Taipei, November 14, 2012 – With the publication of its Analyst Insight on "The Virtues of Virtual Patching,” research firm Aberdeen Group raises awareness on alternatives to endless cycle of Patch Tuesdays, emergency patches and workarounds, regression testing and unplanned downtime. Aberdeen's findings show that while current use of patch management is foundational for success, taken by itself it does not differentiate top performance – in other words, success is not only a function of whether a company patches, but also a function of how.
Selected highlights from Aberdeen’s research and analysis include:
On average, about three-fourths (75%) of all companies have current deployments of patch management.
Even if your patching is 100%, some significant residual risks will remain
Vendors in general are unable to keep pace with the number of vulnerabilities and threats: industry sources report that just 58% of the vulnerabilities disclosed in 2011 had vendor patches available on the same day, and 36% still had no patch available three months into 2012.
Based on Aberdeen’s research, the average total cost of a security incident was $130K; incidents that involved loss or exposure of sensitive data saw an average total cost per incident of as much as $640K.
An important patch management strategy to consider is to buy more time; virtual patching refers to the strategic deployment of selected compensating controls to provide a kind of protective shield that allows the organization more time to assess, plan, test, and remediate threats and vulnerabilities on a schedule of their own choosing.
Trend Micro’s Deep Security is comprised of anti-malware, web reputation, firewall, intrusion prevention, integrity monitoring and log inspection technologies in one integrated solution. This server security platform uses virtual patching to protect physical, virtual, and cloud servers and virtual desktops from known vulnerabilities and zero-day exploits without expensive emergency patching. Deep Security leverages both agentless and agent-based protection mechanisms to automatically and efficiently secure virtual servers and desktops, and private and public clouds and accelerate ROI.
”Virtual patching can represent a strong operational and financial case for the business,” said Derek Brink, vice president and research fellow for IT Security at Aberdeen Group. "Among several other advantages, it can give enterprises the flexibility to patch on their own schedule, and it can help to mitigate the high opportunity cost of unplanned downtime, which can easily range to tens of thousands of dollars per hour. Companies should give strong consideration to virtual patching as a strategy to augment their traditional patch management processes, and to improve the overall efficiency and effectiveness of managing the vulnerabilities and threats to their IT infrastructure.”
Link to Aberdeen Group Report - The Virtues of Virtual Patching
About Trend Micro
Trend Micro Incorporated (TYO: 4704; TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ global threat intelligence data mining framework, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.
Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://newsroom.trendmicro.com/ and as part of an RSS feed at www.trendmicro.com/rss. Or follow our news on Twitter at @TrendMicro.