It is a daunting task to keep up with and apply security and software updates for a computer network. Many users ignore the prompts to download updates, and systems go un-patched for long periods of time, exposing the network, and the business it supports to security breaches. The problem is compounded when users connect to the network from their home computers that are often compromised with viruses or other back-door security holes. Most successful computer attacks exploit well-known vulnerabilities, for which patches exist.

Impact BT provides patch management and deployment services as part of the proactive maintenance plan. Patch management is not just scanning and applying patches. Often, patches need to be deployed in a test environment then undergo an approval process or require multiple steps to deploy. Impact BT provides the tools and infrastructure to enforce policies and to easily address the complexities of security and software patch deployment.

Patch management is a complex process, but we can distill the process into six general steps. The importance of each stage of the patch process- - and the amount of time and resources required for it - will depend on your organization's infrastructure and overall security posture.

Step 1: Develop an up-to-date inventory of all production systems, including OS types (and versions), IP addresses, physical location, custodian and function.

Step 2: Devise a plan for standardizing production systems to the same version of OS and application software.

Step 3: Make a list of all the security controls you have in place--routers, firewalls, IDSes, AV, etc.--as well as their configurations. This list will help you decide how to respond to a vulnerability alert (if at all). It also gives you more time to react.

Step 4: Compare vulnerabilities against your inventory/control list. First, you need a reliable system for collecting vulnerability alerts. And second, you need to separate the vulnerabilities that affect your systems from those that don't.

Step 5: Classify the risk. Assess the vulnerability and likelihood of an attack in your environment.

Step 6: Apply the patch! This is the hard part. Deploying patches without disrupting uptime or production.

Vulnerability and patch management isn't easy. But by following these general steps, you'll be way ahead of the curve when the next worm comes knocking at your network door.