Why should I patch my software and operating system?
When patches first came out most people got them to increase performance, and correct bugs in the program that caused it to crash. Now patches and service packs still fix program bugs, and issues; however most of those issues now revolve around security. Not applying a patch or service pack now can often result in being infected by a virus or being attacked by hackers within a couple days.
What happens is that hackers learn of a vulnerability in a product such as a buffer overflow, or other security flaw. They then write a program to exploit the bug. That program can be a virus, or a tool designed to give them full access to the system. A virus might delete or damage files, it can even cause your system to stop responding or launch an attack on another system. Some attackers will write a program specifically for attacking your systems to gather transactions (such as banks or other financial institutions).
This obviously puts you and your company at risk for losing customers, and compromising customer data. Various legal issues come along with the compromise of customer data such as public announcements of security breeches, and monetary issues as well. In the end, either way you end up losing customers. You might also be held liable for viruses and software planted on your system that attacks other networks.
Testing and Implementation Issues
It is not uncommon for a company to have a testing procedure that patches go through before implementation into production systems. This protects the production systems from potentially defective patches. However there is a drawback to this. Exploits for security bugs are being released almost as fast as they are being found. This reduces the amount of time allowed for testing of patches before implementation. Also with the potential of zero day attacks (attacks released the same day as the vulnerability is discovered) the need for faster patch implementation is mandatory.
How does this service work?
Upon arriving at your site we assess the systems and software that needs to be patched. We can also review your current patch implementation and testing process to see if we can increase the rate at which patches are implemented. After identifying the issues we provide you with a written report (if requested, you may request us to immediately fix what we find) detailing what needs to be done to correct the issues. We can then with your permission begin correcting the issues we have identified.
Last Updated: 03/10/2008 02:52 AM