Dealing With The Dark SideDealing With The Dark Side

Managing The Malware MenaceManaging The Malware Menace

Jenifer JarrielJenifer Jarriel

Vice President of Information TechnologyVice President of Information Technologyand Chief Information Officerand Chief Information Officer

Baylor College of MedicineBaylor College of Medicine

Copyright Jenifer Jarriel, Baylor College of Medicine, 2004. This work is the intellectual property Copyright Jenifer Jarriel, Baylor College of Medicine, 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.otherwise or to republish requires written permission from the author.

AgendaAgenda

Review of 2003Review of 2003The Costs of Viruses and SpamThe Costs of Viruses and SpamBaylor Baylor Attacked!Attacked! What It Has Cost What It Has CostBaylor Case StudiesBaylor Case StudiesHow Did This HappenHow Did This HappenDefeating The Dark SideDefeating The Dark Side– Goals of the initiative Goals of the initiative

What has been completedWhat has been completedWhat is being developedWhat is being developed

– Approach of the initiativeApproach of the initiativeFunding The ForceFunding The Force– Costs for implementationCosts for implementation– Costs savings examplesCosts savings examples

SummarySummaryQuestions & AnswersQuestions & Answers

Review of 2003Review of 2003

2003 was the worst year in computer virus history2003 was the worst year in computer virus historyJan 2003, Slammer worm contributed to the biggest Jan 2003, Slammer worm contributed to the biggest Internet attack ever!Internet attack ever!– Scanned through all 4 billion public IP addresses in just 15 Scanned through all 4 billion public IP addresses in just 15

minutes!minutes!

BugBear.B, Welchi, & Sobig.F worms released between BugBear.B, Welchi, & Sobig.F worms released between June and AugustJune and August– Sobig.F was the worst e-mail worm ever, sending over 300 Sobig.F was the worst e-mail worm ever, sending over 300

million infected emails around the worldmillion infected emails around the world

In August 2003, BCM experienced major attack, losing In August 2003, BCM experienced major attack, losing connectivity to affiliates, affecting over 1/3 of Baylor connectivity to affiliates, affecting over 1/3 of Baylor community, and costing over 100K in remediation effortscommunity, and costing over 100K in remediation efforts

VirusesViruses

This isn’t just a biologic problem……..

Images courtesy of Virtual Virus Library

VirusesViruses

Recent ResearchRecent Research– Costs (Computer Economics, 2002)Costs (Computer Economics, 2002)

• Year Code Worldwide Economic Impact• 2003 SoBig• 2003 Blaster• 2003 Slammer $ 2.5 Billion• 2001 Nimda $ 635 Million• 2001 Code Red $ 2.62 Billion• 2001 SirCam $ 1.15 Billion• 2000 Love Bug $ 8.75 Billion• 1999 Melissa $ 1.10 Billion• 1999 Explorer $ 1.02 Billion

– SoBig Was/Is Faster Spreading Worm EVER! It infected 1 out of every SoBig Was/Is Faster Spreading Worm EVER! It infected 1 out of every 17 messages (InformationWeek, August 2003)17 messages (InformationWeek, August 2003)

– Blaster worm infected 30,000 PC’s an hour– August 2003 saw 75 new Internet viruses categorized at least as a minor threat

(Computerworld, August 2003)

$ 13 Billion

Viruses Viruses (continued)(continued)

Recent Research ContinuedRecent Research Continued– Recent research suggests 113 virus encounters a Recent research suggests 113 virus encounters a

month (Computerworld, March 2003)month (Computerworld, March 2003)– On average 23 staff days were required for virus On average 23 staff days were required for virus

disaster recovery (Computerworld, March 2003)disaster recovery (Computerworld, March 2003)– Average cost to companies was $81,000 (ICSA, 2003)Average cost to companies was $81,000 (ICSA, 2003)

SpamSpam

It’s not just a curious food product…..

