https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Keyboard with risk mitigation key

How MSSPs Can Support Risk-Based Patch Management

  • Written by Ayesha Prakash
  • September 19, 2019
Tailor alerts to customers' needs for more effective patch management.
Flashpoint's Ayesha Prakash

Ayesha Prakash

The growing interest in managed security service providers (MSSPs) presents ample opportunity. But as I noted in March, providers must understand the cybersecurity challenges their customers face to succeed under an MSSP model. From an outsider’s perspective, understanding how to help customers navigate an ever-changing cyber threat landscape can feel like a daunting task. So today, let’s just focus on one area where customers are in continuous need of support: patch management.

BlueKeep: The Next EternalBlue?

In light of concerns over the BlueKeep vulnerability and two similar remote desktop protocol (RDP) vulnerabilities disclosed on Aug. 13, it’s more important than ever for MSSPs to recognize the critical importance of empowering customers with the tools they need to make effective patching decisions. BlueKeep (CVE-2019-0708) is a flaw in the Windows RDP protocol used by admins for remote administration. Many security researchers worry BlueKeep has the potential to echo the havoc wrought by a Microsoft SMB vulnerability targeted by the EternalBlue exploit.

EternalBlue was used in the large-scale WannaCry and NotPetya cyberattacks in 2017. A patch for the vulnerability exploited by WannaCry (CVE-2017-0144) was made available by Microsoft in March 2017, giving users nearly two months to install it before WannaCry made global headlines in May. And yet, WannaCry had an unprecedented impact, infecting roughly 200,000 computers across 150 countries and causing up to $4 billion in estimated damages. But EternalBlue didn’t make its biggest impact until six weeks later, when it was used in the NotPetya cyberattacks, which resulted in more than $10 billion in damages, leading some to call it the most devastating cyberattack of all time.

In their immediate aftermath, WannaCry and NotPetya sparked earnest conversations about patching frequency and the need for enterprise IT leaders to push cybersecurity as a more critical issue on the boardroom agenda.

But two years later, it seems this hard-earned lesson has been forgotten by many. Two days after the two-year anniversary of WannaCry, Microsoft patched the BlueKeep vulnerability and even issued a follow-up reminder two weeks later, emphasizing the potential impact of failing to patch the vulnerability. Despite these warnings, companies have been markedly slow to patch BlueKeep, and the release of a commercial exploit to the customers of a U.S.-based security assessment and penetration-testing company last month reignited concerns that it may only be a matter of time before an exploit becomes widely available to cybercriminals.

Why High-Risk Vulnerabilities Go Unpatched

Based on the scenario I’ve laid out, you may be perplexed as to why so companies are failing to patch BlueKeep. However, we must acknowledge the inherent challenges and complexities associated with patch management. Administering security patches is a time- and resource-intensive process that requires rigorous compatibility testing before fixes are distributed enterprisewide. But with hundreds of Common Vulnerabilities and Exposures (CVE) numbers assigned in a typical month, IT security teams are forced to prioritize which vulnerabilities are most critical to their businesses, and test and apply those patches first. A critical vulnerability to one company could just as easily be …

  • Page 1
  • Page 2
Tags: MSPs MSSP Insider Network

Related


  • Threats
    Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now
    “Look no further than the headlines,” says one vendor. “You owe it to your customers,” says another.
  • Spam
    Kaspersky Research: Russia Now No. 1 Global Source of Spam
    The most frequent targets of phishing attacks were online stores.
  • Cybersecurity Roundup
    Law Firm Cyberattack Exposes Tens of Thousands of Patient Records
    Cybercriminals prefer to target entities like law firms because of the enterprise data they possess.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cowbell Cyber Debuts Partner Program to Manage Cyber Risk
  • Blame IT Pros for Data Privacy Failures?
  • MSSPs, Beware: Threat Analysis Group Warns of North Korean Social Engineering
  • Financial Sector Cyberattacks Rising with Bad Actors Raking in the Dough

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 17, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Ready To Add Cutting Edge IoT Solutions To Your Portfolio?

  • 1
February 25, 2021

What Is The Value Of Distribution For The Internet Of Things?

February 25, 2021

The Internet of Things (IoT): Where do You Begin?

  • 1
February 25, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Amazon WorkSpaces @awscloud DaaS client will be available on @IGEL_Technology virtual endpoint client OS.… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

.@VMware cutting more workers in California as part of ongoing #workforcerebalancing. #layoffs… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

#CPVirtual is March 2-4. It’s the hottest ticket in town — any town, since it’s 100% online — so make sure you have… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

.@datto, @ThreatLocker partner to streamline #MSP secure business operations. dlvr.it/RtYvJK https://t.co/nKGnwbblNO

February 26, 2021
ChannelFutures

Infographic: Why Partner with Sierra Wireless and GetWireless? dlvr.it/RtYh1m https://t.co/KcBFzXIx7l

February 26, 2021
ChannelFutures

Infographic: The Sierra Wireless Essential Series dlvr.it/RtYgxv https://t.co/CatxbRHzXr

February 26, 2021
ChannelFutures

#Threatprotection is no small matter for #MSSPs. Find out what vendors say you have to do this year to protect your… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

Cloud strategies and cybersecurity are key, and #COVID19 will have more impact than #Brexit on U.K. channel, says… twitter.com/i/web/status/1…

February 26, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X