Microsoft Support Phone numberand the US National
Institute of Standards and Technology (NIST) have joined forces to create a
NIST guide for applying security patches in the enterprise sector.The two
organizations are now inviting other interested parties to provide input for
this new guide. The invitation is valid for vendors, companies, or lone
individuals alike.
The result of this work will be a NIST Special Publication
1800 practice guide that system administrators can follow to organize or
optimize a company's internal patching procedures.
ROOTED IN
THE 2017 RANSOMWARE OUTBREAKS
Work
on this joint Microsoft-NIST partnership began in 2018, as part of a project
named the Critical Cybersecurity Hygiene: Patching the Enterprise Project [PDF, NIST
homepage].
Microsoft Support Phone number played a crucial role in setting
it in motion. The company said it began looking into how companies patch their
computer fleets after the three ransomware outbreaks of 2017 -- namely
WannaCry, NotPetya,
and Bad Rabbit.
The OS maker said that many of the organizations that got
hit had failed to install patches, even if security updates were available.
This led Microsoft Support Phone numberto investigate why companies didn't
patch their systems.
"A
key part of this learning journey was to sit down and listen directly to our
customer's challenges," said Mark Simos,
Lead Cybersecurity Architect, Cybersecurity Solutions Group at Microsoft.
"Microsoft Support Phone numbervisited a significant
number of customers in person (several of which I personally joined) to share
what we learned [...] and to have some really frank and
open discussions to learn why organizations really aren't applying security
patches," the Microsoft Support Phone numberexec said.
COMPANIES APPROACHED PATCHING
DIFFERENTLY
These meetings revealed that organizations had very
different approaches to patching, and delays in applying security updates
occurred as a result.
One of the primary reasons invoked in these meetings was
that companies didn't have a patch testing procedure in place, and many were
delaying patches in order to make sure bugs or crashes wouldn't cause downtime
in production systems.
Furthermore, some companies also said they also didn't
know how fast they should be applying patches, leaving each to interpret and
assess the severity of security updates based on their own criteria.
NIST-APPROVED GUIDANCE NEEDED
As a result, Microsoft Support Phone numberconcluded that
an industry-wide standard was needed in order to regulate the patching process
in enterprise environments.
As part of their joint project, Microsoft Support Phone
numberand NIST said they plan to look at "how commercial and open source
tools can be used to aid with the most challenging aspects of patching general
IT systems, including system characterization and prioritization, patch
testing, and patch implementation tracking and verification."
There is no timeline for when this guide will be
finalized; however, it's very rare that a NIST guide has the backing of a major
industry player out of the gates, so things are expected to move along quite
quickly.
Comments
Post a Comment