The two most common actions after companies had a security incident are patching of vulnerable software (62.3%) and the patching or remediation of vulnerable hardware or infrastructure (49.3%), according to the CSI Computer Crime and Security Survey. Would-be exploiters rely on the fact that there is a window of opportunity between the time the patch is created by the developer and the time the patch is deployed by system administrators; indeed some vulnerabilities remain unpatched for up to two years.
Every month the number of vulnerabilities discovered grows, and the risk of not applying a patch in time grows correspondingly.
There was a time where on-demand network scans for vulnerabilities in all the computers on the network could be managed serially from a central console.
However as the complexity of the scan grew, there was no longer enough time to complete the entire network scan, even when run overnight. Consequently it became essential to offload the scanning load onto the target computers by installing a small agent that communicates with the central console.
This effectively parallelized the task, leading to dramatic performance improvements in getting the entire network scan completed.
It also brought other benefits, such as being able to run when the target computers were not on the network, as is commonly the case with laptops, and then communicating results back to the console when the laptop returned to the network.
However, there is more to network security than simply scanning for vulnerabilities. Remediation is essential, especially through patch management and deployment to the machines where the vulnerabilities have been detected.
Typically, remediation takes place from a centralized patch repository, where the service packs, critical security update patches and less critical non-security update patches are stored.
On large networks, and geographically diverse networks – which are typical in multi-site organizations, it can take a long time to remediate vulnerabilities to all machines in the network.
Deploying patches machine by machine from the centralized patch repository across the WAN link uses too much network bandwidth and takes too long.
Instead, it becomes necessary to use a caching solution to offload the remediation load – analogous to the agent solution described above to offload the scanning load.
By designating one of the target machines with an agent installed as a “relay”, patches are copied once from the centralized patch repository over the WAN and then served up many times to local machines that the relay is responsible for, across the local LAN.
Even when a WAN connection is not involved, on very large networks with thousands of workstations, laptops and servers, it can be very beneficial to designate a set of relay agents to speed the deployment of patches when remediating.
The number of types of devices with vulnerabilities which can be exploited is also growing. First servers and workstations, then laptops; next not just PCs but also Macs and Linux computers; now even devices such as printers, switches and routers need to be checked for vulnerabilities in their firmware.
You need a solution that can address all these types of devices, and offer efficient parallelized scanning and remediation through patch deployment.
If only such a solution existed…
It does! GFI LanGuard 2012, which has just been launched, acts as a virtual security consultant by incorporating three vital security tools: patch management, vulnerability assessment and network auditing. It includes agent technology for scanning and relay agent technology for remediation. It includes support for both security and non-security patches from Microsoft operating systems and applications and other third party applications. Finally it scans for vulnerabilities in servers, workstations and laptops; PCs, Macs and Linux computers; printers, switches and routers.