09:10 AM

Credit Union Fights Patch-Management Nightmare

A system from Blue Lane Technologies helps to protect Western Corporate Federal Credit Union while providing time to test software patches.

Software patches can be a double-edged sword when it comes to protecting a company's network. If security administrators delay installation so they can first test them properly, the company is exposed to attacks designed to take advantage of the flaw the patch is suppose to fix. But installing a patch without testing it first can cause its own set of problems.

That's a problem that Chris Hoff, chief information security officer at Western Corporate Federal Credit Union, frequently faces. For a corporate credit union that provides services to other credit unions and moves around a trillion dollars a year, protecting a customer's confidentiality usually is the highest priority. So he'd often install patches before he could completely test them just to reduce the chance of network attacks.

"Nine times out of ten, we had to make decisions on the fly," says Hoff. "We needed help with this complete patch-management nightmare." Once he installed patches, he often had problems trying to uninstall them. Meanwhile, the time available to tests was shrinking as hackers moved quickly to take advantage of software vulnerabilities. And sometimes a patch was worse than the vulnerability itself, he says.

Hoff has been testing an early version of Blue Lane Technologies Inc.'s PatchPoint system, which was rolled out this week. PatchPoint appliance sits on the network in front of a server and consists of a gateway, an Enterprise Manager, and an Active Update Service. The system captures software patches before they're installed on a server, holds the patch and applies it to network IP traffic to see if it causes conflicts with other applications or patches. It also uses the patch to identify and analyze the vulnerability the patch is designed to fix. The system is designed to provide immediate protection while giving a customer time to test the patch before installing it.

A PatchPoint G/250 system supporting up to 30 servers costs $30,500, and there's version that can support up to 200 servers.

"Now Blue Lane authenticates and tells us what patches we need to install," says Hoff. "Blue Lane buys me time for regression tests and the old patch problems don't happen anymore."

Blue Lane takes a unique approach to managing patches and protecting a network, says Rick Ptak, founder of research firm Ptak, Noel & Assoc. "Blue Lane emulates the activity of a patch and keeps any related intrusions from reaching the network," he says, "and protects customers for whatever time it takes them to install a patch."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll