Microsoft recently released a record number of patches on Patch Tuesday, which seems to beg the question: With...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the growing amount of malware and its ever increasing ability to find and exploit zero-day flaws, is the patching process sustainable? Are there other ways enterprises can respond to software vulnerabilities than by haphazard patching?
The relationship between malware and patches is based on more than just the number of patches. While the number of patches and the frequency of the patching cycle is intended to thwart as many exploits as possible, the sheer volume of patches does make it significantly more difficult to keep up with patching for all of an enterprise's applications, which, in turn, makes it easier for malware to infect systems.
There is also a difference between zero-day flaws -- which are unpatched and initially have no workarounds -- and unpatched vulnerabilities where the vendor or the community has developed workarounds to protect systems.
That said, the patching process can be sustainable as long as you plan for comprehensive patching. You can also minimize the number of necessary patches by only installing essential software, using thin-clients where applications run off of a server and are centrally patched, and hardening endpoints, among other methods. Many of these methods can also be used to minimize the risk from zero-day exploits.
Patching is not the only option enterprises have for minimizing the risks posed by software vulnerabilities. Organizations can isolate systems from the network and maintain good physical security to minimize attacks; they can also use software or operating systems that are less prone to attack, or even choose different software to use on the same platform. Choosing different software that featured security in the software development life cycle could still provide comparable functionality to the vulnerable software, but with more security controls in place to reduce the risk of getting exploited. For example, if you need to use PDF files, you could use an alternative PDF reader like Foxit. The number of zero-day exploits illustrates the current state of software security and its current ineffectiveness at educating developers about and getting them to use secure software development practices. Enterprises could thoroughly investigate systems before they are deployed to understand the software or hardware development life cycle, and maturity of the company or project to ensure it matches the expectations of the enterprise.
Dig Deeper on Security patch management and Windows Patch Tuesday news
Related Q&A from Nick Lewis
Malware is increasingly using DNS tunnels to aid in data exfiltration. Expert Nick Lewis explains how the attacks work and how best to defend against...continue reading
Researchers warned about the rise of a new cross-site scripting flaw involving same-origin policy. Expert Nick Lewis explains the vulnerability and ...continue reading
Malware authors are adopting software wrapping to hide malicious code and avoid detection. Expert Nick Lewis explains how to defend against the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.