White Papers for International Standards Organization (ISO) 27002 (17799)

Managing Patches in Diverse Environments

Patchlink

Organizations run on a complex combination of operating systems, applications, databases and networking platforms, any one of which can instantly expose critical data if hackers exploit a weakness in it. Each vendor faithfully rolls out patches to plug the vulnerabilities in their software, but the sheer number and variety of IT platforms makes it harder than ever to track which patches are available for which software platform; which of these patches are most critical, and to prove to auditors and regulators that the most important patches have in fact been applied.But just as patch management has become more difficult, it has become more important. The number of attacks from hackers, the sophistication of the attacks, and the speed with which they are launched increases every year. Hackers can deploy “zero-day” attacks as soon as a vendor discloses a vulnerability, but before the vendor can release a patch. While attacks on, and patches for, Microsoft Windows get the most attention, other popular applications such as Adobe Acrobat – and open-source software such as Linux – draw more fire from hackers as more organizations rely on them for mission critical systems. Preventing such attacks has become a top concern for CEOs and boards of directors because of stricter regulatory requirements to protect critical systems, and the negative publicity that results from lost or compromised data. For all these reasons, IT and security administrators need a patch management solution that provides coverage for all the platforms they manage. Ideally, such a solution would provide a centralized, common infrastructure that allows them to cost-effectively gather, deploy and track the installation of the thousands of security patches released by key hardware, software and networking vendors on whom their businesses rely.

View the White Paper

Share or bookmarklet this web page at: