Tripwire, Inc., a leading global provider of endpoint protection and response, security and compliance and IT operations solutions, today announced the results of an extensive study conducted by Dimensional Research and Tripwire’s Vulnerability and Exposure Research Team (VERT) on the state of enterprise patch management. The study evaluated the attitudes of over 480 IT professionals involved in patch management and assessed enterprise patch volume and installation trends.
Patch management plays a critical role in minimizing security risk for enterprise information technology systems. However, according to Tripwire’s study, half of the respondents admitted there are times their teams struggle to keep up with, or found themselves completely overwhelmed by, the volume of patches.
“The relationship between patches and vulnerabilities is far more complex than most people think,” said Tim Erlin, director of IT risk and security strategist for Tripwire. “Sometimes patches fix multiple vulnerabilities on specific platforms, but not others. There can be confusion between patches and upgrades, or patches and upgrades may address different, but overlapping sets of vulnerabilities. As the complexity of patch management continues to evolve, it has become more difficult for enterprise patch management teams to achieve and maintain a fully patched state.”
Additional findings from the study include:
- Fifty percent of respondents believe that client-side patches are released at an unmanageable rate.
- Fifty percent feel their IT teams don’t understand the difference between applying a patch and remediating a vulnerability.
- At least some of the time, 67 percent said they have difficulty understanding which patch needs to be applied to which system.
- Eighty-six percent said embedded products such as Adobe Flash patches released with Google Chrome updates make it more difficult to understand the impact of a patch.
“When we began this research, we expected patch fatigue to affect a small portion of the industry,” said Tyler Reguly, manager of Tripwire VERT. “Instead, we discovered that it is a broad, sweeping issue affecting a wide range of organizations.”
A white paper with detailed analysis of the study, trend data on security patches across major enterprise software vendors, and practical steps organizations can take to reduce patch fatigue is available here: http://www.tripwire.com/register/combating-patch-fatigue-is-it-overwhelmed-to-the-detriment-of-enterprise-security/.
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″][short_info id=’59580′ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…