Patch management costs spiral to US$19 million: ISS

Companies that use several different types of network security devices are often doing the same task several different times, according to an executive at one network security firm.

Christopher Klaus, founder and chief technology officer of Atlanta-based Internet

Security Systems (ISS) Inc., said some organizations use firewalls, anti-virus, intrusion detection or prevention systems and spam filtering tools to examine and analyze packets. Each device opens and analyzes the packet, decides whether to block it or allow it through, re-assembles it, routes the packet and then logs the result.

“”It creates a lot of complexity and a lot of repetition,”” Klaus said Thursday at the Canadian launch of the ISS Proventia-M products, held at Toronto’s Westin Harbor Castle hotel. “”With all this complexity, we’re finding a lot of organizations still aren’t protected, even after you put it through the firewall, and put anti-virus in place.””

The Proventia-M, which ISS plans to ship this month, includes firewall, virtual private networking, intrusion detection and anti-virus features. Next year, Klaus said, ISS will add content filtering and anti-spam.

Klaus predicted vendors will release more products that combine several security features in one, because customers will save money in the long term.

One of the major security problems for businesses is the time it takes to install patches on their systems, he said. ISS did a cost analysis and estimated an organization with 1,000 servers could spend nearly US$19 million per year on installing patches.

The estimate was based on four hours per patch, five times per month at US$80 per hour.

“”We ran this past Fortune 1,000 (companies) who said it’s actually a conservative estimate,”” Klaus said.

He added many network managers do not get a chance to install patches before hackers take advantage of software security vulnerabilities and launch attacks.

That view was echoed by Parveen Jain, president and general manager of Network Associates Inc.‘s Santa Clara, Calif.-based McAfee network security technologies group.

Jain was in Toronto Thursday for the launch of Network Associates Inc.’s end node security road map, held at the TSX Broadcast Conference Centre.

Network Associates’ end node security strategy includes software designed to secure clients and servers against attacks. Its first product, Entercept Desktop Edition, is shipping this month and is designed to protect against buffer overflows, worms and other security breaches.

Intrusion detection systems have come under fire in the past because many products simply report breaches and do not always stop attacks.

The McAfee Protection Solutions are designed to prevent malicious code from damaging systems. They are also designed to detect security violations from within the network, such as employees from one department trying to access another department’s confidential data.

Jain said network security breaches cost companies tens of billions of dollars a year, and these figures are only derived from firms that actually admit they’ve been attacked.

The actual damage could be five to 10 times greater, he added.

Comment: [email protected]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs