Evolving Your Patch Management Technology to Proactively Combat Security Challenges

Patch Management 2.0: Evolving Your Patch Management Technology to Proactively Combat Security Challenges

www.lumension.com
© Copyright 2008, Lumension Security

Patch Management 2.0: Evolving Your Patch Management Technology to Proactively Combat Security Challenges

Overview The realities of security and compliance have changed considerably since patch management faced its first big paradigm shift some years ago. At that time many organizations wrestled with the transition from manual patching and remediation to an automated process. Of course, nothing in security is ever static, so it is no surprise that patch management has continued to evolve since then. Though still automated, today's best patch management tools and techniques are significantly different from their predecessors. In this whitepaper, Lumension Security's Matt Mosher, Senior Vice President of the Americas, gives an historical perspective on how this evolution unfolded and why it is important for organizations to evolve their patch management technology in order to remain on top of increasing security attacks.
Changing Patch Landscape When standalone patch management was first introduced, most organizations were primarily concerned with patching the operating system layer-and the majority of those concerns were directed toward the Microsoft Windows environment. This focus was simply a byproduct of IT security's status at the time. Attackers buffeted machines with assaults that targeted the Windows vulnerabilities that cropped up each day. These bad guys were aware that even those vulnerabilities with readily-available fixes were consistently left un-patched. Organizations couldn't keep up with the volume of vulnerabilities hitting the Windows platform with a manual patching process. It was even tougher for heterogeneous IT environments that were distributed across multiple disparate locations.
Then patch automation came along and helped organizations close the time gap between patch availability and patch deployment. In addition, Microsoft made a commitment to improve the quality of its patches for the Windows operating system. While both of these factors could be considered successes, in some ways the risk was merely shifted elsewhere.
Once the wily hackers found resistance at the operating system, they began looking for lower-hanging fruit. Today, the path of least resistance for malicious intrusion is found by attacking alternate Linux and UNIX operating systems, taking advantage of system mis-configurations and targeting numerous vulnerabilities found at the application layer. Particularly popular among hackers these days are the vulnerability-ridden Web 2.0 applications that many organizations churn out with more regard for functionality and deployment speed than security.
All of these factors pose serious elements of risk that the original standalone patch management or the vendor's native patch solutions just can't handle. The un-evolved patch management tool doesn't help organizations get a handle on application patching, particularly in the case of the dynamic Web 2.0 infrastructure and of legacy systems. Additionally, the basic patch management solution has limited capabilities for automatically updating cross-platform IT environments - especially the Linux and UNIX platforms. Even today, many organizations still patch UNIX machines manually because of these limitations.
These factors can contribute to a lot of strain on businesses coping with increased compliance pressures. Trying to manage disparate methodologies for patching different elements of a heterogeneous environment is not only cumbersome and impractical, but it often doesn't meet the reporting requirements set out by regulatory guidelines. Businesses need simplified processes that can easily be documented and reported for regulatory auditors. The less streamlined the
© Copyright 2008, Lumension Security 1
Patch Management 2.0: Evolving Your Patch Management Technology to Proactively Combat Security Challenges
patching process is, the more ... [download for more]