Patch management is an essential administration task within today’s busy IT networks with the constant threat of new security bugs. Some companies will wait for an attack before taking necessary action to protect themselves from further threat whilst others consider patching as often as possible.
Patching networks consists of scanning machines for any missing patches and deploying those patches as soon as they become available. Using an automated patch management solution is the best way to avoid problems when a security threat/bug is issued from Microsoft on the first Tuesday of each month. Saving network bandwidth and being able to deploy patches from a remote source is also a major benefit to organisations today.
Determining what to patch and when is one of the most problematic issues facing enterprises. An expert panel at an Information Security Decisions conference in Chicago, USA said the ever-diminishing window of time between vulnerability’s announcement and an exploit’s release makes it crucial to analyze and patch the areas most likely to be attacked first.
One example of a security breach was the virus “Code Red” which infected over 250,000 systems within just nine hours of its discovery. The original CodeRed caused a Denial of Service (DoS) attack on the White House Web server. CodeRed II was different in that it allowed its creator to have full remote access to the Web server.
I always urge folks to rate the patches themselves. Patches are often rated arbitrarily. Ask yourself whether a ‘critical’ patch critical to your organization? Look at the risk involved. For example, a denial of service is ranked as a low-level threat by Microsoft, but could be critical to an online bank,” he said.
If a network is not patched in time before an attack occurs than the costs involved can be enormous. For example, the loss of production and sales and the cost to clean the incident up can be phenomenal.
Vetco Gray (formerly known as ABB Vetco Gray) are the world’s leading supplier of systems, products and services for on and offshore oil and gas drilling and production.
Like many other companies ABB (including Vetco Gray) were attacked by the Sasser worm and several variants of Beagle late last year which enforced Vetco Gray to think about the security within their network in the UK.
Beagle is a mass-mailing worm which primarily spreads through e-mail and will be independent of the “victim’s” e-mail client. The worm will also create a security hole, which is also known as a backdoor, on the “victim’s” machine. This backdoor component will allow a remote attacker to penetrate the machine.
Sasser is an Internet worm which spread through the MS04-011 (Lsass.exe) vulnerability. This worm affected machines which were running Windows XP or Windows 2000, machines which had not been patched against vulnerability or are connected to the internet without a firewall
Brian Sandison, Senior IT Applications Specialist for Vetco Gray, who is responsible for the Network File Server and all network software within the Aberdeen office says: “A product which allows me to decide which patches are more critical than others allows me to stay in control but taking away the time-consuming of patching manually is extremely important to Vetco Gray.”
Shavlik Technologies has the de-facto standard technology in the marketplace with many companies smoothly integrating Shavlik’s standard technology into their own. Companies such as Microsoft, NetIQ, Symantec, and BMC Software to name just a few.
Microsoft MBSA was developed for Microsoft by Shavlik. This is a tool which provides a method of identifying common security configuration errors. It contains graphical and command line interfaces that enable the user to scan local and remote Window’s systems. This runs on Windows 2000, Windows XP and Windows Server 2003 server-based systems.
Shavlik also collaborated with Microsoft to build additional technology. Examples include Network Access Protection (NAP), Microsoft Personal Security Advisor (MPSA) and HFNetChk, the patch management solution used by millions of security administrators worldwide.
Steve Francis, Database Assistant Administrator for E.On says, “Patch management can be an extremely time-consuming task and we needed to ensure that our servers were protected. In addition to Microsoft® SUS, the automated patch management solution from Shavlik double checks that patches are pushed out and applied successfully.”