News Stay informed about the latest enterprise technology news and product updates.

Spending on software patches is a tough sell

IT must create guidelines and promote awareness to ensure the success of a patching program, according to a speaker at the SecureWorld Expo.

MILLIS, Mass. -- When Paris Hilton's T-Mobile account was hacked recently, it was because a patch that had been available for months hadn't been deployed on a Web server, said Peter H. Gregory, chief security strategist with VantagePoint Security LLC, at SecureWorld

Do we test the patch or do we just push it out? There is not ample time to do both.

Peter H. Gregory, chief security strategist,

VantagePoint Security

Expo on Tuesday.

"The technology itself does not solve the problem," Gregory said. "The hackers have better software development processes than we do." They move more quickly, he said, leaving enterprises in a bind on how to formulate an effective and efficient patch management strategy.

The cost of applying patches across an enterprise can make the effort seem like a waste of resources. "They don't produce a result like building a new server produces results," Gregory said, so it can be hard to convince management to spend on preventative measures like patching. "Most of the software you're running on users' desktops costs less per year than patches," he said.

However, patches keep coming with each new version of a vendor's software. Last month, Microsoft released more than 60 security fixes, many that the software company considered critical.

How then can your enterprise ensure that it's maintaining its systems' integrity while staying on its toes to keep malicious code at bay?

Designing a patch strategy

Components of a patch management strategy include risk analysis, record keeping, testing procedures, change control processes, the use of scanning and deployment tools and management reporting.

"For some, having a patch management

For more information

Find more resources on the topic of patch management


Learning Center : Patch management

strategy means using a patch deployment tool," Gregory said. "This is only one piece of the big picture … centering your strategy around the focus of looking at vulnerabilities and patches and getting the patches out to the machines isn't enough anymore."

Gregory recommends examining your system and deciding if it is adequate for your IT shop's needs. The goal is to be proactive in preventing an attack, he said.

Instead of focusing solely on patches, enterprises also need to take a comprehensive look at security policies, security architecture and standards, incident response, perimeter defenses, "anti-everything-bad" and intrusion prevention strategies. Creating guidelines and promoting awareness can help smooth the patching process. Firewalls and intrusion prevention are "vital if you're going to be keeping your business safe," Gregory said.

Testing is also an important piece of the patch management puzzle.

"Do we test the patch or do we just push it out?" Gregory asked. "There is not ample time to do both." With exploits of some vulnerabilities being posted within ever-shrinking windows, testing can seem a luxury. "Quality requires more time," he said.

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.