- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Using Proactive Depth in Defense to Ease Patch Management Problems
- Abstract
- Information Security experts agree that "Depth in Defense" is a crucial concept in securing information assets for every organization. This concept is often overlooked when discussing a Patch Management strategy. The release of several damaging viruses over the last year continues to prove that being reliant on the reactive nature of patch implementation alone cannot prevent malicious code from impacting information assets. Depth in Defense is the process of adding a layered approach to protection. By choosing a layered approach, if one layer fails there are other layers in place that can provide protection. Even though a layered approach cannot guarantee complete protection, it can greatly limit the number and scope of compromises for any company. This paper will discuss the issues of patch implementation and reactive protection solutions. It will also show how some proactive solutions can add depth and help overcome the challenges created by the reactive nature of patch management. Different layers of proactive solutions will be discussed that will show how to add Depth in Defense. The goal is to help improve overall information protection and ease the critical burden of any patch implementation solution.