Security News

Patching Is Still a Major Pain Point for Security Pros: SANS Research

A new study from SANS Institute, available July 26, examines endpoint management costs and issues in todays enterprises, including patching, lack of visibility and complexity. The research report also looks at upfront and hidden costs associated with endpoint management, as well as security concerns for when management goes awry.

“Endpoint management remains a critical security vector for most organizations,” says Matt Bromiley, SANS Analyst, incident responder and the author of the survey report. “Numerous factors come into play in determining the success and cost of endpoint management efforts. Organizations need to consider all aspects of ‘costs’ when considering solutions: up-front costs, training, efficacy, ease of use and ongoing maintenance costs, for example.”

The research found that organisational size and complexity, based on the number of operating systems in use, must be considered when organisations choose endpoint management tools. Size and complexity also relate to the lack of visibility that respondents reported, with 33% of respondents taking more than two days to detect security incidents, including patch noncompliance, configuration drift, query reconfiguration or indicators of attack/compromise.

Timely application of patches, typically accepted as an indicator of good cyber hygiene, remains an issue. Almost one-quarter (25%) of respondents have policies that allow at least one month for routine patching of their servers, and 11% need longer than that to install emergency or high-priority patches. For workstations, the policies are a bit more stringent, with 11% allowing more than a month to install emergency patches. A similar percentage take that long for routine patching.

“Even with the majority being able to patch within a month, the importance of timely patching has not diminished,” continues Bromiley. “The lengthy time needed for applying patches is a concern, particularly for servers, because server-side vulnerabilities are often exploited for initial attacker foothold, providing a platform from which to pivot into other areas of the organisation.”

Image courtesy: Atera

Leave a Comment

Your email address will not be published.

You may also like