Virtual patching to reduce risk

London – In today’s industrial organisations, patching process control system software to remove security vulnerabilities is a regular, ongoing activity fraught with risk.

Significant issues, such as a software regression – a bug that causes a feature to stop functioning as intended – can be the result of installing a patch.

At the same time, there is a potential for the system to become compromised if a patch has not been applied.

The calculation of whether to patch or not is governed by the tradeoff between the risk of installing a bad patch versus the risk of a penetration, which pits two equally important issues against one another.

Patching a critical system may “break it” — but failing to do so could leave it open to security vulnerability.

In addition to the security risk tradeoff, there is a more pragmatic tradeoff on use of resources to complete the patching process.

Whether it is mostly automated or done manually, it involves a certain amount of your valuable resources’ time that must be factored into the overall decision on how often to patch.