Dealing With the Patch Management Quagmire
In a world in which IT security is more important than ever, software patches are playing an increasingly important role as companies look to plug holes in their applications before the bad guys can exploit them. Naturally, one would assume that after decades of perfecting the practice, the patch release and deployment process would be relatively seamless by now. Not so fast, though: It turns out that companies are struggling to manage the speed and complexity of patch releases, and, to make matters worse, many of those responsible for patching can't distinguish this activity from remediating vulnerabilities. That's the top takeaway from a recent study, "Combating Patch Fatigue," conducted jointly by Dimension Research and security vendor Tripwire. "The relationship between patches and vulnerabilities is far more complex than most people think," said Tim Erlin, director of IT risk and security strategist for Tripwire. "There can be confusion between patches and upgrades. Or patches and upgrades may address different, but overlapping sets of vulnerabilities. As the complexity of patch management continues to evolve, it has become more difficult for enterprise patch management teams to achieve and maintain a fully patched state."