Security/Patches Print

Security - PatchesWhich is a greater threat to your mid-market business, internal or external hacking? Internal, from the people who know your business inside and out. The days of being able to have your e-mail servers, domain controllers and ERP servers on the same subnet with no access controls between workstations and servers is over. Yet, internal security is often put on the back burner while the perimeter is being fortified.

IS&T can develop and implement a security solution, utilizing a variety of tools and practices such as audit trails that can protect your environment internally and externally without hindering your business processes or communication.

Your mid-market business probably has somewhere between 20 and 250 PCs. How long does it take to install and test software updates on each of those computers? Plenty of time and energy, especially if the job is being done manually, one at a time, right? Of course, there's more to software updating, or patching, than installation and testing. You also have to deal with and worry about, compatibility. What steps are your people taking to prevent the patches from crashing your systems? How are they deploying the solutions to prevent your lines from becoming saturated? And what about integration, do you have a methodology in place to make sure everyone is using the same software today and tomorrow?

Partner with IS&T and we can take care of your patch challenges. We'll bring a breadth of ideas and tools, including automation technology, to your environment to keep your systems up-to-date and running smoothly throughout the years.
The following table shows an example of how to prioritize patches based on criteria, along with the recommended and maximum timeframes associated with each. Some organizations prefer to use a color coding system versus a numbering scheme. The colors associated with each priority are also provided below to show how each line up. This table helps set the priority of a patch when it is released. However, if an organization already has compromised systems within their environment, this table does not apply.

Priority

Priority Color Criteria Recommended Timeframe Maximum Recommended Timeframe
1 -- Emergency Red Organization is vulnerable, an exploit has been published and other organizations are being affected by the exploit Within 6-12 hours Within 12-18 hours
2 -- Critical Orange The organization is vulnerable, but no known exploitation of the vulnerability Within 48 Hours Within 2 weeks
3 -- Urgent Yellow The vulnerable technology exists in the environment, but the vulnerability is difficult to exploit Within 1 week Within 2 weeks
4 -- Important Green The vulnerable technology exists in the environment, but it is difficult to exploit, and the risk to the organizations systems is limited or low Depending on availability, deploy a new service pack or update rollup that includes a fix for this vulnerability within 1 month Deploy the software update within 2 months
5 -- Informational Blue The vulnerable technology does not exist in the environment Depending on availability, deploy a new service pack or update rollup that includes a fix for this vulnerability within 3 months Deploy the software update within 5 months or may choose not to deploy at all