SpamSpam

SpamSpam– In January 2003 approximately 42% of all email was spam, but In January 2003 approximately 42% of all email was spam, but

by December 2003 that number had risen to 58% by December 2003 that number had risen to 58% (Internetnews.com, January 2004)(Internetnews.com, January 2004)

– In 2004, spam is expected to comprise 65% of all emailIn 2004, spam is expected to comprise 65% of all email– From May-Dec 2003 Baylor IT found 42%- 46% of all email was From May-Dec 2003 Baylor IT found 42%- 46% of all email was

spamspam

HoaxesHoaxes– Jdbgmgr.exe was first reported in April 2002 (Symantec)Jdbgmgr.exe was first reported in April 2002 (Symantec)– Users at Baylor are still receiving this email message and still Users at Baylor are still receiving this email message and still

responding to it despite multiple warningsresponding to it despite multiple warnings– ““Hoax viruses cost companies and people as much in terms of Hoax viruses cost companies and people as much in terms of

loss of productivity as the real virus.”loss of productivity as the real virus.”

Baylor Attacked!Baylor Attacked!

How often does this happen at BaylorHow often does this happen at Baylor– 4,015 infected files caught by BCM IT between January and March 20034,015 infected files caught by BCM IT between January and March 2003

What it cost in resources What it cost in resources (Just during August 12-22 alone)(Just during August 12-22 alone)

– Over 2100 PC’s were infected by the Blaster and SoBig worms and were Over 2100 PC’s were infected by the Blaster and SoBig worms and were fixed by IT. More were infected in departments with SA’s. fixed by IT. More were infected in departments with SA’s.

– Estimates suggest over 1/3 of Baylor was infectedEstimates suggest over 1/3 of Baylor was infected– Over 2000 IT man hours spent fixing these virusesOver 2000 IT man hours spent fixing these viruses

What it cost financially What it cost financially (Just during August 12-22 alone)(Just during August 12-22 alone)

– Approximately $60,000 (IT only) spent on virus remediation during Approximately $60,000 (IT only) spent on virus remediation during August 12-22 and this is still growing (approx 100k+ now)!August 12-22 and this is still growing (approx 100k+ now)!

Estimated productivity loss of 2.5 days for 2000 employeesEstimated productivity loss of 2.5 days for 2000 employeesEstimated financial loss due to decrease of productivity =$2,400,000Estimated financial loss due to decrease of productivity =$2,400,000Helpdesk volume went from 100 calls per day to over 750 callsHelpdesk volume went from 100 calls per day to over 750 calls

Case StudyCase StudyWorm Attack Began

Case Study (cont)Case Study (cont)

As can be seen from the illustration on the previous slide, the As can be seen from the illustration on the previous slide, the recent worms utilize ICMP (Internet Control Message Protocol) to recent worms utilize ICMP (Internet Control Message Protocol) to actively scan the network looking for vulnerabilities.actively scan the network looking for vulnerabilities.

Since the events in August, activity has dramatically increased Since the events in August, activity has dramatically increased from just under 200 flows/sec to over 1000/flows sec.from just under 200 flows/sec to over 1000/flows sec.

As a result, any system that connects to the network and is not As a result, any system that connects to the network and is not appropriately patched, will likely become infected and will try and appropriately patched, will likely become infected and will try and infect other vulnerable systems.infect other vulnerable systems.

How Did This HappenHow Did This Happen

Review of IT infrastructureReview of IT infrastructure– 39% of all Baylor PC’s no longer have mainstream 39% of all Baylor PC’s no longer have mainstream

support from Microsoft as of December 31, 2003support from Microsoft as of December 31, 2003These include Windows 3.x, 95, 98, ME, NTThese include Windows 3.x, 95, 98, ME, NT

– Unknown (but significant) number of computing Unknown (but significant) number of computing systems using desktop software that are either no systems using desktop software that are either no longer supported, or will no longer have support by longer supported, or will no longer have support by Microsoft as of December 31, 2003Microsoft as of December 31, 2003

These include Office 95, 97, & Office 98 for MacintoshThese include Office 95, 97, & Office 98 for Macintosh

– Every Wednesday Microsoft typically releases a new Every Wednesday Microsoft typically releases a new critical update for their OS’scritical update for their OS’s

