50% of IT pros find themselves overwhelmed by patch volume

Half of IT professionals are having a hard time keeping up with enterprise patching.

Dimensional Research and Tripwire's Vulnerability and Exposure Research Team (VERT) studied 480 IT pros involved in patch management and assessed enterprise patch volume and installation trends.

Patch management is critical for lowering security risk for enterprise IT systems, however half of the respondents find it difficult to keep up with or feel overwhelmed with the amount of patches.

Half of respondents feel that client-side patches are released at an unmanageable rate. Fifty percent also feel that their IT teams don't comprehend the difference between applying a patch and fixing a vulnerability.

Sometimes, 67 percent say they don't understand which patch needs to be applied to which system. Eighty-six percent said that embedded products such as Adobe Flash patches released with Google Chrome updates make it more difficult to understand the impact of a patch.

“The relationship between patches and vulnerabilities is far more complex than most people think,” said Tim Erlin, director of IT risk and security strategist for Tripwire. “Sometimes patches fix multiple vulnerabilities on specific platforms, but not others. There can be confusion between patches and upgrades, or patches and upgrades may address different, but overlapping sets of vulnerabilities. 

"As the complexity of patch management continues to evolve, it has become more difficult for enterprise patch management teams to achieve and maintain a fully patched state.”