Is Patch Management Enough to Combat Application Vulnerabilities?

The applications we use every day are essential for our jobs, but they’re also potential points of weakness that businesses must secure. Application vulnerabilities that come from errors or oversights in software code may provide attack vectors that could be used to penetrate an entire infrastructure.

The implications of this kind of breach are serious. The financial costs may be huge, but the reputational damage could be devastating.

That’s why security is big business, and solutions that promise to overcome application vulnerabilities are especially attractive.

But can traditional patch management solutions cope with complex and widespread application vulnerabilities?

The real threat of an application vulnerability

Data from Secunia’s 2014 Vulnerability Review shows that application vulnerabilities are everywhere. In 2013, there were 32% more vulnerabilities found in the examined applications, 16.3% of which were described as ‘highly critical’.

Almost 76% of these vulnerabilities affected third-party programs. That means it’s the threat that isn’t just large in size – it’s diversely spread across many applications on a network.

For many years, Microsoft programs have reflected the core of the average business setup. But patching Microsoft programs alone protects against just 24% of the total risk posed by vulnerabilities.

And with that in mind, traditional patch management only tells part of the story.

One of the toughest tasks for an IT manager is application discovery. Individual machines on a network could be home to third-party applications that are unknown and, as a result, will never be scanned or patched. It is only when all applications are discovered can a conventional patch management solution come into play, applying patches automatically across the whole organisation.

Dealing with application vulnerabilities also means identifying previously unknown weaknesses and reporting them to the application developers, who will go on to create the necessary patch. This is yet another challenge, another element of what would create a full solution for application vulnerabilities.

Patch management is effective, but to meet the real demands on an IT manager, solutions need to go even further.

Written by