Blaster worm could fuel patch mgmt. outsourcing services

The Internet’s latest worm scare could move enterprises beyond simple patch management tools and into full outsourcing of the patch management function.

A destructive Internet worm called Blaster – also known as MSBlast or LoveSAN -infected more than 100,000 PCs last week. It one of a line of viruses and worms that exploit known security vulnerabilities in the Microsoft Windows operating system. Microsoft warned users of the threat on July 16, and issued a software patch to eliminate the problem. Yet, despite the warning, thousands of PCs were disabled by Blaster less than a month later.

Although its behavior is different, Blaster’s method of infection bears a strong similarity to that of another Windows worm, popularly known as Slammer, which infected thousands of PCs earlier this year. Like Blaster, Slammer took advantage of a known Windows vulnerability that had been patched several weeks before. The only machines infected by Slammer were those that had not installed the patch.

Slammer helped to create a whole new category of tools, now known as patch management applications, which are designed to help IT organizations automatically find the devices that have not installed critical patches and then do the installation electronically. These tools have become big sellers for software vendors that offer software distribution and configuration management product suites, including ConfigureSoft, Ecora, Marimba, Novadigm, Novell, Tivoli, and many others, not to mention Microsoft itself.

The introduction of Blaster, however, exposes a problem that Slammer didn’t: the severe lack of human resources that exists in many IT departments. In short, many IT organizations couldn’t find the time to install the patch management technology that might have automated the distribution of the patches that they couldn’t find time to install.

The problem with patch management, as with many other security processes, is that it requires IT staffers to take swift action to prevent problems that might occur at some point in the indeterminate future. In larger enterprises with a dedicated IT security staff, this is a matter of course. But in small and midsize organizations – where tight budgets necessitate staff reductions and security is only one of the desktop administrator’s many hats – patch management is a process that is often put off until there is a real threat. And often when it’s too late.

Blaster could have been prevented if Microsoft’s patches had been installed. Emerging tools for patch management could have automated that installation. Clearly, the problem is not a shortage of adequate technology, but a shortage of time to implement it.

So what can these time-challenged IT organizations do to prevent similar problems from occurring in the future? One answer is out-tasking the patch management process. A number of small service providers, as well as major systems integrators, have begun to develop services that deploy and operate patch management technology on an outsourced basis. Companies with names like Secure Synergy, Shavlik and Unipalm have begun to gain traction with specialized, outsourced services that handle functions such as virus control and patch management, and they may soon become names that are well known in the patch management space.

Of course, larger service providers are also entering the patch management space as well. Security providers and management service providers are launching patch management services, and the large systems integrators are expanding their patch management offerings in support of their security practices. Separately, some of the configuration and software distribution tool vendors are marketing their patch management tools to service providers, and a few are developing ways to deliver their software as a service.

It’s hard to see anything positive coming from the creation of an Internet worm, but just as Slammer put the accelerator on the patch management tool market, Blaster could put some fuel into the development of out-tasked patch management services. Hopefully, the combination of patch management software and third-party services will be enough to stop the next worm from eating into corporate business.