Suite works out patching priorities

Internet security specialist SecurityMob will launch a standalone version of its Risk Management System (RMS) suite next month.

The tool is designed to help IT managers to assign levels of priority for patches to be applied to their systems, by amalgamating security data from vendors and security web sites.

SecurityMob chief Lee Fisher said this year Microsoft has issued 43 patches, and that 25 of them were rated critical by the software giant. “If someone followed Microsoft’s advice and patched [all] the critical flaws, they would have patched some that were not being exploited. Meanwhile [other flaws] rated only as serious [were] actively being exploited... I know which systems I would rather have patched first,” Fisher said.

Fisher said the lifecycle of the recent Zotob worm illustrates how RMS can help firms make better security choices. “Zotob arrived on a Wednesday morning, exactly eight days after the Microsoft vulnerability announcement. Within 12 hours of the Microsoft patch announcement we saw three proof of concept [POC] exploits go onto the web. By the Friday before Zotob our risk level had gone to the max because we had seen two trojans and seven POCs. Of course, by the following Wednesday the whole world had caught Zotob.”

Fisher added: “Our customers would have known early which patch they needed to focus their resources on.”

The standalone version of RMS runs on Windows 2003 Server, and will be released in mid-October. The web-based version is available now and is priced at £1,500 + VAT per risk configuration used by the customer.