Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

8/20/2019
07:00 AM
Kacy Zurkus
Kacy Zurkus
Edge Articles
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

5 Ways to Improve the Patching Process

So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Previous
1 of 6
Next

In theory, anyone who depends on software should patch a vulnerability as quickly as possible. That goes for consumers as well as enterprises. In hindsight, Equifax would likely agree. The major breach of 2017 was, in part, the result of a failure to patch in a timely manner, writes security thought leader Kevin E. Green. But there are many reasons why patching doesn't happen quickly. Or at all. 

According to the "2019 Vulnerability and Threat Trends Research Report," published by Skybox Security, part of the problem is security teams are overwhelmed by the number of new vulnerabilities — 16,000 were reported last year — making patching rather unmanageable. Some organizations can't patch quickly because the risk of downtime far surpasses that of the vulnerability. Still others don't have a patching policy in place that identifies who is responsible for patching what and when.

"When you consider that [quality assurance] testing should take place before a patch is rolled out, and that many organizations have to work around defined 'downtime windows,' it becomes clear that every organization, every day of the year, is vulnerable to known attack vectors," says Bob Noel, VP of strategic relationships for Plixer.

So how can security teams make patching a smoother process? Here are five ways. 

Image Source: MyCreative via Adobe Stock

 

Kacy Zurkus is a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition's security portfolio. Zurkus is a regular contributor to Security Boulevard and IBM's Security Intelligence. She has also contributed to several publications, ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
8/20/2019 | 7:52:33 AM
Point 6
DO IT!!!!!!!!!!!   All the planning and good intents in the world are worthless unless somebody takes responsibility and actually DOES the patch upgrade, otherwise we create volumes of worthless protocols and waste time.  
Cartoon Contest: Bedtime Stories
Flash Poll