9. Users fail to update the product as it evolves
Only one thing is constant about security products: Change. As exploits evolve and new technologies become available, your vendors will make changes in their products, and you must change yours as well. If you don't, you could leave yourself open to attack.
"One of our biggest frustrations in the enterprise anti-virus business is that a lot of companies don't keep their AV software up to date," says Symantec's Foster. "The threat space is constantly changing, and we're constantly changing our product to keep up. But if you don't do the updates, you're not going to get the benefit of those changes."
Roeckl echoes that frustration. "We develop a solution, and then nobody [at the customer site] does the update," he says. Fortinet is addressing this problem for some customers with a new option called FortiGuard, which distributes updates and configuration changes automatically via the company's distribution network.
"That works for a lot of smaller companies, though large companies often want to pre-stage a deployment and test it before they do an update," Roeckl says.
The vendors were careful to distinguish "updates" -- which are typically revisions designed to help the product stop a new exploit -- from "upgrades" or "new releases," in which the vendor adds new functionality to the product. Updates should be done frequently and as quickly as possible without replacing the existing software or appliance; upgrades require a wholesale replacement of older products, and often don't happen until long after a new release becomes available.
"I'm delivering a new release of our anti-virus products every 12 months, but I recognize that a lot of users can't keep up with me," says Symantec's Foster. Anderson says many enterprises can take as long as one or two years to do an upgrade, even if the new software is free under a maintenance agreement.
Whether you're doing an update or an upgrade, it's a good idea to familiarize yourself with a new piece of software before you begin to use it, Roeckl observes. "Occasionally, we'll find a small feature in a product that people really like, so we'll raise its status in the GUI," he says. "At that point, a lot of users will complain because they can't find it in the new release." In making the product more useable, a vendor may change the user interface and cause a temporary panic, he explains. "It's a little like getting Vista, and finding out that it looks a whole lot more like MacOS," he says. "It's a better interface, but it can be confusing to the user at first."
Bottom line: When a vendor updates one of your security products, you should deploy the update as swiftly as possible. Failure to do an update can leave your systems vulnerable to attack.
