Nov 30, 2009—What You may be Missing – Third Party Application Patches

by Jason ODell, Information Security Manager, and DJ Goldsworthy, Information Security Manager

According to analysts at Gartner, about 90 percent of security breaches are preventable, as they exploit known vulnerabilities that have available patches. Therefore, it’s not surprising that patch management is on the mind of financial institution CISOs and CIOs as a major component of a defense-in-depth strategy.

Remember events such as SQL Slammer, Nimda, and Blaster that occurred in the early 2000s? Back then, the “bad guys” knew that vulnerabilities with available fixes were often left un-patched. Plus, many times, organizations simply could not keep up with the large volume of vulnerabilities by manually updating systems. Thus, the first large paradigm shift for patch management was born with the move from manual to automated patching.

The good news is that patch automation has helped close the gap between patch availability and deployment. Of course, nothing in security is ever static, and patch management is no exception. Although operating system exploits are still popular, the patch landscape has changed again. Specifically, attackers have discovered that the new path of least resistance is to take advantage of numerous vulnerabilities at the application level. So, financial institutions must once again evolve their patch management program to remain diligent against an ever-increasing number of security attacks.

To read the rest of this article, please contact your Gladiator Account Manager and ask to sign up for the Gladiator Technology newsletter, or you may subscribe to our newsletter by going to the bottom left-hand side of our Homepage and filling out the requested information.