An important shield against malware: Patch management software

Your body is a network. Every day, different germs and viruses can attack different areas of your body. Each attack has a different effect on your system – a cold can last for a few days, but a serious chest infection might land you into hospital if not treated properly and in a timely manner. However, as the saying goes, prevention is better than cure. And understanding how to prevent or minimize the instances one falls sick is important.

Obvious, you would say, but how many of us do take the right precautions?

The analogy above applies perfectly well to technology and IT networks.  Every day, different forms of malware try to attack your systems and nework, and if an infection occurs, it can result in downtime of critical systems. Repairing the damage can (usually does) cost a lot in money and productivity terms. In a worst case scenario, a single malware infection can bring a company to its knees.

Preventing malware attacks requires expertise and the use of specialized tools but it’s not impossible to do. Malware attacks, in many cases, can be prevented if you have deployed – as a minimum – the following three security measures: anti-malware software, host-based firewalls and patch management software.

Prevention is better than cure

While many organizations deploy anti-spam, antivirus, antispyware, firewalls, anti-phishing, and other basic security software to their corporate network, many tend to overlook patch management. Some don’t use it because of the cost of deployment but many pay little if no attention to vulnerabilities on their system and actually do something about it!

Most security breaches are the result of a software or hardware vulnerability caused by a missing patch. In fact, in 2010 Microsoft issued a record number of 106 security bulletins patching a total of 266 vulnerabilities. If the organization is unaware of the latest updates, holes would be left unpatched on the network – these being excellent targets for malware.

For this reason organizations need to scan for vulnerabilities, identify them, and remediate.

Some administrators try doing this manually; a big no no, because:

  • Patches cannot be managed centrally for the whole network
  • There is no reboot control
  • They cannot answer what patches are installed and where
  • It is difficult to prevent installation of patches that interfere with business environment
  • They do not notify on installation failures
  • Patches are downloaded multiple times (once per machine)

If administrators fail to apply the right patches, malware in its various forms can exploit security vulnerabilities in the operating systems or installed applications.

For this reason it is important to invest in a solid patch management solution. This should automate, download and deploy patching for both operating systems and the most important third party applications – including Adobe, Google, Mozilla and Apple. It should also scan the machines on your network for missing patches and deploy patches as soon as they become available – securing your network from being exploited by malicious users, hackers and virus writers.

There is no ultimate security which can guarantee 100% security. To every action there is always an equal and opposite reaction, and while software companies are constantly updating their security solutions to fight the latest malware, complex malicious code is being written daily. For this reason applying the using a good patch management solution is essential if you are to identify, assess and patch holes in your organization’s IT network.

Additional reading:

Top 10 Security Predictions For 2011

A Patch Management Strategy for Your Network

20 years of innovative Windows malware

This guest post was provided by Christina Goggi on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI network auditing software

All product and company names herein may be trademarks of their respective owners.

make sure you subscribe to my RSS feed!