Linux Live Patching vs. Server Reboot Cycles: Pros and Cons - TuxCare

Linux Live Patching vs. Server Reboot Cycles: Pros and Cons

Linux Live Patching Expert Team

November 12, 2020

difference between live patching and manual patching, linux live patching, Live Patching, manual security patching, server reboots

Ever heard of a pipe-freeze kit? A pipe-freeze kit forms a plug of ice inside a water pipe, allowing a plumber to make repairs without shutting off water.

Like water pipes, there are some things that you don’t want to shut down to fix.

Rebooting a system to install security updates and patches isn’t necessary, but it happens every day in the form of server reboot cycling. Conversely, live patching of an enterprise Linux system flash freezes central processing units (CPUs) to install patches automatically, taking nanoseconds to complete.

Huge Differences Exist Between Linux Live Patching And Server Reboot Cycles

Live patching is a subscription-based service where providers like Canonical and KernelCare Enterprise drive the entire patch-management process. A subscription of 500 licenses might cost over $10,000 per year. Server reboot cycling relies on a company’s internal people and resources, but that doesn’t mean it’s low cost. Studies show that it costs more than live patching. At a glance, the benefits of live patching are evident, but many companies still use server reboot cycling. Let’s explore the reasons why.

Advantages to Server Reboot Cycles

Large organizations equipped with redundant servers, configured load balancers, and bankrolled SLAs have the infrastructure and finances to ensure minimal disruption to their enterprise Linux operations.

Disadvantages of Server Reboot Cycles

There are many disadvantages to using server reboot cycling for patch management.

Critical windows of time are missed. A 2019 study conducted by Ponemon Institute shows that out of 3,000 IT and security professionals, 62 percent attribute a data breach to their enterprise’s failure to apply an available patch.

Staffing is also an issue. The study also revealed that only 36 percent feel their enterprise has enough staff to apply patches fast enough.

Negotiating downtime is complicated, frustrating, and requires untold hours of labor.

Finally, pushing components to 100 percent during the power-on self-test (POST) sequence can result in data loss and hardware failure, with startup time being the most problematic part of the Linux reboot process.

It’s Also Expensive

Despite the fact that server reboot cycles take advantage of internal people and resources, it adds significantly to the costs of running a secure enterprise.

Reboots disrupt revenue streams, especially on non-redundant systems. Employees’ overtime pay for nights and weekends increases costs even more. Repeated, requests for downtime erode IT’s political capital, as they are seen as demanding, negatively affecting approvals for other needs.

Formulas for calculating the annual cost of managing security vulnerabilities through patching, support evidence and case studies that show how as little as 10 patching cycles per year can run costs into the millions. Click here to learn more.

Understanding Linux Live Patching

Live patching is the process of deploying patches to a Linux kernel while the server is still running, updating it automatically. It’s rebootless and reduces patching tasks by as much as 60 percent.

A 2019 survey sponsored by ServiceNow shows that 70 percent of respondents believe automation is a critical step to improving their organization’s patch management, and 80 percent credit automation for their organization’s ability to respond to vulnerabilities in less time.

What It Is And What It Isn’t

Live patching ensures a seamless customer experience and enables continuous access to systems that support productivity, revenue, security, and compliance.

Kernel live patching reduces the risk of data loss, while downtime negotiations, irregular work schedules, and overtime pay go away. Anxiously waiting for the next cycle to patch a known vulnerability becomes a botheration of the past.

The live patching service provider tests patches on their own servers, in their own product security center, like KernelCare’s policy to run four tests on patches before releasing them to customers.

System-breaking changes and hardware fixes require downtime and reboots. These events are beyond the scope of live patching.

Linux Live Patching Is the Way to Go

Linux kernel live patching keeps systems secure without downtime from server reboots. Our KernelCare live patching services are designed to maximize service availability while offering protection from security vulnerabilities, like the infamous Heartbleed. Security updates are painless through the technology and support offered by KernelCare’s Enterprise Linux tools. So take the next step and talk to an expert today!

FOLLOW @TuxCare

Check out this podcast discussing how one "security researcher" uploaded malicious files posing as new versions of popular #Python & #PHP libraries & what that could mean for your organization. 

https://bit.ly/39wCxnP

#TuxCare #CyberSecurity #SysAdmin #CISO #Compliance

Cybercriminals are more likely than ever to target social media users to make money or steal personal information. Here are eight phishing techniques used to target social media users & prevention steps.

https://bit.ly/3vSJB68

#TuxCare #Linux #PhishingAttack #CyberSecurity

A #cyberattack that succeeds can have catastrophic effects. This type of risk demands an insurance scheme. Today, cyber insurance policies include a clause that will not pay out if the attack & resulting damage were the results of warfare.

https://bit.ly/3bQjc25

#TuxCare

Load More

Like what you're reading?
Get Important Content In Your Inbox.

Tell us your challenges and our experts will help you find the best approach to address them with the TuxCare product line.

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching