Half of IT professionals struggle to keep up with enterprise patching

Tripwire has published the results of an extensive study conducted by Dimensional Research and Tripwire’s Vulnerability and Exposure Research Team (VERT) on the state of enterprise patch management. The study evaluated the attitudes of over 480 IT professionals involved in patch management and assessed enterprise patch volume and installation trends.

  • 8 years ago Posted in
Patch management plays a critical role in minimizing security risk for enterprise information technology systems. However, according to Tripwire's study, half of the respondents admitted there are times their teams struggle to keep up with, or found themselves completely overwhelmed by, the volume of patches.

"The relationship between patches and vulnerabilities is far more complex than most people think,” said Tim Erlin, director of IT risk and security strategist for Tripwire. “Sometimes patches fix multiple vulnerabilities on specific platforms, but not others. There can be confusion between patches and upgrades, or patches and upgrades may address different, but overlapping sets of vulnerabilities. As the complexity of patch management continues to evolve, it has become more difficult for enterprise patch management teams to achieve and maintain a fully patched state."

Additional findings from the study include:
  • Fifty percent of respondents believe that client-side patches are released at an unmanageable rate.
  • Fifty percent feel their IT teams don't understand the difference between applying a patch and remediating a vulnerability.
  • At least some of the time, 67 percent said they have difficulty understanding which patch needs to be applied to which system.
  • Eighty-six percent said embedded products such as Adobe Flash patches released with Google Chrome updates make it more difficult to understand the impact of a patch.
"When we began this research, we expected patch fatigue to affect a small portion of the industry," said Tyler Reguly, manager of Tripwire VERT. "Instead, we discovered that it is a broad, sweeping issue affecting a wide range of organizations."
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...