Commitment to patching pays off

We push and pull our computers in directions they were never meant to go, all in the name of increased productivity. In return, the least we could do is defend them against viruses and worms and vulnerabilities. But we tend not to.

Properly done, patching requires a lot of commitment and thought, as the number of fixable vulnerabilities out there is staggering.

“I would say that the majority of the vulnerabilities that we are looking at today have patches that are available,” said Dan McCall co-founder of Guardent Inc.

in Waltham, Mass. That number is probably on the order of 80 to 90 per cent, he added. “Very few vulnerabilities out there in the wild…don’t have patches.”

Patching is a huge problem and it is going to get worse, said Brian O’Higgins, CTO with Entrust Inc. in Ottawa. “And we are losing and falling further behind,” he said.

To reverse the trend, you first need to get a handle on what you are up against. Once the network and its attributes are properly mapped – and going to outside for help in this is not a bad idea – it is time to prioritize the data and applications.

Peter de Jager, an IT consultant based in Brampton, Ont., said all corporate data has to be placed into a security level. Usually four levels provide enough latitude; going from top security at a need-to-know basis down to public access information.

Almost all vendors have subscription-based patching and vulnerability services. When a new vulnerability and accompanying patch is available you

will be e-mailed with a notice. O’Higgins also suggests monitoring third-party Web sites that are devoted to security. There are dozens with update bulletins, of which CERT and SANS are just two.

“Then patch based on mission critical prioritization,” McCall said. “If you don’t have the expert on staff, there are resources out there that you can tap into.”

Once a patch is deemed necessary and properly tested against your applications then, and only then, should it be installed.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now