Cloud & Telecom Security

Entering Internet age, new software vulnerabilities are found every day and the corresponding patches and temporary workarounds are coming with them. The software vulnerabilities may cause system breakdowns or are being exploited at any time. As the mass of installations of the patches costs lots of system resourse or may cause the restarting of the system, and performance decreases. On the other hand, rushing on patch might not be secure or might bring potential dangers to the stability and functionality of a system. How can these problems be solved? The patch and vulnerability management is not only the business of the security administrators but also the focus of the entire IT operation sector. We would like to share our knowledge and best practices on managing patches and vulnerabilities with the industry.

Figures and problems

Lets read some figures first. As reported by Meta Group, a total of 4192 vulnerabilities were found in 2002 and at the same time, as per the real statistic, system administrators cost a total of 1920 work hours to make up all 4 patching to 120 servers. This means that it will take about 4 hours to patch a server – including backup, installation and debugging. Suppose the system administrators are skilled and they can completely learn vulnerability and patch solution within 20 minutes. This needs 172 persons to cost an entire working day for making up the 4192 vulnerabilities. In case of only10% – 413 vulnerabilities – of them are adapted to our own network environment and each correspondent patch is on 10 servers, it needs 2065 persons/day (there are about 10 servers with the same configurations. From these figures we have learnt that by adding up the days of the two persons, there needs to be almost 10 full time administrators, while that doesn’t include the processes of testing and validating the issued patching and the secondary resource consuming resulted from the failure of patching making up. Thus we can see that the patching and vulnerability management has been a huge resource funnel and wastes a lot of system management resources. Read more…