Adding security patches to software is a "horror show," says Paula Chesbrough, senior vice president and IT director at Eagle Bank in Everett, Mass.

"You cannot do it during daytime hours when users are on the system because it requires a reboot," explains Chesbrough, adding that "sometimes patches conflict with other software."

MEETING FEDERAL REQUIREMENTS

Indeed, Microsoft Corp. (Redmond, Wash.) alone issues more than 200 patches annually. Since patch management is one of the practices that federal banking and insurance regulators look for, it's vital for banks to get their update processes in order.

In response, Chesbrough has deployed the latest functionality in network systems monitoring technology from SilverBack Technologies Inc. (Billerica, Mass.) Its patch management solution is designed to help mid-tier company IT staffs automate their vulnerability assessments and deploy the correct fixes.

Chesbrough notes that her IT department-consisting of herself, a network administrator and staff-can spend as much as 30 to 45 percent of their time documenting compliance to meet federally-mandated requirements. "We need to be able to demonstrate...that...