How Did This Happen How Did This Happen (cont)(cont)

Review of IT infrastructure (continued)Review of IT infrastructure (continued)– Automatic updates are only available for Windows Automatic updates are only available for Windows

2000 and XP. Typically this is disabled2000 and XP. Typically this is disabled

Review of policiesReview of policies– There is no formal policy mandating Norton Antivirus There is no formal policy mandating Norton Antivirus

be installedbe installed– There is no standardization policy for desktops or There is no standardization policy for desktops or

servers (OS, Hardware, common Applications)servers (OS, Hardware, common Applications)– There is no patch management policy to update There is no patch management policy to update

Baylor computing systems (desktops and servers)Baylor computing systems (desktops and servers)

GoalsGoals

The goals of the IT Asset Management & The goals of the IT Asset Management & Planning Initiative are the following:Planning Initiative are the following:– To support a diverse environment in an To support a diverse environment in an

efficient and cost effective mannerefficient and cost effective manner– To provide a safe, secure, and reliable To provide a safe, secure, and reliable

network environmentnetwork environment– To be proactive in the management of To be proactive in the management of

network intrusions, patch management, and network intrusions, patch management, and asset inventoryasset inventory

What’s CompletedWhat’s Completed

Two commercial anti-spam products were Two commercial anti-spam products were evaluated (IronMail, SpamAssassin)evaluated (IronMail, SpamAssassin)

A phased implementation of commercial anti-A phased implementation of commercial anti-spam products was initiatedspam products was initiated

Increased collaboration with user communityIncreased collaboration with user community

Gained approval for Wireless Network policyGained approval for Wireless Network policy

Gained approval for Virtual Domain policyGained approval for Virtual Domain policy

Gained approval for Web Server Management Gained approval for Web Server Management policypolicy

What’s Completed (cont)What’s Completed (cont)

Upgrade Norton AntivirusUpgrade Norton Antivirus– NAV for Mac OS X now availableNAV for Mac OS X now available– Currently testing NAV 8.1 for future rolloutCurrently testing NAV 8.1 for future rollout

Increased Coordination with Affiliated InstitutionsIncreased Coordination with Affiliated Institutions

Blocking of IP Addresses for Infected SystemsBlocking of IP Addresses for Infected Systems

Proof of Remediation for Infected SystemsProof of Remediation for Infected Systems

System Administrators Roundtable During CrisesSystem Administrators Roundtable During Crises

What’s Being Developed What’s Being Developed

BCM IT developing proposal to implement and BCM IT developing proposal to implement and receive funding for the following:receive funding for the following:– Hardware, software, OS standardsHardware, software, OS standards– Disaster recovery/business continuity plans for Disaster recovery/business continuity plans for

critical systems and applicationscritical systems and applications– Secure BCM network perimetersSecure BCM network perimeters– Implement secure messagingImplement secure messaging– Automatic updatesAutomatic updates– Firewall clusteringFirewall clustering– Additional supporting policies and proceduresAdditional supporting policies and procedures

What’s Being Developed (cont) What’s Being Developed (cont)

BCM IT is developing the following policies BCM IT is developing the following policies and procedures:and procedures:– Corporate Anti-virus Software PolicyCorporate Anti-virus Software Policy– Network scanning PolicyNetwork scanning Policy– Use of non-BCM equipment PolicyUse of non-BCM equipment Policy– Lifecycle Program for Hardware, Software, and Lifecycle Program for Hardware, Software, and

Common Applications PolicyCommon Applications Policy– Asset Management PolicyAsset Management Policy– Patch Management PolicyPatch Management Policy– Enterprise Directory Services PolicyEnterprise Directory Services Policy

Antivirus RequirementAntivirus Requirement

Recommendations Recommendations – Require all IT systems capable of participating (UNIX Require all IT systems capable of participating (UNIX

and Linux do not at this time) in the College IT and Linux do not at this time) in the College IT managed Norton Anti-Virus (NAV) system do somanaged Norton Anti-Virus (NAV) system do so

– Replacement of current non-IT managed anti-virus Replacement of current non-IT managed anti-virus software with the Norton Anti-Virus software with the Norton Anti-Virus

