Microsoft Outlines Patch Management, Spyware Plan

In his monthly Security360 Webcast on Tuesday, Nash outlined the Microsoft patch management strategy and predicted huge profits for companies such as managed security service providers (MSSPs) and other solution providers that specialize in this area of security.

"Simply stopping threats isn't good enough anymore," he said. "As the threats become more complex, managing security updates becomes critical to the overall security [of an enterprise] as well."

Specifically, Nash said solution providers must help customers navigate a four-step process of better patch management. That process includes assessing the current inventory of assets on a network, identifying which updates are available, evaluating the updates that are necessary, and deploying them.

Tom Biggi, senior consultant for HP Managed Services, agreed, noting that large companies frequently have a tough time inventorying what they've deployed.

"For many firms, tracking this is virtually impossible," he said. "That's where managed services [and MSSPs] can really play a big role."

Following the patch management discussion, Gordon Mangione, also a corporate vice president in Microsoft's Security Business and Technology Unit, used the Webcast to tackle the subject of spyware.

Mangione opined about Microsoft's recent acquisition of antispyware company Giant, labeling it a "step in the right direction" for Microsoft to incorporate antispyware functionality into its offerings in the months ahead.

"Our customers were asking for this," said Mangione. "We felt it was something we had to do."

According to Mangione, enterprise and consumer customers can expect Redmond, Wash.-based Microsoft to incorporate Giant technology into its offerings within the next 30 days. He said Microsoft will offer antispyware functionality in at least a beta form by the end of January, and that this functionality will be available through ordinary software updates.