Greater aggression and sophistication needed

IT organisations will have to be more aggressive in testing security patches and more sophisticated in deploying them if they are...

IT organisations will have to be more aggressive in testing security patches and more sophisticated in deploying them if they are to protect their systems against future Sasser-type attacks, analysts have warned.

Mark Nicolett, research leader for security at Gartner, said users should start quality assurance (QA) testing as soon as a critical security update patch is released. "Once an attack is in process, organisations are confronted with poor choices if QA testing has not been completed," he said.

Nicolett said user problems with last month's MS04-11 patch followed a typical pattern. QA testing was done by most users, but when an updated version of the patch was released, that configuration was often not tested.

The problems some users faced with the modified patch causing problems on their Windows configuration were an "unfortunate consequence" of the need for speed, said Nicolett. The outages associated with rapid patching are now part of the "carrying cost" of the Windows environment, he added.

Nicolett said best practice for patching was to adopt a wait-and-see approach, but this was not possible for critical alerts. "[Generally, users should] wait for a period before production installation to allow time for the discovery of secondary effects by others and the documentation and generation of fixes for secondary effects," he said.

Jan Sundgren, an analyst at Forrester Research, said users should narrow down the pool of patches to a small set of those that the organisation needs to apply quickly.

"Interim measures will also be necessary," he said. "Sometimes blocking a certain [firewall] port on enterprise and personal firewalls might be best even if it disrupts some services for a period of time."

Sundgren said policy enforcement technology that denies network access to computers that have not been updated or properly configured could also help.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.