– Assurance the most current version of NAV running Assurance the most current version of NAV running and that users cannot disableand that users cannot disable

– Ability to schedule a mandatory scan of all Ability to schedule a mandatory scan of all desktops/servers if requireddesktops/servers if required

Network ScanningNetwork Scanning

RecommendationsRecommendations– IT authorized to conduct scans of computing IT authorized to conduct scans of computing

systems attached to the IT network as systems attached to the IT network as necessary and appropriatenecessary and appropriate

– Continue to collaborate with departments to Continue to collaborate with departments to assure non-disruption of computing systemsassure non-disruption of computing systems

Non-BCM EquipmentNon-BCM Equipment

RecommendationsRecommendations– Modify Acceptable Use Policy to prohibit use Modify Acceptable Use Policy to prohibit use

of non-BCM computersof non-BCM computers– Exceptions authorized by IT based on justified Exceptions authorized by IT based on justified

business needbusiness need– If authorized, non-BCM computer’s requireIf authorized, non-BCM computer’s require

IT managed anti-virus installedIT managed anti-virus installed

Conform to set IT security requirementsConform to set IT security requirements

Lifecycle ManagementLifecycle Management

RecommendationsRecommendations– Baylor College of Medicine requires that BCM computing assets, Baylor College of Medicine requires that BCM computing assets,

with the exception of servers, be replaced on a four year cycle. with the exception of servers, be replaced on a four year cycle. – Servers are to be replaced on a four year cycle with Servers are to be replaced on a four year cycle with

initiation/planning beginning in year three.initiation/planning beginning in year three.– Operating systems and applications must be upgraded or Operating systems and applications must be upgraded or

replaced to the latest version supported by the manufacturer. replaced to the latest version supported by the manufacturer. – Replaced or upgraded computing assets, operating systems and Replaced or upgraded computing assets, operating systems and

applications must be procured through BCM Purchasing.applications must be procured through BCM Purchasing.– BCM computing assets lifecycle will be tracked by the BCM computing assets lifecycle will be tracked by the

Information Technology Assets Inventory Management System.Information Technology Assets Inventory Management System.

Asset ManagementAsset Management

RecommendationsRecommendations– All BCM Computing Assets must be registered with the All BCM Computing Assets must be registered with the

Information Technology Enterprise Asset Inventory Management Information Technology Enterprise Asset Inventory Management System before they can be connected to the BCM Network.System before they can be connected to the BCM Network.

– Computing systems on the Baylor network must be able to Computing systems on the Baylor network must be able to report to the asset management system the following report to the asset management system the following information:information:

Responsible organizational entity for the system.Responsible organizational entity for the system.Purpose of the system.Purpose of the system.Name of the hardware supplier.Name of the hardware supplier.Warranty and maintenance informationWarranty and maintenance informationOperating system installedOperating system installedApplications installed.Applications installed.Hardware configuration and peripherals installed.Hardware configuration and peripherals installed.Security sensitive information such as presence of confidential data.Security sensitive information such as presence of confidential data.

Patch ManagementPatch Management

RecommendationsRecommendations– Before connecting a new or rebuilt system to the BCM network, any Before connecting a new or rebuilt system to the BCM network, any

initial critical patches must be installed on the system. A CD of the initial critical patches must be installed on the system. A CD of the current initial critical patches can be obtained from the departmental current initial critical patches can be obtained from the departmental system administrator or by contacting the Information Technology system administrator or by contacting the Information Technology HelpDesk at 713-798-8737 or it-support@bcm.tmc.edu.HelpDesk at 713-798-8737 or it-support@bcm.tmc.edu.

– All desktop and laptop computing assets (home and network) must All desktop and laptop computing assets (home and network) must enable automatic installation of critical patches on their operating enable automatic installation of critical patches on their operating systems.systems.

– Any non-BCM computing asset must have installed all critical patches to Any non-BCM computing asset must have installed all critical patches to their operating system before connecting to the BCM network.their operating system before connecting to the BCM network.

