There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers — a basic step underpinning technology infrastructure in every industry. Yet, staff resources to deal with maintaining servers are not sufficient to meet the workload, said more than half (55%) of respondents in a worldwide survey by CloudLinux and its TuxCare security services.
The survey finds 76% are deploying automated patching procedures and that live patching to fix vulnerabilities is commonly used (47%) to avoid downtime that is normally associated with patching. This is not surprising given the volume of vulnerabilities that are discovered and patched every week. There are simply too many patches to apply to do so manually and information technology (IT) professionals are using automated tools to help keep up with the volume.
Yet, the survey found that manually researching vulnerabilities online is the most commonly used method (75%) in vulnerability management. It suggests that while automation has a place, some organizations have not fully embraced automation – and that automation may not cover all aspects of vulnerability management.
It was learned that nearly half (45%) said they cope with vulnerabilities simply by waiting for the next periodic maintenance window before applying patches. This means that during that period of time their servers remain vulnerable — a less than optimal situation.
A notable finding is that 73% of respondents rely on a single operating system in their server fleets suggesting that organizations value the ease of maintenance of using a single Linux distribution rather than utilizing specialized Linux distributions for different roles. Most commonly used were either CentOS or another CentOS fork.
Respondents were asked what features they would like to see in a patch management tool with the three most desired cited as: fast responses to new critical vulnerabilities and exposures (CVEs) (88%); live patching (75%); and automated comprehensive reporting (70%).