Automated Patching – Easy Approach To Security

By | December 15, 2005

Patch management is an essential administration task within today´s busy IT networks with the constant threat of new security bugs. Some companies will wait for an attack before taking necessary action to protect themselves from further threat whilst others consider patching as often as possible.

Patching networks consists of scanning machines for any missing patches and deploying those patches as soon as they become available. Using an automated patch management solution is the best way to avoid problems when a security threat/bug is issued from Microsoft on the first Tuesday of each month. Saving network bandwidth and being able to deploy patches from a remote source is also a major benefit to organisations today.

Determining what to patch and when is one of the most problematic issues facing businesses. An expert panel at an Information Security Decisions conference in Chicago, US said the ever-diminishing window of time between vulnerability´s announcement and an exploit´s release makes it crucial to analyse and patch the areas most likely to be attacked first.

One example of a security breach was the virus ´Code Red´ which infected over 250,000 systems within just nine hours of its discovery. The original CodeRed caused a Denial of Service (DoS) attack on the White House Web server. CodeRed II was different in that it allowed its creator to have full remote access to the Web server.

I always urge folks to rate the patches themselves. Patches are often rated arbitrarily. Ask yourself whether a ´critical´ patch critical to your organisation? Look at the risk involved. For example, a DoS is ranked as a low-level threat by Microsoft, but could be critical to an online bank.

If a network is not patched in time before an attack occurs, then the costs involved can be enormous. For example, the loss of production and sales and the cost to clean the incident up can be phenomenal.

Patch management can be an extremely time-consuming task and you need to ensure that your servers are protected. A product that allows you to decide which patches are more critical than others and allows you to stay in control but takes away the time-consuming of patching manually is extremely important.

Good tools provide a method of identifying common security configuration errors, and contain graphical and command line interfaces that enable you to scan local and remote systems.

Leave a Reply