Automated Patch Management
by Rick Greenwood - CTO of Shavlik Technologies - Friday, 28 April 2006.
It’s nearly impossible to escape computer-based information in today’s high-tech society. From doctors’ offices to hardware stores, organizations and companies of all sizes record, track and transmit data electronically – making it an integral part of daily business and commerce. But with this increased dependency comes greater risk. Security failures, information exposure and privacy invasion is far greater in today’s electronic-based world. The risk of insecure data not only concerns consumers – who are wary of fraud, identity theft and privacy – but greatly concerns businesses, which can be held liable for information that is unintentionally exposed, despite a firm’s best efforts to protect such data.

Instant access

Unlike paper-based storage, which requires physical access to compromise, today’s electronic files are virtually accessible anywhere in the world. Security vulnerabilities in software applications, electronic files or computer operating systems can be quickly exploited to inflict serious damage: accessing private or secure data; stealing passwords or identities; performing unauthorized financial transactions; examining personal health records; or capturing sensitive network data.

The majority of software vulnerabilities today are found in Microsoft-based products – primarily because they are the most widely used software on the planet. And while Microsoft releases more than just vulnerability fixes on Patch Day – also providing software updates that add new features to existing products – the security patches almost always grab the most attention, because they expose what are dangerous weaknesses in widely used software products.

Patch and go

So what’s all the fuss? Just install the security patches and you’re safe, right? Unfortunately, no. As IT professionals will attest, it can be extremely difficult to test and apply the necessary patches to every vulnerable computer within an enterprise before exploits become public. Compounding the matter, some patches can actually interfere with, or “break” existing software applications, adding to the time it takes to determine which patches can be applied and which need to be tested within a given organization’s network.

Moreover, many still handle patch management manually, physically going to every computer on the network to download and install patches. For enterprises with hundreds or thousands of PCs, including mobile workers and remote offices, manually applying patches has proven to be an impossible task. As a result, network administrators fall behind, and critical patches often aren’t applied as quickly as needed.

No time to lose

Moments after the news of a new patch release, malware-writers start identifying security vulnerabilities and writing code to take advantage of flaws. For example, the patches for the RPC/DCOM flaws were released just 20 days prior to the onslaught of the Blaster worm attack in 2003.

But even a short 20 days can seem long when compared to today’s zero-day exploits. The disclosure of the Windows Metafile (WMF) flaws in December 2005 immediately led to the discovery of over 80 active exploits. By the time Microsoft released a patch ten days later, enterprises were already at high risk of infection and there was no time to spare in getting the necessary patches in place.

What’s a company to do?


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th