity Trends 2017 Spotlight Report, Crowd Research Partners

The increasing complexity of applications and the constant evolution of ERPs generate several problems that companies must respond to:

  • The variety of technologies used in ERPs makes the management of updates complex,

  • The volume of patches to be deployed is significant resulting in time-consuming deployment and testing activities,

  • The potential performance problems and risks of unavailability linked to bad deployment makes management delicate.

Faced with the problems mentioned above, many companies ignore patches in order to maintain high operational availability: this choice can have serious consequences, as several recent cases have shown.

To mitigate risks of cyber attacks, every organization needs a complete, reliable and cost-effective patch management process to ensure the stability and security of the ERP environment. SAP and other editors provide software solutions to simplify this management. With a good knowledge of SAP systems, ArtimIS can assist you in this area, in particular by implementing a patch management strategy that includes the following steps:

  • Plan the time of the process,

  • Establish an up-to-date inventory of all production systems,

  • Standardize systems to accelerate remediation processes,

  • List and analyse the security controls present in the environment,

  • Scan for vulnerabilities and classify risks with vulnerability management tools,

  • Test & Deploy.