Article

Threat management: Assessing patch rankings

Shawna McAlearney, News Editor

Patch Tuesday is nearly upon us again. October's record onslaught of 10 Microsoft bulletins -- seven of them ranked critical -- to patch 22 flaws caused many security managers to drop everything and rush to patch. But how can you determine just how critical an update is for your organization?

Determining what to patch and when is one of the most problematic issues facing enterprises. An expert panel at the recent Information Security Decisions conference in Chicago said the ever-diminishing window of time between a vulnerability's announcement and an exploit's release makes it crucial to analyze and patch the areas most likely to be attacked first.

"I always urge folks to rate the patches themselves," said Eric Schultze, chief security architect at Roseville, Minn.-based Shavlik Technologies. "Patches are often rated arbitrarily.

"Is a 'critical' patch critical to your organization?" asked Schultze. "Look at the risk involved." For example, a denial of service is ranked as a low-level threat by Microsoft, but could be critical to an online bank, he said.

Jesse Horowitz, the technology manager at financial giant Wells Fargo, said a generic rating system is almost impossible to use because business impacts are different for every company and in different industries. He suggests assessing the business worth of the system and creating a detailed inventory so you know what is vulnerable and where it is. Also, "if an exploit in the wild has a high business impact,

    Requires Free Membership to View

we would rush to apply the patch without the normal testing."

Knowing where those vulnerable systems are being used plays an important role, but, cautioned Schultze, keep in mind that desktops and Web servers are equally vulnerable to a remote exploit.

A word of caution: Don't assume your patches are properly applied. Schultze recommends looking at the patch file to verify that it's on your system. "Sometimes patches get overwritten," he said.

Added Horowitz: "Always test your system to make sure the vulnerability is actually remediated [by the patch]."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: