According to PC World:  “Microsoft says it will deliver its largest-ever number of security updates on Tuesday to fix flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and the enterprise-grade Forefront Security client software.”

Of the 13 bulletins, eight are rated “critical” by Microsoft, the company’s highest risk rating. Five are deemed “important,” one notch lower on Microsoft’s severity scale. Nine of the vulnerabilities had been previously disclosed, allowing cyberattackers a way to break into Windows systems before the fix was available.

This kind of craziness leads companies around the world to engage in what I call “patch panic” – security administrators and IT management scrambling to try to understand each patch, what systems might be vulnerable, what threats could exploit those vulnerabilities, potential implications to their business (and how many nights and weekends they are going to have to work).  Some companies will spend weeks trying to collect this information to make decisions on which systems to patch and many will patch systems that don’t require it.  Hours, days and weeks of productivity will be lost.  What a waste of time.

The good news is, it doesn’t have to be this way.  McAfee recently announced one of the most creative products I’ve ever been associated with – McAfee Risk Advisor – the first and only risk analytics solution to eliminate the manual, time-consuming and error-prone approach associated with patching efforts.  We do this by correlating threat, vulnerability and countermeasure information to pinpoint which assets are truly at risk for a specific threat.  It works in conjunction with McAfee Labs Global Threat Intelligence and Vulnerability Manager (formerly Foundstone), as well as countermeasures such as McAfee’s Network Security Platform (formerly IntruShield), Host Intrusion Prevention and VirusScan Enterprise to provide a complete picture of risk posture. 

McAfee customers with our Host Intrusion Prevention and antivirus products had protection in place before these vulnerabilities were announced, due to our partnership with Microsoft.  Buffer overflow protection capabilities within these products mean that customers receive out-of-the box protection and are not dependent on signature updates, unlike other vendors’ offerings.  Customers using our Application Control (formerly Solidcore) have absolutely no need to patch those systems, because they are completely blocked from these vulnerabilities.  This week’s news also highlighted the most popular threat trend around malicious sites and web attacks, like last week’s Adobe PDF vulnerability.  McAfee’s Web Gateway protected our customers from these vulnerabilities even before the announcements.

The bottom line is that life in IT security doesn’t have to be a huge process any more – we can eliminate “patch panic” and the countless lost hours, money and downtime that most people now take for granted.  We can also reduce the number of patches that need to be applied and let you apply them when it is least disruptive – drastically reducing patching costs and risks, while improving overall system availability and security. 

We help customers patch on their schedule, not someone else’s.

Over two billion dollars in investments later, we have added some amazing technologies through our own development as well as acquisitions that include SafeBoot, Solidcore, Secure Computing, MX Logic, and the list goes on. We have added new revenue streams and have significantly decreased our dependence on selling just AV. We also have a skipper at the helm in Dave DeWalt that is not shy in making bold moves to aggressively attack our competition.

My walk down memory lane is an interesting exercise as I contemplate the next five years of McAfee. Today I am humbled at the opportunity to become McAfee’s worldwide CTO. As the dominant player in digital security, my first goal is to drive thought leadership with our customers and prospects and to demonstrate that we have what it takes to solve complex security challenges. My second goal is to drive innovation across all our product offerings as we continue to broaden and diversify our portfolio. To achieve these goals I will be assembling the “Office of the CTO” with heavy hitting CTOs across our business units as well as our geography’s.  

There is much work to be done, but I am confident we will continue to beat our competition and deliver world-class security technologies to consumer, mid-market, and enterprise customers. You will be hearing a lot more from the team in the coming months so stay tuned and keep reading our blogs.