– All servers should begin testing critical patches for either the operating All servers should begin testing critical patches for either the operating system or any applications on that server within 24 hours after being system or any applications on that server within 24 hours after being released, and installed within 72 hours.released, and installed within 72 hours.

– The departmental system administrator or Baylor College of Medicine’s The departmental system administrator or Baylor College of Medicine’s Information Technology program may require that certain non-critical Information Technology program may require that certain non-critical patches should be applied. If the notification applies to a system, the patches should be applied. If the notification applies to a system, the patches will need to be applied.patches will need to be applied.

Enterprise Directory ServicesEnterprise Directory Services

RecommendationsRecommendations– All organizational units of Baylor College of All organizational units of Baylor College of

Medicine that maintain Microsoft servers or Medicine that maintain Microsoft servers or desktops will be required to be a part of Active desktops will be required to be a part of Active Directory.Directory.

ApproachApproach

Phased implementationPhased implementation

Implement tools to accurately define project Implement tools to accurately define project scope and pilot patch managementscope and pilot patch management

Requires upgrades on hardware and softwareRequires upgrades on hardware and software

Initiates life cycle managementInitiates life cycle management

Requires funding commitments on an annual Requires funding commitments on an annual basis basis

Phased Approach Implementation Phased Approach Implementation GuidelinesGuidelines

A Three-Phased approach is recommended:A Three-Phased approach is recommended:– Phase 1 Implement Asset & Patch Management Phase 1 Implement Asset & Patch Management

SolutionsSolutions– Phase 2 Central DepartmentsPhase 2 Central Departments

Finance, HR, Office of Development, Legal, IT, Investment, Finance, HR, Office of Development, Legal, IT, Investment, Public Affairs, Facilities, Administration, Office of the Public Affairs, Facilities, Administration, Office of the President, Office of the COOPresident, Office of the COO

– Phase 3 Clinical, Research, and Education Phase 3 Clinical, Research, and Education DepartmentsDepartments

Phased Approach Phased Approach ImplementationImplementation

Phase 1 Recommendations – FY 2004 & 2005Phase 1 Recommendations – FY 2004 & 2005

1.1. Implement patch management solution on enterprise Implement patch management solution on enterprise servers.servers.

2.2. Implement enterprise asset management solution on Implement enterprise asset management solution on enterprise servers. enterprise servers.

Phase 1 estimated costs are $769,000Phase 1 estimated costs are $769,000

****At the same time as Phase 1, also develop and implement new At the same time as Phase 1, also develop and implement new recommended policiesrecommended policies

Phased Approach Phased Approach ImplementationImplementation

Phase 2 Recommendations – FY 2005 & 2006Phase 2 Recommendations – FY 2005 & 2006

1.1. Upgrade hardware and software for all Central Department Upgrade hardware and software for all Central Department computers to Windows XP for PC’s and OS X for Macintosh’s.computers to Windows XP for PC’s and OS X for Macintosh’s.

2.2. Upgrade all Central Department computers with Microsoft Upgrade all Central Department computers with Microsoft Office XP or 2003 for PC’s and Microsoft Office for Mac OS X Office XP or 2003 for PC’s and Microsoft Office for Mac OS X for Mac’s.for Mac’s.

3.3. Patch all Windows 2000 and XP systems in Central Patch all Windows 2000 and XP systems in Central Departments.Departments.

4.4. Visit all Central Department PC and Mac systems and ensure Visit all Central Department PC and Mac systems and ensure Norton Antivirus Corporate Edition is installed, or install if Norton Antivirus Corporate Edition is installed, or install if needed.needed.

5.5. Migrate all Central Department computers to Active Directory.Migrate all Central Department computers to Active Directory.

Phase 2 estimated costs cannot be calculated until Phase 1, Phase 2 estimated costs cannot be calculated until Phase 1, asset inventory is completeasset inventory is complete

Phased Approach Phased Approach ImplementationImplementation

Phase 3 Recommendations – FY 2006 & 2007Phase 3 Recommendations – FY 2006 & 2007The third phase of the project will concentrate on the clinical, research, The third phase of the project will concentrate on the clinical, research, and education (CRE) departments at the College. The following are and education (CRE) departments at the College. The following are the recommendations for phase 2 of this project.the recommendations for phase 2 of this project.

