Novell Home

Novell ZENworks Patch Management Protection from Zotob

zotob worm attacks enterprise networks

Just days after Microsoft disclosed a "critical" new vulnerability (MS05-39) that impacts their Windows 2000 and 2003 operating systems, related worms began propagating across the internet. The most publicized worm is Zotob, although there are a minimum of eleven variants across three worm "families" (Zotob, Bozori, and Ircbot) that are exploiting the vulnerability in Microsoft's Windows Plug-and-Play software. In less than one week, these worms infected and crippled systems at numerous organizations throughout the world, including CNN, Caterpillar, Walt Disney's ABC Network, the United States Government, and many others.

anti-virus software can not prevent worm attacks

While anti-virus solutions are effective at removing known viruses from your network, they are not designed to prevent worm attacks from occurring in the first place - and prevention is always faster, easier and less expensive than a cure. The only effective way to protect your organization from malicious attack is to apply published patches throughout your organization in a consistent and timely manner. Zotob and its derivate began appearing within five days of Microsoft's announcement of the MS05-39 vulnerability and release of the software patch that would prevent attack. And while five days provides plenty of time for hackers to produce their malicious code, it is simply not enough time for a large organization to distribute software patches to thousands of computers. Effective security patch management requires a best-practices approach, with:

  • automated tools for patch deployment
  • ongoing monitoring of patch compliance
  • integration with security policies and procedures

ZENworks Patch Management offers true protection

Despite government mandates such as HIPAA, FISMA and SARBOX, few organizations have an effective process to implement security policies across the enterprise. Security patch management from ZENworks, powered by Patchlink Corporation, enables organizations to proactively manage security threats by automating the collection, analysis, and delivery of security patches throughout your enterprise. Automating this time consuming process can significantly decrease the costs involved in securing your organization from worms, viruses and other malicious threats.

Patch Management life cycle
Click for large view

    

ZENworks Patch Management delivers effective patch management through a well-defined 6-step process:

  1. Patch Acquisition - proactively download patches from major technology vendors into a secure repository
  2. Patch Testing - test each patch against over 250 standard images
  3. Vulnerability Detection - utilize patented "fingerprint" technology to determine if vulnerabilities exist
  4. Threat Assessment - determine the severity of the issue(s) addressed by the patch
  5. Patch Deployment - schedule a deployment of the required patches to production computer or build new packages using Package Editor
  6. Patch Maintenance - continuously monitor to ensure patches are not corrupted

same day protection with ZENworks

On the same day that the patch for MS05-39 was released by Microsoft, it was fully tested, scripted and fingerprinted at the ZENworks security test labs and securely delivered to ZENworks Patch Management Update servers at customer sites. All new critical patches - such as MS05-039 — are automatically downloaded to the ZENworks Update server, and an alert e-mail notification is subsequently sent the system administrator. This automatic patch delivery is critical as in prior worm attacks the vendors patch download site is frequently targeted for distributed Denial of Service (DOS) attacks by the hackers who create the worm variants.

Once the patch is installed on the ZENworks Update server, the ZENworks Update agent will continually scan the entire network to determine which systems are missing the patch, and deliver and install the patch to all vulnerable systems. In the case of a worm attack, the ZENworks subscription service provides both the patch and the worm removal tool — thus providing both prevention against future attack and the ability to auto-disinfect the systems that have already been impacted.

security for today, and tomorrow

While the Zotob worm and its variants have primarily targeted Windows Server systems, it is also crucially important to understand that patch management is not just an issue for the server room. Many previous worm attacks have exploited one of the thousands of vulnerabilities that exist within laptop and workstation computers. With the growth in the prevalence of spyware and browser-based malware, it is only a matter of time before a blended threat emerges that can exploit browser vulnerabilities to gain access to a network and use other modes of attack to target the internal network. The only way to truly secure your network from today's threats is to implement a proactive patch management solution.

ZENworks Patch Management is the leader automated security patch management. ZENworks eliminates the manual, ad-hoc application of patches and the time-consuming task of validating patch levels to deliver a faster, easier way to reduce IT risk within your enterprise. For more information on how ZENworks help you prevent attack, visit us at http://www.novell.com/products/zenworks/patchmanagement/

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.