Article

Patch management is a shared burden, research finds

Jack Loftus, News Writer

A new age of worms and malicious virus attacks has the patch management software market moving at a feverish pace, but new research from the Burton Group cautions that the patch is by no means a be-all,

    Requires Free Membership to View

end-all "magic pill" for enterprise security.

In the report, analyst Trent Henry said that the Midvale, Utah-based research firm found that some independent software vendors (ISVs) not only create software that needs to be patched, they routinely create patches that need to be patched themselves -- or the patches cause other systems to crash.

In some instances, Henry said, vendors "quietly" issue patches that a customer could miss if they are not constantly doing

… it's kind of a race to see who can move first -- what's going to be first, the worm or the patch?


Trent Henry, analyst,

Burton Group,
updates or watching for announcements.

Even with a successful deployment, the best patch solves only 50% to 75% of the problem, leaving a sizeable chunk that a patch cannot fix, Henry said. One example is a denial of service (DoS) attack, which has nothing to do with how a network is patched, because it simply floods a site with more requests than the data buffers were programmed to handle.

Further complicating matters is the fact that patches are issued to fix problems with infrastructure, giving both the enterprise and "the bad guys" access to information about a security issue at the same time, Henry said. Hackers can then pick apart the patch for underlying flaws to exploit.

"Then it's kind of a race to see who can move first -- what's going to be first, the worm or the patch?" Henry said.

The alternative is disaster

Despite its limitations, patching must be done. It may be costly for an enterprise to patch thousands of workstations, Henry said, but it is not nearly as costly as having them compromised by an attack.

Henry said Burton Group advises companies to deploy a patch in a test environment first before rolling it out across the network.

"Today, patching is still a very manual process. … We advise organizations to establish a "test bed" network so they can understand what impact path it can have," he said. "At

For more information

Read about how to make patching less of a grind

 

See why one software maker thinks manual patching doesn't work

the same time, the enterprise should persuade vendors to add automated capabilities -- images of systems -- to see if the patch works."

Smaller companies are also advised to implement automated patch management software because it is too easy to miss a patch when doing manual updates or relying solely on Microsoft and its Windows Update. The result is that a company could become an infected network or a carrier of malicious code.

Burton Group also sees a strong burden on patch management vendors if they hope to remain strong in the market over the next 12 to 18 months. Henry outlined "tough requirements" of such vendors, including capabilities for cross-platform support, patch vetting and distribution, resilient target ID, directory integration, continuous assessment testing, recovery, scalability, quarantine and reporting.

Patching not a problem for some

BayRing Communications, a telecommunications company based in Portsmouth, N.H., is one company that has had success with patch management software.

Martha Jo McCarthy, a network administrator, said her company has been using Ecora Software Corp.'s Patch Manager application for the past two months, and she has been impressed with the results.

"We bought it, and the first time I used [Patch Manager], it literally did in one hour what typically takes three full-time days," she said.

McCarthy said that BayRing went with Ecora, which is also based in Portsmouth, because its offering addressed the critical task of updating patches for its network with an "all-inclusive" package.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: