I'm tired of attempting to manage the patch cycle, and watching other organizations stop productive work to do the same. We need a better way to defend ourselves.



Unfortunately, one reason the patch cycle has not been replaced is that people are making fortunes by promoting the fear associated with unpatched systems. Patch alerting services, pay-to-play patch vendors and automated patching tools. You name it. There's a service or product for it.



I ask organizations to look beyond the patch issue and force vendors to come up with some creative ways to move beyond the exploit/patch cycle. Little will change until we vote with our wallets.



Now, before you start inundating me with marketing slicks and web links, here's what I am NOT looking for:

• A tool, program or mechanism that makes patching easier. If organizations have more than a few systems, they should already be using something besides sneaker net to patch. Also, if that were the problem, it would have been solved years ago.
• Any whiz-bang firewall thingees or perimeter protection systems. Again, if port blocking or traffic analysis at the perimeter were the solution, the problem would be solved.
• Last, please don't send me anything to do with NAC. NAC is a component. It is not the end-game of network security. It won't save us, and in many cases, it's not even a good fit for an organization's strategy.

So, spend some time thinking about the patching problem. How can your organization create a framework that allows your environment to be less affected by patch problems and pointed exploits? Maybe even dream about what that would be like and then tell a few vendors or open-source folks about your ideas.

You can send your ideas to me here.

MicroSolved, Inc.

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine