Virtual patching: a way out of the patch maelstrom

By Tim Ayling, Director for Channels and Marketing, Trend Micro

One of the biggest problems data centre owners have today is patching.

It’s a burdensome, costly, and time-consuming affair that’s often done manually and, given the current threat landscape, can leave mission critical systems open to new threats for dangerously long periods. Typical datacentres today may be running systems from a hotch potch of vendors that need patching, all with different schedules and different levels of criticality. Oracle’s patch load is legendary, while Microsoft’s Patch Tuesday is written on the calendar of most system administrators in double thick red pen.

Add to this complexity the fact that many systems are going out of support and no longer have patches issued you get another headache for the IT department. Then try multiplying this a thousand fold in the environment of a cloud service provider, tasked with keeping secure a data centre servicing hundreds of thousands of users.

These businesses are increasingly differentiating on the security and stability of their services – in this context a missed patch could lead to a serious outage or security incident, bad headlines and an exit of customers.

Today’s patch managers have an unenviable task, not least because of zero day threats. As soon as a vulnerability has been discovered or publicly announced the clock is ticking. Make no mistake; the bad guys have their own SLAs to produce an exploit before the vendor gets there first with a patch of their own. It’s then the job of the overworked system administrator to make sure their systems aren’t exposed, and in virtual environments it can be even more challenging.

The most important thing to remember is that security teams can’t shoe-horn their tried and tested physical security tools and techniques into virtual environments.

It needs to be virtual patching. If organisations simply don’t have the resources to patch more often than every 3-6 months, virtual patching can provide a sticking plaster to fix the issue and protect the relevant systems from vulnerabilities until those patches are applied. It should be an agentless virtual patching system which protects at a hypervisor level, because inserting agents onto each VM will degrade performance.

The benefits are obvious. It’s all about performance, cost and security. If automated, virtual patching can save valuable man hours, as well as extend the lifespan of legacy applications which are no longer supported, and reduce the business disruption caused by emergency patches.

More importantly, for the cloud provider it means peace of mind and knowing your customers are safe.

+ posts

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

How AI is Transforming Customer Communication Management

Business communication has evolved over the years. Today, it's...

Investment Opportunities for Startups and Technologies in AI 

Although artificial intelligence developed from niche technology has become...

Four Surprising Lessons I’ve Learned Leading Tech Teams

Techies. Geeks. Boffins. Whatever your organisation calls its IT...

A Business Continuity Cheat Sheet

Right, let's be honest. When you hear "business continuity,"...

Challenges of Cloud & Ultima’s Solution to Transform Business

With the way that AWS and Microsoft dominate technology...