Security and vulnerability patching has become one of the top concerns for IT managers, but has also left many IT teams fighting a losing battle as the job of patching competes with day-to-day system maintenance and security tasks.

The patching issue became a more prominent problem for businesses worldwide in 2003 when the Slammer worm was unleashed on the Internet. In the first minute after it started spreading, Slammer doubled the number of web servers it infected every eight seconds. Within 10 minutes, 90% of all vulnerable machines had been infected – leaving businesses with a £500m bill to fix the havoc Slammer created. Yet the patch to fix the vulnerability that Slammer exploited had been available for six months. If the majority of those infected had patched their systems, Slammer would have been a minor blip.

So why aren’t businesses catching on to patching? The bottom line is that many IT teams simply do not have the resources or time. Just researching the 4,000+ vulnerabilities published by security monitoring body CERT in the last year would demand hundreds of man-hours. And although an IT staff may be online regularly to see what patches are released, they cannot be 100 percent sure that all systems are properly patched.

Then there’s the cost issue. Recent research from analysts at The Yankee Group found that it can cost as much as $1 million to manually deploy a single patch in a 1,000-node network environment. The costs include the manual labour involved in fixing problems and system downtime while patches are being applied.

The link for this article located at Security Park is no longer available.