Evaluation Phase: Identify whether vulnerable versions of IE reside on your network, possibly using a desktop-management system, an asset-tracking system or a vulnerability-assessment tool (network- or host-based).
Response Phase: After finding vulnerable versions of IE, use a patch-management system to push out patches to hundreds of desktops. You might deploy a proxy server or smart caching system (see "Surf's Up") to filter hostile patterns and malicious code. Or you might take a dual approach, using a proxy to buy some time while scampering to get patches deployed.
For most organizations the drill is familiar--we've been patching Microsoft Outlook, IE and dozens more OSs and applications for years. What might be unfamiliar are some of the tools, like vulnerability-assessment suites, patch managers and integrity checkers, that can greatly reduce the overhead. Without the automation that these tools provide, most organizations don't stand a chance against the growing threats.
Varying attack vectors. Staggering release rates. Relentless worms and other malicious code. If attacks are so brutal, can't security tools be just as comprehensive? Unfortunately for us, it's easier to attack than to defend, and even the best tools are no match for skilled foes. However, some toolsets can help defenders perform vulnerability-management tasks more effectively, and let's face it, the good guys need all the help they can get.
The identification effort can be aided by VA (vulnerability assessment) tools, such as network-based and host-based VA scanners and application-assessment suites. Network- and host-based VA tools both look to identify known OS vulnerabilities and common misconfigurations, and instruct users on ways to solve those problems. For example, the typical output of a network-based VA tool is a report of patches and configuration changes that need to be performed on the range of systems scanned (see "VA Scanners Pinpoint Your Weak Spots," page 51).
However, there are differences between host- and network-based models. For instance, network-based VA tools can operate without requiring that agents or software be deployed on the systems to be scanned. This is helpful in large organizations, where teams and administrative realms may be scattered across the globe. The downside is that these tools cannot delve as deeply as their host-based counterparts.