Microsoft recently released a record number of patches on Patch Tuesday, which seems to beg the question: With...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
the growing amount of malware and its ever increasing ability to find and exploit zero-day flaws, is the patching process sustainable? Are there other ways enterprises can respond to software vulnerabilities than by haphazard patching?
The relationship between malware and patches is based on more than just the number of patches. While the number of patches and the frequency of the patching cycle is intended to thwart as many exploits as possible, the sheer volume of patches does make it significantly more difficult to keep up with patching for all of an enterprise's applications, which, in turn, makes it easier for malware to infect systems.
There is also a difference between zero-day flaws -- which are unpatched and initially have no workarounds -- and unpatched vulnerabilities where the vendor or the community has developed workarounds to protect systems.
That said, the patching process can be sustainable as long as you plan for comprehensive patching. You can also minimize the number of necessary patches by only installing essential software, using thin-clients where applications run off of a server and are centrally patched, and hardening endpoints, among other methods. Many of these methods can also be used to minimize the risk from zero-day exploits.
Patching is not the only option enterprises have for minimizing the risks posed by software vulnerabilities. Organizations can isolate systems from the network and maintain good physical security to minimize attacks; they can also use software or operating systems that are less prone to attack, or even choose different software to use on the same platform. Choosing different software that featured security in the software development life cycle could still provide comparable functionality to the vulnerable software, but with more security controls in place to reduce the risk of getting exploited. For example, if you need to use PDF files, you could use an alternative PDF reader like Foxit. The number of zero-day exploits illustrates the current state of software security and its current ineffectiveness at educating developers about and getting them to use secure software development practices. Enterprises could thoroughly investigate systems before they are deployed to understand the software or hardware development life cycle, and maturity of the company or project to ensure it matches the expectations of the enterprise.
Dig Deeper on Microsoft Patch Tuesday and patch management
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.