Trying to stay on top of the flurry of patches released each month is tough for most IT managers, but what happens when the patches interfere with each other and also leave your system exposed without you being aware of this?
Patch management isn’t simply about finding out which vendor is releasing which patch on which day, and then applying it to your system, says Neal Gemassmer, Patchlink’s vice-president Asia–Pacific.
Gemassmer, who was in New Zealand recently to talk to partners and customers about the company, says IT managers need to know the patches they’re applying will solve the problem and not create new ones. “You need to be assured the patch will work on your system, that it won’t break an older patch or a patch from a different company and you need to manage the rollout of the patch to your network.”
Patchlink, as the name suggests, offers just such a service. The company tests each patch released by its vendors against a variety of operating systems, applications and hardware profiles. Patchlink offers its service to customers from corporates right down to the home office worker.
“Typically, there are five vertical markets we target: health, government, insurance, banking, mining, and education. But that’s only because they’re thinking about such things before everyone else for regulatory reasons.”
Patchlink offers a centralised management consol that is web-based so it can be operated from anywhere in the world via web browser.
In New Zealand, Patchlink is distributed by LAN Systems, but Patchlink also enjoys a close working relationship with Novell. “Novell’s ZenWorks patch management suite is essentially a re-badged version of our product.”
Gemassmer points to the recent outbreak of the Zotob worm as evidence of the difficulties of patch management.
“Companies typically don’t deploy patches for up to 60 days, but now we’re seeing virus writers coming out with something nasty within three to five days of a vulnerability being announced. That means you’re exposed for a long time.”
Zotob was rated as being of medium severity by most antivirus vendors, but still managed to infect companies including CNN, ABC News, The New York Times, and Caterpillar.
Gemassmer says it’s not simply a case of companies not patching their systems. “In some cases, the patches have been applied but broken by other patches,” he says. “They still show up in the registry, so IT managers are sitting there believing they’re protected but, unfortunately, they’re not.”
Gartner Group estimates that 90% of infections are a result of viruses that are exploiting a vulnerability which already has a patch available. Gemassmer says patches serve two purposes.
“First off, they fix the problem for the IT manager, but the second thing they do is provide a blueprint for the virus writers as to how the exploit will work.”