Post Sasser – Harmony? Waiting or Ready for the _next_ time?
I guess we can all reflect on the impact that Sasser bought to us commercially as well as personally to ourselves, our friends and family. Through such events we should take the opportunity to look at our processes for dealing with such crises and then assess the risks by implementing mitigation mythologies to reduce the potential attack vectors.
Microsoft has produced an extremely good document that covers end to end patch management - You can apply this document to any patching management technology.
You can have the best tools in place to deal with such things as Sasser, Blaster etc, but unless you have the right processes in place to manage this, it will fail.
SMS guide to patch deployment (135 pages, plus test plan) –
In order to move out of firefighting mode, and move into a more pro-active enjoyable work environment, we need to show and understand the real dollar value that it costs the business due to down time. If we do this, it gives us the ability to talk to the business in terms they understand – dollars and cents.
Once we do this, we have a greater ability to bargain for the right tools to reduce impact, as we are then all talking a common language.