By Will Sturgeon, 6 November 2003 17:10
NEWS Businesses are favouring a 'selective but effective' approach to patch management - rather than frantically trying to be up to date with every patch released.
A poll among silicon.com readers revealed that 49.5 per cent of respondents believe they patch everything they need to, while not necessarily worrying about every patch which they hear about.
The result shows a wising up on the part of IT managers who previously may have let the hype which surrounds patches govern their management strategy.
However, 22.6 per cent still aren't prepared to take any chances, favouring a catch-all policy of being up to date on every patch.
Most worrying though was the fact that 15 per cent of respondents said 'reactive' best described their patch management strategy - which basically equates to shutting the stable door after the horse has bolted.
Speaking to silicon.com Jay Heiser, principal analyst at TruSecure, said companies now need "to identify and recognise which are the big vulnerabilities and protect themselves against those" if they are to effectively manage their systems and not be distracted by the chore of applying non-critical patches at a time when they would be best served concentrating on other tasks.
Comments
There is 1 comment. Join the discussion
1. Richard Ash
Applying 10 patches at once takes barely more time than applying 1 if done as a batch. Why not do the lot in weekly or monthly batches? - no posibility of a loophole remaining unpatched. I used to do this monthly as an end user, which stopped MS blast dead in it's tracks, with all machines ready patched. Time - a couple of hours per week manual roll-out, less for automated systems.