Servizi di rete e protezione
Scanner di protezione della rete e strumento di gestione delle vulnerabilità
- A partire da USD 4,00 per IP
Patch Management and Deployment for Small to Medium Sized Businesses
Security patches are additional pieces of software developed to address security vulnerability (and other problems) in software packages; they address flaws and often enable additional functionality. Left un-patched, these flaws can be exploited by an outside malicious entity in order to gain access to your network and the sensitive data contained therein. Once compromised, an un-patched computer on a network can then be used as a portal to infect and take control of other computers. There has been a significant increase in worms, Trojans, viruses and hacker attacks that target known vulnerabilities on un-patched systems. Effective patch management is the first line of defense for networks of any size.
Patch management is an important part of every IT administrator's responsibility. To maintain a secure network, one must ensure that the latest security patches and operating system service packs are installed network-wide. Patch management software also plays a part in adhering to the most recent compliance regulations such as the Sarbanes-Oxley Act and HIPAA, which require enterprises to maintain control of their information assets.
Effective patch management involves not only the discovery of software vulnerabilities but also the subsequent patch deployment to the multiple computers on the network. IT administrators understand the effects that un-patched computers can have on a network. Because they also fully recognize the challenge of ensuring network-wide protection, an easy-to-administer patch management solution has quickly become the tool of choice for IT administrators.
Automatic patch deployment should not be a haphazard process but should follow a pre-set policy based on a patch deployment cycle.
- Detect - Use patch management software to scan for missing security patches. Detection should be automated and should trigger the patch management process.
- Acquire - If the vulnerability is not addressed by the security measures already in place, download the patch for testing.
- Test - Install the patch on a realistic operational environment to ensure that the security fixes are suitable and do not compromise your system.
- Deploy - Allow patch deployment to the other computers on the network. Review this deployment to ensure its success with minimum impact on system users.
- Maintain - Subscribe to notifications that alert you to vulnerabilities as they are reported. Once a new security patch is available, the process is started again.
Automatic patch deployment helps to support technical best practices; meaning patch deployment is no longer a daunting and time consuming job. An automated patch management system reduces the time and money spent dealing with vulnerabilities and protecting the system against attacks. A good system will track multiple machines and deploy the required security patches. Having a solution to manage patches ensures that the business is constantly secure against the threats inherent in operating system and application software. An ounce of prevention, in this case, will save you untold time and money wasted trying to implement several pounds of cure.
Most major attacks tend to occur in the hours immediately following the release of a security patch, as those are the moments when organizations will be detecting, acquiring, testing and deploying the patch, therefore the system will be in a particularly vulnerable state. The common method used by attackers, upon immediate release of a security patch, is for them to reverse engineer the patch in as little time as possible, identify the vulnerability and subsequently develop and release exploit code, thus hitting organizations at their weakest moments.
Good patch management requires a strategic plan, outlining what patches should be applied to which systems at what specific time. It also requires the process to be repeated at intervals to catch and defend against new vulnerabilities and threats which occur everyday.
GFI LANguard™ offre agli amministratori informatici delle PMI una soluzione di gestione automatica delle patch dalla semplice amministrazione, e li aiuterà a proteggere la rete in modo più rapido ed efficace. GFI LANguard si integra totalmente con il server WSUS. L'utilizzo combinato di WSUS e GFI LANguard consente agli amministratori non solo di scaricare e distribuire in modo automatico patch e service pack dei sistemi operativi Microsoft in tutte le 38 lingue da questi supportate, ma anche di distribuire patch su installazioni ISA Server e computer che eseguono Windows NT, nonché patch e software di terzi (possibilità inesistente con WSUS). Fornisce inoltre rapporti personalizzabili relativi alle scansioni eseguite sull'intera rete, tra cui quelli sulle applicazioni e le risorse. GFI LANguard è una soluzione di gestione delle patch conveniente e scalabile, specificamente pensata, anche in termini di prezzi, per il mercato delle PMI.