1.1. Upgrade all CRE computers to Windows XP for PC’s and OS X for Upgrade all CRE computers to Windows XP for PC’s and OS X for Macintosh’s.Macintosh’s.

2.2. Upgrade all CRE computers with Microsoft Office XP or 2003 for PC’s Upgrade all CRE computers with Microsoft Office XP or 2003 for PC’s and Microsoft Office for Mac OS X for Mac’s.and Microsoft Office for Mac OS X for Mac’s.

3.3. Patch all Windows 2000 and XP systems in CRE.Patch all Windows 2000 and XP systems in CRE.4.4. Visit all CRE desktop PC and Mac systems and ensure Norton Antivirus Visit all CRE desktop PC and Mac systems and ensure Norton Antivirus

Corporate Edition is installed, or install if needed.Corporate Edition is installed, or install if needed.5.5. Migrate all CRE computers to Active Directory.Migrate all CRE computers to Active Directory.

Phase 3 estimated costs cannot be calculated until Phase 1, asset inventory Phase 3 estimated costs cannot be calculated until Phase 1, asset inventory is completeis complete

Funding The ForceFunding The Force

Summary of CostsSummary of CostsImplement Asset Inventory SolutionImplement Asset Inventory Solution– $125,000 - $200,000$125,000 - $200,000

Implement Patch Management SolutionImplement Patch Management Solution– $569,000$569,000

Upgrade Hardware & OSUpgrade Hardware & OS– $2,988,600 - $4,072,451$2,988,600 - $4,072,451

Upgrade Microsoft OfficeUpgrade Microsoft Office– $176,167$176,167

Install/Ensure All Computers Have NAV CorpInstall/Ensure All Computers Have NAV Corp– $143,000$143,000

Total Total MinimumMinimum Estimated Costs = Estimated Costs = $4,001,767$4,001,767 - - $5,160,618$5,160,618

Cost Savings With Implementation Cost Savings With Implementation ContinuedContinued

– Reduced DowntimeReduced Downtime – The College can expect to save additional money by – The College can expect to save additional money by implementation of standards as less time will be spent recovering systems that implementation of standards as less time will be spent recovering systems that experience failure. In addition, by the consolidation of hardware vendors, it will experience failure. In addition, by the consolidation of hardware vendors, it will become easier to monitor systems that may be prone to failure.become easier to monitor systems that may be prone to failure.

– Quicker Resolution TimesQuicker Resolution Times – With standardization in place as well as the other – With standardization in place as well as the other recommendations, problem resolution times will be decreased because less time recommendations, problem resolution times will be decreased because less time will be spent learning about new systems and software.will be spent learning about new systems and software.

– Quicker Setup TimesQuicker Setup Times – With the standardization of computer software and – With the standardization of computer software and hardware, desktop images can be created which can be quickly installed for hardware, desktop images can be created which can be quickly installed for systems that experience failure, as opposed to rebuilding a system from the systems that experience failure, as opposed to rebuilding a system from the beginning. This alone could save from 20-60 minutes per event.beginning. This alone could save from 20-60 minutes per event.

– Reduced Costs During Virus/Worm Outbreaks Reduced Costs During Virus/Worm Outbreaks – By implementing the patch – By implementing the patch management solution, the College can expect to have significantly reduced costs management solution, the College can expect to have significantly reduced costs related to, lost productivity, data loss, and connectivity to affiliates.related to, lost productivity, data loss, and connectivity to affiliates.

