(MENAFN Press) Dubai, United Arab Emirates
With the publication of its Analyst Insight on "The Virtues of Virtual Patching," research firm Aberdeen Group raises awareness on alternatives to endless cycle of Patch Tuesdays, emergency patches and workarounds, regression testing and unplanned downtime. Aberdeen's findings show that while current use of patch management is foundational for success, taken by itself it does not differentiate top performance “ in other words, success is not only a function of whether a company patches, but also a function of how.
Selected highlights from Aberdeen's research and analysis include:
On average, about three-fourths (75%) of all companies have current deployments of patch management.
Even if your patching is 100%, some significant residual risks will remain
Vendors in general are unable to keep pace with the number of vulnerabilities and threats: industry sources report that just 58% of the vulnerabilities disclosed in 2011 had vendor patches available on the same day, and 36% still had no patch available three months into 2012.
Based on Aberdeen's research, the average total cost of a security incident was 130K; incidents that involved loss or exposure of sensitive data saw an average total cost per incident of as much as 640K.
An important patch management strategy to consider is to buy more time; virtual patching refers to the strategic deployment of selected compensating controls to provide a kind of protective shield that allows the organization more time to assess, plan, test, and remediate threats and vulnerabilities on a schedule of their own choosing.
Virtual patching is one way that companies deal with security issues in their applications. Aberdeen's research shows that the leading organizations are 2-times more likely (57%) than lagging performers to use virtual patching(26%).
Trend Micro's Deep Securityis comprised of anti-malware, web reputation, firewall, intrusion prevention, integrity monitoring and log inspection technologies in one integrated solution.This server security platform uses virtual patching to protect physical, virtual, and cloud servers and virtual desktops from known vulnerabilities and zero-day exploits without expensive emergency patching. Deep Security leverages both agentless and agent-based protection mechanisms to automatically and efficiently secure virtual servers and desktops, and private and public clouds and accelerate ROI.
"Virtual patching can represent a strong operational and financial case for the business," said Derek Brink, vice president and research fellow for IT Security at Aberdeen Group. "Among several other advantages, it can give enterprises the flexibility to patch on their own schedule, and it can help to mitigate the high opportunity cost of unplanned downtime, which can easily range to tens of thousands of dollars per hour. Companies should give strong consideration to virtual patching as a strategy to augment their traditional patch management processes, and to improve the overall efficiency and effectiveness of managing the vulnerabilities and threats to their IT infrastructure."
Link to Aberdeen Group Report - The Virtues of Virtual Patching