Skip to content

Share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page
PA IN THE MEDIA

Security pre-advisories: A simple way to improve the patch management process

PA Consulting’s cybersecurity expert, Sebastian Hope, comments on security pre-advisories and how companies can improve enterprise security.

The article discusses how patching is a fact of life for IT administrators and although it is essential to maintain security, keeping up with vendors’ patch release cycles is a challenge.

According to research by Ivanti, an IT asset and services management vendor, 71% of IT professionals find patching to be complex and time consuming. Worse still, from a security point of view, 62% said patching often has to give way to other priorities.

Yet despite the hassle caused by patching, some vendors are now starting to alert sysadmins to pending security releases, via pre-advisories.

The article goes on to say that the risk of pre-advisories giving more ammunition to bad actors appears obvious: obtain a vulnerability before there is a patch, and it can be exploited. If vendors give advanced warning through pre-advisories, it could be argued that risk is higher still.

Fortunately, most security researchers feel that the risk is small, or at least small enough to be outweighed by the benefits.

As important, though, is the need to plan for software updates and maintenance, to head off security vulnerabilities as well as costs associated with aging systems.

“The biggest issue is getting the budget, resource and the political will to upgrade systems to current operating systems, let alone patching them routinely,” says Sebastian.

He goes on to say: “Greater advance notice of the need for patching is not the real issue. What is needed is a commitment from the organization to resourcing the upgrades.”

Read the full article in The Daily Swig

Helping to protect and grow your organisation in a digital world

Find out more

Contact the cyber security and digital trust team

Adam Stringer

Adam Stringer

Cate Pye

Cate Pye

Elliot Rose

Elliot Rose

Justin Lowe

Justin Lowe

Laura Marsden

Laura Marsden

Sharad Patel

Sharad Patel

Carl Nightingale

Carl Nightingale