Patch Validation Automation: Removing time-lag to eliminate vulnerabilities

Updated: Dec 11, 2020

Use RPA to provide a single view of vulnerability, threat level, available exploits, remediation or workarounds for immediate decision-making based on severity and actions to be taken.

Although centralized sources of patch and vulnerability information such as the National Vulnerability Database (NVD) in the US exist, there is often a time-lag between information releases by software vendors and the inclusion of this information on the NVD. Furthermore, there is often additional information on vendor websites such as patch workarounds, availability of exploits, and known exploitations that is never available on the NVD. RPA can help to close this information gap by collecting patch information directly from vendor websites.

A security patch is a change applied to a software asset to correct a weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in that software. Currently, the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities is often performed manually, introducing a laborious, monotonous, and time-consuming process into the vulnerability management function. By automating the tasks of identifying and classifying security patches in real-time, the time-lag to eliminate vulnerabilities is removed.

The Bot in a Nutshell:

The software robot reviews patch websites (e.g. Microsoft Security Advisory, Cisco Security Bulletins, Oracle Critical Patch Updates, SAP Support Package Stacks etc.) to identify the latest patches and corresponding information on impact, severity, supercendences, affected products, description and more. These can be reconciled with an up-to-date Application Catalogue to highlight relevant patches for in-use software. The review would take place for each application on a predetermined frequency depending on frequency of patch-releases.

The robot would produce a report detailing the latest patches relevant for software used and highlight any critical patches by application. These can be automatically delivered to specified distribution lists to inform relevant software stakeholders, who may then organize the installation of the patches.

This results in obtaining security patch information quicker than what would be possible by replying on databases such as the NVD, and further having data above that included in the NVD such as:

  • Possible workarounds

  • Known methods of exploitation

  • Known exploitations that have occurred

Main Functions:

  • Automate aggregation of latest patch information from software developer websites

  • Reconcile patch information with the Application Catalogue to determine relevant patches

  • Produce and deliver patch reports to software stakeholders

  • Provide Threat Intelligence if patches can be linked to known vulnerabilities

High-Level Plan

Main Benefits:

  • Process reliability

  • Data quality

  • Smart data

  • Improved Security

Hands-On Considerations

Pain points targeted:

  • Need to manually check software developer websites for latest patch information

  • Need to reconcile new patch information with old patch information already collected

  • Need to determine which patches are critical and which are superseded

Challenges to expect:

  • Security bulletins are structured differently for different vendors

  • It will be harder to collect patch information for applications that are open source or from smaller vendors without well-maintained patch bulletins, websites etc.

What will the bot do?

To read more, find out our RPA use case on Data Extraction from Unstructured Sources