Patch Management, Now More than Ever

As the time lag between news of a new vulnerability and hackers' ability to exploit it shrinks, patch management becomes a more vital tool for enterprises.

InformationWeek's look at five products begins by saying that the two main factors to consider when making a deployment decision are the number of operating systems supported and whether or not the product uses agents.

The site's lab looked at BigFix, Kasya, LANDesk, Lumension and Shavlik. The lab used a five-level scoring system on eight criteria (integration, strength, efficiency, ability to determine what needs patching, rollout ease, flexibility, breadth and price). Lumension and BigFix made the short list, while the Editor's Choice went to LANDesk. The story includes capsule descriptions of each of the five products.

The importance of patch management is destined to grow. This MyITForum post says that a new technique has been developed that could lead to big problems. Researchers found a way to scan patched and unpatched software versions in such a way that the comparison could be used to create an exploit. This process, the writer says, could be used by hackers to find previously unknown vulnerabilities or to mount an attack against unpatched versions of the software that are still in use. The bottom line is that the creation of exploits is becoming increasingly automated.

Patching is but one tool in the fight against hackers. This Processor piece, which is aimed at small and medium size enterprises (SMEs), also says that the patch window -- the time between when a vulnerability is uncovered and when hackers seek to take advantage of it -- is shrinking. Quick patching certainly is one alternative, but the piece points out a number of problems with the patches themselves. A sidebar to the story says that one alternative is automatic updating of the of the security system. This undated piece by Jonathan Coupal at consultancy ITX provides a good overview of how to go about patch management. The first step, the writer says, is to carefully assess the current environment. The next step is to identify, evaluate and plan. A test deployment is next and, once that's complete, the real deployment -- complete with adequate reporting -- can take place. These generic steps, of course, are similar in many different deployments. They may even be more vital in the case of patch management, which is an endeavor that can quickly get out of hand.

A Red Light Security blogger makes the point that patch management becomes more complex and perhaps even more vital in a virtualized world. The writer says the ability to move virtual machines to other physical hosts means that outdated software may be exported and attacked elsewhere. The writer provides five tips for virtualized patch management. He advocates keeping the host OS patched and hardened; activating virtual machine security; scanning regularly for vulnerabilities; establishing policies, standards and procedures, and watching for useful third-party products.