Linux Live Patching vs. Server Reboot Cycles: Pros and Cons - TuxCare
Live Patching Education, TuxCare Blog News

Linux Live Patching vs. Server Reboot Cycles: Pros and Cons

November 12, 2020

Ever heard of a pipe-freeze kit? A pipe-freeze kit forms a plug of ice inside a water pipe, allowing a plumber to make repairs without shutting off water.

Like water pipes, there are some things that you don’t want to shut down to fix.

Rebooting a system to install security updates and patches isn’t necessary, but it happens every day in the form of server reboot cycling. Conversely, live patching of an enterprise Linux system flash freezes central processing units (CPUs) to install patches automatically, taking nanoseconds to complete.

Huge Differences Exist Between Linux Live Patching And Server Reboot Cycles

Live patching is a subscription-based service where providers like Canonical and KernelCare Enterprise drive the entire patch-management process. A subscription of 500 licenses might cost over $10,000 per year. Server reboot cycling relies on a company’s internal people and resources, but that doesn’t mean it’s low cost. Studies show that it costs more than live patching. At a glance, the benefits of live patching are evident, but many companies still use server reboot cycling. Let’s explore the reasons why.

Advantages to Server Reboot Cycles

Large organizations equipped with redundant servers, configured load balancers, and bankrolled SLAs have the infrastructure and finances to ensure minimal disruption to their enterprise Linux operations.

Disadvantages of Server Reboot Cycles

There are many disadvantages to using server reboot cycling for patch management.

Critical windows of time are missed. A 2019 study conducted by Ponemon Institute shows that out of 3,000 IT and security professionals, 62 percent attribute a data breach to their enterprise’s failure to apply an available patch.

Staffing is also an issue. The study also revealed that only 36 percent feel their enterprise has enough staff to apply patches fast enough.

Negotiating downtime is complicated, frustrating, and requires untold hours of labor.

Finally, pushing components to 100 percent during the power-on self-test (POST) sequence can result in data loss and hardware failure, with startup time being the most problematic part of the Linux reboot process.

It’s Also Expensive

Despite the fact that server reboot cycles take advantage of internal people and resources, it adds significantly to the costs of running a secure enterprise.

Reboots disrupt revenue streams, especially on non-redundant systems. Employees’ overtime pay for nights and weekends increases costs even more. Repeated, requests for downtime erode IT’s political capital, as they are seen as demanding, negatively affecting approvals for other needs.

Formulas for calculating the annual cost of managing security vulnerabilities through patching, support evidence and case studies that show how as little as 10 patching cycles per year can run costs into the millions. Click here to learn more.

Understanding Linux Live Patching

Live patching is the process of deploying patches to a Linux kernel while the server is still running, updating it automatically. It’s rebootless and reduces patching tasks by as much as 60 percent.

A 2019 survey sponsored by ServiceNow shows that 70 percent of respondents believe automation is a critical step to improving their organization’s patch management, and 80 percent credit automation for their organization’s ability to respond to vulnerabilities in less time.

What It Is And What It Isn’t

Live patching ensures a seamless customer experience and enables continuous access to systems that support productivity, revenue, security, and compliance.

Kernel live patching reduces the risk of data loss, while downtime negotiations, irregular work schedules, and overtime pay go away. Anxiously waiting for the next cycle to patch a known vulnerability becomes a botheration of the past.

The live patching service provider tests patches on their own servers, in their own product security center, like KernelCare’s policy to run four tests on patches before releasing them to customers.

System-breaking changes and hardware fixes require downtime and reboots. These events are beyond the scope of live patching.

Linux Live Patching Is the Way to Go

Linux kernel live patching keeps systems secure without downtime from server reboots. Our KernelCare live patching services are designed to maximize service availability while offering protection from security vulnerabilities, like the infamous Heartbleed. Security updates are painless through the technology and support offered by KernelCare’s Enterprise Linux tools. So take the next step and talk to an expert today!

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

The Many Faces of...

Keeping your systems up to date can be done in...

November 28, 2022

Why Are Operational Technology Devices...

Gone are the days of Operational Technology (OT) being distinctly...

November 25, 2022

What is Linux Kernel Live...

Breakthroughs don’t often happen in cybersecurity, but when one does,...

November 23, 2022

Patching Instead of Upgrading Legacy...

Operational technology (OT) is equipment and computer software used for...

November 22, 2022

Live Patching vs Virtual...

There are many different ways to improve upon traditional patching,...

November 18, 2022

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching