It’s a new year, and now is an excellent time to ensure patching regimens are current. One example of this is live patching. This is being used more often these days as it can help businesses mitigate threats without shutting down systems. “Live patching is a game-changer,” says Ted Collins, a cybersecurity consultant in Phoenix.
For those late to the game, live patching is an evolving cybersecurity technique that allows security patches to be applied to running systems without restarting them. It’s been around for a while, but it’s becoming more widely adopted. Linux has led the way, and Microsoft, Oracle, and others are jumping on, but the technique is currently only available for some systems.
Why is live patching such an appealing option?
“It’s a bit like patching a tire on a car while it’s still moving,” Collins explains. “If you are repairing a flat the traditional way, you have a stopped car, a jack, and lug nut removal, and it is very disruptive because the car can’t move. Patching in cybersecurity is no different; the downtime is disruptive, but live patching stops that.”
Live patching eliminates downtime and disruption, which are significant drawbacks of traditional patching methods. Collins says that once a vulnerability is identified, a patch is developed by the software vendor that fixes the vulnerability. A live patching tool can be installed on the system, and the device will analyze the vulnerable components. The patch is then injected into the running system without restarting it, and the system is secure.
“Traditional patching often requires restarting systems, which can lead to hours of downtime and lost productivity. Live patching keeps systems up and running,” Collins adds. “Hours down may not seem like a lot, but it can be life or death in some businesses.” Healthcare, education, and the financial services industries are finding it to be highly valuable.
Another advantage of this tool is that security patches can be applied as soon as they become available. “This minimizes the vulnerability window,” Collins says. It can be especially valuable on IoT systems that have notoriously weak security while also needing to be running continuously, whether it’s a medical device that can’t be turned off or a security camera scanning a vulnerable perimeter.
MSPs can reduce time and energy
Manual patching can be a time swamp for MSPs, Collins points out. If MSPs can be relieved of some of the patching duties, they can deploy resources to other more mission-critical tasks. “Live patching reduces the burden on IT staff, which are already in short supply. It’s so simple that sometimes, in-house staff can do it,” he adds.
While live patching is revolutionary, it’s not a panacea, at least not yet; not all software supports it. However, Collins expects it to become more and more common.
Increased government regulations worldwide are getting more and more stringent about cracking down on cybersecurity breaches, and live patching could help companies stay ahead. “It will be much easier and faster for organizations to comply if they are able to fix vulnerabilities in real-time,” he advises.
Live patching has been around for a while but has often been expensive and cumbersome to deploy. A study by two researchers at the University of Adger in Norway concluded in 2022 that current technology made some live patching tools cumbersome and expensive but that products like Oracles Ksplice have simplified the process:
“Ksplice is designed to implement and deploy smaller and not complicated security updates to a system. This is a good example of a business decision that does not require extensive use of resources or budget other than some employee training. And will increase the security of the business and the focus of security employees can be allocated on other things and improving the security further,” the study says.
Collins explains the trend is towards simpler, easier-to-operate live patching. Newer tools offer clear dashboards to track patch status and system health.
“So, you know immediately that the patch has been applied, immediacy is the underpinning of live patching,” he says. And if there are issues that arise they can usually be resolved quickly, along with detailed logs and support resources.
“If you are using a live patch, another way to ensure it all is seamless is to apply during an off-peak time, after business hours, and that should further mitigate any patching problems,” Collins adds.
In fact, he says, this may emerge as one of the biggest cybersecurity trends of 2024!
Photo: cosma / Shutterstock
