Remember the legend of the little Dutch boy who stuck his finger in the leaking dike and saved his village from flooding? In many ways, he has become a metaphor for modern application security practices. Organizations must continually apply patches to plug security holes that would otherwise allow hackers to access your IT systems.
The problem is that sooner or later you’re going to run out of fingers.
The ever-growing number of exploitable application flaws has led to a corresponding increase in the number of patches and updates issued by vendors. In 2016, Secunia Research recorded a total of 17,147 vulnerabilities in 2,136 products from 246 vendors. This flood of vulnerabilities is overwhelming IT departments that are struggling to find the time and resources needed to get the problem under control.
Roughly 85 percent of successful exploits involve unpatched machines, according to a recent alert from the U.S. Computer Emergency Readiness Team, a division of the Department of Homeland Security. In a recent study of 318 companies, the research firm Voke Media found that 82 percent of security breaches since 2015 occurred due to unapplied patches that had been available for up to a year.
Patch management is also essential to maintaining compliance with government and industry regulations. Many of these regulations impose substantial financial penalties for companies that do not meet minimum data security standards.
Most organizations are fully aware of the consequences of not patching. Unfortunately, the way they go about patching is outdated. Many still track patch status manually, fixing holes on the fly, but the complexity of networks and the sheer number of patches have rendered this approach ineffective. Also, some organizations mistakenly assume that applying Windows patches is sufficient, but most cyberattacks exploit Adobe, Java and other non-Windows software.
You can dramatically reduce your exposure to vulnerabilities by working with a trusted managed services provider such as Verteks. We automate the management process as much as possible to ensure patches are applied in a timely manner. More importantly, we work with you to develop a customized patch-management plan that meets your distinct business requirements. This includes a framework for prioritizing, testing and deploying patches.
While automated solutions are designed to rapidly identify vulnerabilities and apply patches, our experts understand the importance of testing patches in a development environment first. While you’d like to think that all patches are trustworthy, there are numerous examples of patches that fix one issue only to break another. It’s better to discover such issues in a test environment before going live, even it means a slight delay in implementation.
We’ll also help you prioritize patch deployment. Rather than rushing to install every patch that comes along, we can help you evaluate them according to their impact on the organization. For instance, a vulnerability in an e-commerce application should take priority over one in a platform that’s fairly well hidden from the Internet. If a high-priority vulnerability is identified, multilayered security software, which is located at the firewall as well as the lowest level of the network stack, can temporarily plug the hole until a permanent patch is installed.
The one strategy that definitely won’t work is to avoid patching systems altogether. Falling behind is more than just a security risk; it can have a negative impact on system performance and unnecessarily increase management costs. That’s why a managed services provider such as Verteks can be a valuable ally in the battle to hold back the rising tide of security threats.
