- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Even the best automated patching system is only one facet of an enterprise security strategy. Even if your organization has an effective patch management process in place, it doesn't mean that you're vulnerability-free. There is always a lag between when a vulnerability is first discovered and when the patch is released. Moreover, once the patch is released, yet another lag exists while an organization tests and rolls out the patch.
This being the case, many security vendors on the patch management periphery argue that patching must work in concert with other defense mechanisms, such as vulnerability scanners and intrusion-prevention systems (IPS).
"A patch cycle across a large enterprise can take several months," says Andre Yee, president and CEO of NFR Security, an IPS provider. "Automation eases this, but a big part of patching is still the procedures involved in evaluating your network inventory, applying the patch, and then verifying that the patching has been successful."
Zero-day attacks are the most obvious pitfall of relying too heavily on patching, but as security companies further automate patching, so too do hackers automate their attacks - thus creating a kind of arms race.
Many of these new attacks are self-propagating. Sobig, for instance, had a built-in SMTP engine. "I never want to be quoted as arguing against patching," Yee says. "It is necessary but insufficient. What is needed is some sort of real-time threat prevention."
For certain industry sectors, such as healthcare and financials, there is also a greater need for testing before patching. "Today's patching problems extend way beyond patch availability," says Joseph Cooper, chairman and CEO of Digital Defense, a provider of network vulnerability tools. "We all know that eventually patches will be made available, but what if you can't utilize them? What if the patch your IT department installs takes down your entire online banking system or, even worse, the only MRI machine available at your local hospital?"
IT managers have to make tough choices when it comes to patching business-critical applications, but in the end, it's all about managing risk. Patching reduces risk but not to zero.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment