Patching no longer works, says Cisco CSO

By

Patching is dead and costly, according to John Stewart, chief security officer at Cisco Systems, who presented a keynote address at the AusCERT conference on the Gold Coast, today.

Patching no longer works, says Cisco CSO
24/7 online access requirements; sheer volume of client seats requiring patches (especially at an enterprise level,) and surging malware numbers are fuelling the demise of the age-old practice.

“Patching is a deadline of first defense,” Stewart said. “I can’t use patching environments of anti-virus. It’s already the case that we have consumed or over consumed those two technologies in a way to defend.”

In fact, Stewart claimed that to mathematically keep up with the frequency of new malware is now impossible.

Using Cisco as an example, Stewart said applying patches has become problematic as it requires offline time.

“I rely on my infrastructure, I can’t have it offline,” Stewart said. “[And] I only want to patch it when I can take it offline. Those are very restrictive time frames.”

As well as an expensive one he added.

"When a company like Cisco is a 73,000 person company, it has 73,000 seats of anti-virus, it’s a phenomenal amount of capital expense.”

Stewart also called on security professionals to share information and collaborate further.

“One of the things I want to be sure of is that you learn from my mistakes so if you’re about to embark on something, you can learn what we learned and hopefully not repeat some of the mistakes we made,” he said.

“Think about what the hacking community is doing. They’re doing that already, we’re just not.”
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
auscertsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?