Costs Savings ExamplesCosts Savings ExamplesBased on example of 39% of systems needing replacement:Based on example of 39% of systems needing replacement:

2457 PC setup with standardized configuration2457 PC setup with standardized configuration– 2 hours to create image2 hours to create image– 30 minutes to transfer image to 2456 PC’s (1228 hrs total)30 minutes to transfer image to 2456 PC’s (1228 hrs total)– 1230 hours1230 hours total time to setup 2457 PC’s total time to setup 2457 PC’s– Avg hourly rate of $20.50 = Avg hourly rate of $20.50 = $25,215.00$25,215.00

2457 PC setup with non-standardized configuration2457 PC setup with non-standardized configuration– 2 hours per PC2 hours per PC– 4914 hours4914 hours total time to setup 2457 PC’s total time to setup 2457 PC’s– Avg hourly rate of $20.50 = Avg hourly rate of $20.50 = $100,737.00$100,737.00

Represents a savings of over Represents a savings of over 75%75% using standardized configuration vs. non- using standardized configuration vs. non-standardized configuration!standardized configuration!

Cost Savings ExamplesCost Savings Examples

5000 PC’s need security patch5000 PC’s need security patch– With patch management solution installed no resources need to With patch management solution installed no resources need to

be utilized as it will be automated after hoursbe utilized as it will be automated after hours– Without patch management solution, 5000 PC’s x 20 minutes = Without patch management solution, 5000 PC’s x 20 minutes =

1667 hours x $20.50 = $34,173.501667 hours x $20.50 = $34,173.50

This example is only for 1 patch. Microsoft released a total of 76 critical patches This example is only for 1 patch. Microsoft released a total of 76 critical patches for Windows 2000 and 70 critical patches for Windows XP just in 2003for Windows 2000 and 70 critical patches for Windows XP just in 2003

In the current environment many machines remain un-patched creating In the current environment many machines remain un-patched creating significant vulnerability to Baylor network. In addition, because of extensive significant vulnerability to Baylor network. In addition, because of extensive outdated operating systems on the network, not all machines could be outdated operating systems on the network, not all machines could be patched even with automated solutionpatched even with automated solution

Summary of CostsSummary of Costs

IT has annual budget of approx $15 millionIT has annual budget of approx $15 millionRequesting funding of less than 1% of Requesting funding of less than 1% of total IT budgettotal IT budgetWith prevention of just 1 major virus With prevention of just 1 major virus outbreak, costs of asset management and outbreak, costs of asset management and patch management solutions will have patch management solutions will have 100% payback.100% payback.

SummarySummaryBaylor College of Medicine currently has a well diversified computing Baylor College of Medicine currently has a well diversified computing environment, but this diversity also increases the College’s vulnerability environment, but this diversity also increases the College’s vulnerability to attacks from viruses and worms.to attacks from viruses and worms.

In addition, because of the lack of a lifecycle management policy, over In addition, because of the lack of a lifecycle management policy, over 39% of PC’s and 35% of Macintosh’s will no longer have support 39% of PC’s and 35% of Macintosh’s will no longer have support beyond 2003. This creates substantial vulnerability because vendors beyond 2003. This creates substantial vulnerability because vendors will no longer release new security patches for many of the systems will no longer release new security patches for many of the systems currently deployed throughout the College. If a malicious virus or worm currently deployed throughout the College. If a malicious virus or worm is released, and these systems are unable to be patched, the loss of is released, and these systems are unable to be patched, the loss of data and productivity to the College would be catastrophic. data and productivity to the College would be catastrophic.

Additionally, if the College maintains the current IT infrastructure, then Additionally, if the College maintains the current IT infrastructure, then if the types of attacks occur once again, the IT program would still not if the types of attacks occur once again, the IT program would still not be able to prevent this from occurring in the future, it would just be able be able to prevent this from occurring in the future, it would just be able to restore the network to its previous state. While the one time costs to restore the network to its previous state. While the one time costs may be high, they will be spread over a period of months, AND the real may be high, they will be spread over a period of months, AND the real potential loss to the College would be much greater.potential loss to the College would be much greater.

Questions & AnswersQuestions & Answers

May The Force Be With You, May The Force Be With You, AlwaysAlways

Contact InformationContact Information

Jenifer JarrielJenifer Jarriel

Vice President of Information TechnologyVice President of Information Technologyand Chief Information Officerand Chief Information Officer

Phone:  713-798-1103Phone:  713-798-1103

Email: jenifer@bcm.tmc.eduEmail: jenifer@bcm.tmc.edu