Patch Management Best Way to Fight Damaging Viruses

Protecting your computer system and edata center against damaging viruses often requires a quick application of available "patches," argues a new white paper.

In the case of many notable viruses -- the 2003 Slammer worm and the 2004 Sasser worm among them -- patches to block their harmful effects existed in advance. "Unfortunately, most organizations around the world had not proactively patched their systems and were therefore unable to respond effectively to these rapidly spreading attacks," says the Opsware white paper titled "Ensuring Security and Compliance Through Automated Patch Management."

The Computer Emergency Response Team Coordination Center (CERTCC) estimates that 95 percent of intrusions have resulted from the exploitation of known vulnerabilities or configuration errors for which countermeasures such as patches were readily available.

Part of the problem is that, until a few years ago, "patching was considered a low-priority system administration activity," the white paper suggests. "As a result, investments in this area were relegated to the bottom of any strategic IT investments list."

Another Look at Patches

But the growing number and complexity of computer system threats is forcing companies to look again at patches as an important tool to help them respond quickly, decisively and efficiently when a new virus is lurking nearby, the white paper says.

In addition to making patch management a higher priority within the organization, companies need to understand the fundamental challenges they face when developing a patch management program. Those include:

Lack of a holistic view into the IT environment. Most organizations have many servers spread across multiple data centers and remote locations. Without a holistic view into this highly dynamic environment, it is difficult to prioritize patching activities. For example: If Microsoft were to release a hot-fix patch tomorrow, is your firm ready to quickly identify all affected servers across your infrastructure and then prioritize the patching across those servers?; Point tools create information disparity. Most IT departments lack a unified tool that can patch systems across various platform flavors (combination of compiler type, 32 or 64-bit libraries, whether enabled or not). Most point tools provide limited platform support and force the company to acquire several such patching tools. The result: companies are forced to have multiple copies of these point tools in each of their data centers, which increases information disparity and diffusion; Organizational silos make information-sharing challenging. Most IT organizations maintain distinct teams for the provisioning of new servers and the ongoing management of existing servers. The result: even though one group in the organization may be working hard to patch a known threat, another group could accidentally be reintroducing those very threats into the same computer system environment; and What you can't measure, you can't manage. Just as FDA officials tell pharma and device companies that "if it isn't documented, it didn't happen," IT departments face a huge challenge in their ability to periodically audit systems on demand. Without the ability to audit in that way, companies simply cannot assess whether they are consistently compliant with their patch policies.

For more information or to order the full white paper, go to http://www.opsware.com (http://www.opsware.com). -- Michael Causey