Patch-management products must be married with vulnerability-assessment tools. These products will produce a financial payoff. Centrally deploying and monitoring patches, thereby avoiding the cleanup from a worm attack, for instance, saves time and money.
Policy management goes hand in hand with patch management. This becomes particularly valuable in a cross-platform environment, where centralized management of all systems is important. If you're running an all-Windows environment and simply need to enforce a common desktop policy, use the Group Policy Object. If you want to audit and enforce policies outside the GPO's scope, a policy-management system such as Bindview bv-Control, ConfigureSoft Enterprise Configuration Manager or Pedestal Software Security Expressions is probably worth the time and money. Policy-management systems' main value comes from imposing order over chaos. If you document and enforce your organization's network configurations, however, you may not benefit from these systems. Compare your methods with the compliance checking these products offer.
The policy-management vendors are hawking compliance templates for the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act of 2002 and other regulations or initiatives. Although the policy templates may be useful, you still need to comb through them to ensure that they address your specific regulatory needs. Furthermore, these products come with support costs. Agents must be deployed or administrative accounts gathered up so the products can query the managed hosts. In light of other security-spending needs, you can accomplish the same thing with a few good books on network policy definition and Web resources.
By now, you should have host, desktop and perimeter protection on your mind while you rethink your patching and policy-management strategies. Yet your network remains vulnerable: Remote users are traveling time bombs.
VPN technologies such as IPsec (IP security) and PPTP (Point-to-Point Tunneling Protocol) secure remote access. PPTP is used because it's simple to configure, but IPSec is more secure. Unfortunately, both technologies have serious deployment limitations. Neither one provides standardized NAT-T (network address translation traversal), and IPsec offers no remote IP address management without proprietary modifications by vendors.
IETF's IPsec Working Group is close to finalizing IKE (Internet Key Exchange) version 2, which addresses NAT detection and traversal, remote-node IP configuration, and support for legacy-authentication mechanisms. But client support and protocol access through firewalls remain thorny issues. Fat clients can be preinstalled and managed centrally, and can perform advanced protection tasks, such as configuration checking. However, remote users may be on a network that doesn't allow IPsec VPN connection, or at a kiosk with no way to install software. In many cases, an SSL VPN can replace IPsec VPN, providing equal or better protection.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
