Products & Releases

Patch Deployment Continues To Plague IT Security Efforts

Complexity of patch management process keeps many enterprises behind, Shavlik study says
ST. PAUL, Minn., May 19, 2009 -- A survey of US and European IT and security specialists released by Shavlik Technologies, LLC, the market leader in simplifying and automating critical IT operations, suggests nearly half of companies continue to struggle with the fundamentals of security best practices such as deploying patches across all systems connected to their networks.

In the survey of 715 respondents, the majority, 63 percent, identified patch management as one of their top three most critical-to-perform tasks. Despite this, when asked which areas presented the greatest challenges for visibility and control, deployment of patches topped the list with over 42 percent of US respondents (318) and nearly 50 percent of the European respondents (397) citing this issue.

The April survey questioned RSA and Infosecurity Europe conference delegates about their vulnerability management practices and concerns. Globally, the top three tasks identified as critical to perform were patch management; antivirus/antispyware; and configuration management. These rated higher than policy and regulatory compliance auditing and virtual machine lifecycle management. Decentralization of these critical tasks adds an avoidable layer of complexity " most respondents would opt for consolidation of these tasks, if possible -- but it was lack of automation that was identified as the most substantial hurdle to overcome.

Just over half of respondents identified that the lack of automation presented an obstacle for IT departments in their efforts to provide visibility and maintain control in these areas, with 37 percent saying that such an effort was "too time consuming." This outweighed all other options including traditional concerns such as cost and the quality of tools available, both at about 26 percent.

"Organizations are struggling with too much complexity in their security operations. Different tasks are allocated to different parts of the organization while the lack of visibility covering the low-level basic controls prevents them from being cost-effectively executed and monitored," says Mark Shavlik, CEO and founder of Shavlik Technologies.

"There is also recognition that with today's complex networks, particularly with the addition of virtual machines, visibility and control are not possible without automation—at Shavlik Technologies, we have an unwavering focus on technology and processes that simplify and automate discovery and remediation, including flexible options for deployment and management of our solutions, as we continue to solve the problems revealed in this survey."

The survey suggests that the deployment of virtual machines is adding to the complexity with about two-thirds, just under 69 percent, of respondents identifying that their companies were deploying virtual machine technology, and more than half concerned about managing the configuration of virtual machines.

About Shavlik Technologies Shavlik Technologies, LLC is the market leader for simplifying and automating critical-to-perform and manage IT operations including patch management, antivirus + antispyware, configuration management, and policy and compliance auditing. Shavlik's innovative approach to simplifying and automating management of the platform frees up IT staff for initiatives that grow your business without sacrificing the visibility and control needed to ensure system uptime and demonstrate proof of compliance with internal policies and external regulations.

With more than 10,000 customers worldwide, Shavlik is trusted to provide solutions that can be relied upon to identify gaps and automatically and reliably fix systems that are missing patches or don't conform with the corporate-defined configuration baseline. More information can be found at # # #

Editors' Choice
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading