Evolving Patching Strategies For Network Security Defenses

The race to plug network holes before attackers use them is running system managers ragged--so they're throwing up more barriers to stop intruders. In recent years, the common wisdom has been that keeping up-to-date on software patches is key to safeguarding a company's networks against viruses, worms and other pests. But with dozens of flaws being discovered each week, that approach has turned out to be a Herculean task.

"Five years ago, patch management was not a (priority) for operations people. But then the worms came out, and it was patch everything you can and as fast as you can," said Gerhard Eschelbeck, chief technology officer at Qualys, a security information provider. "Now we've entered a phase of being more selective about patching." These days, security professionals are returning to an older strategy, which calls for defensive measures on many levels of the network, from the gateway to the employee's PC.