View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 27, 2006

Patching the enterprise

Patch management continues to cause problems for European businesses. On a regular basis software vulnerabilities and the need for commercial software developers to do better in their design and build approaches are called for. However, one area where self-help opportunities appear to be being ignored is in how the end-users deal with systems patch releases.

By CBR Staff Writer

In a recent security survey carried out by McAfee, there were a number of key findings that suggest that the UK and the rest of Europe continue to struggle with systems release updates, and in particular with the updating and deployment of patch management releases. Key findings included:

* 45% of respondents said that their IT infrastructure is never 100% protected from vulnerabilities.

* More than a quarter (27%) agreed that it takes 48 hours or more from the time a patch is issued to the time that the IT infrastructure is fully protected.

* About one in five admitted that it takes up to a week to roll out new patches.

* Over a third had no idea about how many patches they apply to their business systems in any given six-month period.

* 58% of IT professionals questioned had no idea about how much the deployment of patches is costing their businesses.

* Finally 45% of those questioned do not prioritize which areas of the business are patched first.

Content from our partners
Why email is still the number one threat vector
Why HR must take firm steps to become a more data-driven function
Why enterprises of all sizes must  embrace smart manufacturing solutions

As we all should be aware, systems vulnerabilities do not go away when Microsoft, Oracle, or IBM etc. release a systems patch. A secondary window of opportunity exists for the period of time that it takes to fully deploy each patch.

Therefore, if this laidback and somewhat dilatory approach to self-help was not bad enough, the survey also had a number of other salient findings to impart. These included the fact that, while we, as end-users, are prepared to leave patches in abeyance until a more convenient time, the actual window of vulnerability has shrunk to the extent that attacks can now take place on the same day the vulnerability is announced.

In addition, the range of threat opportunities continues to increase and now takes in delivery models that include spyware, phishing, pharming, instant messaging (IM) and peer-to-peer (P2P), and an ever increasing number of mobile channels.

However, with such a high proportion of European businesses reporting that patch management deployments can take a week or more, it was somewhat gratifying to hear that 35% of Spanish businesses are able to fully protect their networks within one hour of patch receipt. France was reported to be the most inefficient amongst the European markets questioned with 39% of businesses taking over 48 hours to deploy patches and 27% admitting to over a week. Businesses in the UK were not that much better – the respective figures were 30% taking over 48 hours and 22% over one week.

‘Must try harder’ would seem to be the overriding theme of this latest report on patch management performance, and it would not be unfitting to add that only when such efforts equate to significantly reduced patch deployment timescales will end users have earned the right to complain further about software vendor performance.

Source: OpinionWire by Butler Group (

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy