Giving Thanks During the Season of Patching Posted on November 20, 2014 by Tim Burke As the nights grow longer and colder, giving thanks for all that’s warm and light-filled makes wonderful sense. We are, in effect, expressing appreciation for feeling secure and safe. In fact, this is a time of year when it’s a good idea to pay particular attention to security — especially data security. With the season of holiday gift-buying underway, opportunities for data thieves, hackers, and malware abound. This isn’t only a concern for retailers and credit card firms. We’re all vulnerable and we all have to continually tend to the security of our businesses. Don’t overlook the software patch IT security has become so complex for some enterprises that it’s easy to overlook something simple like ensuring that you’ve kept your software — and, notably, your security software — up to date with the latest patches. It’s important to establish an enterprise patching process that you update as your IT infrastructure evolves. After all, each time something changes — new virtual machines, applications, or BYOD — you have a new set of patches to look out for and deploy in a timely fashion. Automating software patching Keeping up with the constant flood of new patches is tough. Last year alone, NIST (the National Institute of Standards and Technology) identified more than 5,100 new vulnerabilities. That’s 14 vulnerabilities per day. Fortunately, you can automate patch management, either with a standalone software solution or via a Cloud/managed service that conducts patch detection and automatically deploys updates. Our own patch management service, which is part of our managed security offerings, proactively and automatically detects, identifies, applies, and tests appropriate patches across our customers’ entire enterprises. Help from major vendors It also helps that major vendors have become more efficient at fixing security issues. Companies such as Adobe, Apple, Google, Microsoft, Mozilla, and Oracle release hundreds of patches each year. As an example, the first patches for the Shellshock bug (also called Bashdoor) were released within hours after the bug was identified, and at least one IT security firm set up a honeypot to track malicious activity. So I’m thankful that today’s IT environment and culture continues to fight the good fight against security threats with efforts such as midnight patches for multiple layers of security to keep our enterprises from being compromised. At Quest, we will continue to do our part, helping customers plan and implement automated patching processes so everyone has a Thanksgiving safe from data threats.