Understanding Auto Patching in CYRISMA
Auto Patching is a newly introduced feature in CYRISMA that allows for automatic application of security patches for third-party applications detected as vulnerable. This feature enhances security by ensuring that vulnerabilities are addressed in a timely manner while minimizing manual intervention.
Written by Liam Downward
Updated at February 26th, 2025
- User Manual
- Agents
- The Cyber Risk Assessment Process
- API Documents
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- CYRISMA Change Log
- Support Ticket SLA
- Onboarding Framework
- PSA Integrations
- Billing Questions
- Self Onboarding Guide
Table of Contents
1. Enabling Auto Patching
To enable Auto Patching in CYRISMA:
Navigate to Admin > System Configuration.
Locate the Auto Patch Installation setting.
Toggle "Yes" to enable auto patching.
Specify the Auto Patch Installation Delay, which determines when the patches will be applied after a vulnerability is detected. The default delay is 72 hours, but this can be adjusted as needed.
2. Patch Application Process
Once a vulnerability is detected in a third-party application through a scan, CYRISMA will automatically queue the necessary patch.
The system will wait for the configured delay before applying the patch.
After the patch is installed, CYRISMA logs the update in the Patch History section for reference.
Key Features & Benefits
1. Automation for Efficiency
Reduces the need for manual patching by automatically applying necessary updates.
Ensures security vulnerabilities are addressed without user intervention.
2. Configurable Delay for Patch Installation
Users can set a delay (up to 72 hours) before a patch is applied to allow for internal testing or approval workflows.
3. Improved Security & Compliance
Keeps third-party applications up to date, reducing exposure to known vulnerabilities.
Helps organizations maintain compliance with security standards by automating patching processes.
Limitations & Considerations
1. Auto Patching Applies Only to Third-Party Applications
The feature does not cover Windows OS updates or custom applications outside of CYRISMA’s supported third-party patching system.
2. No Built-In Rollback Option
Once a patch is applied, there is no direct rollback feature in CYRISMA. If an issue arises due to an auto-applied patch, users will need to manually uninstall or revert changes.
3. Requires Active & Updated Scanning
Auto Patching relies on up-to-date scan results to determine which vulnerabilities require patches. Running regular vulnerability scans is essential for effective patch management.
Best Practices
Enable Auto Patching for Critical Applications: Ensure that high-risk third-party applications are covered under Auto Patching.
Monitor Patch History: Regularly review patch logs to track applied updates and ensure successful installations.
Test Before Deployment (If Needed): If concerned about patch compatibility, set a delay before patches are applied to allow time for testing in a controlled environment.
Stay Informed on Patch Releases: Check CYRISMA release notes and vendor updates for details on recent patches and any potential impacts.
Conclusion
Auto Patching in CYRISMA simplifies the patch management process, enhancing security by automatically addressing vulnerabilities in third-party applications. By enabling this feature and following best practices, organizations can ensure their systems remain protected while reducing the manual effort required for patch application.
For further assistance, refer to the Patch History section in CYRISMA or contact CYRISMA Support.